news

Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: A-DATA 16GB Turbo Compact Flash Link: http://www.techpowerup.com/reviews/AData/16GB_Turbo_Compact_Flash Brief: A-DATA is pushing the performance envelope with their Turbo series of CF cards. The series goes up to 16 GB and aims to give you the best possible performance - if you are willing to pay for it.

Hello, - Too Human Climbing The Skill Tree: Human Path Trailer and Screens http://www.gamershell.com/news_54706.html - Lower Prices for OmniGSoft Titles http://www.gamershell.com/news_54704.html - Randy Jones Joins Postal III http://www.gamershell.com/news_54702.html - QuakeCon 2008 Events Line-Up Announced http://www.gamershell.com/news_54700.html - Carnival Games for DS in Stores http://www.gamershell.com/news_54698.html - Sid Meier's Civilization Revolution Ships http://www.gamershell.com/news_54696.html - Golf: Tee It Up! Released http://www.gamershell.com/news_54694.html Best Regards, GamersHell.com Staff =============================================================================

Greetings, Overclockers Online has posted a new review. A news post would be greatly appreciated. Title: Samsung 2263UW LCD Monitor at Overclockers Online Link: http://www.overclockersonline.net/?page=articles&num=1841 Quote: Samsung's SyncMaster 2263UW is truly an interesting bundle combining the specifications of a high end display with the functionality of integrated multimedia capabilities. With a stunning 8000:1 contrast ratio, and 5ms response time, the 2263UW is truly a solid contender. Thanks for the post. Best regards, Simon _______________________________________________

Hello, - Salvation Screens #5 and Q&A http://www.gamershell.com/news_54692.html - Pro Cycling Manager - Tour de France 2008 Screens #6 and Trailer #3 http://www.gamershell.com/news_54690.html - Numen: Contest of Heroes Screens #15 http://www.gamershell.com/news_54688.html Best Regards, GamersHell.com Staff =============================================================================

Hello, - Hedgewars 0.9.5 Free Full Game http://www.gamershell.com/news_54686.html - Disciples III: Renaissance New Details/Concept Art #2 http://www.gamershell.com/news_54682.html - Chaos Online Concept Art and Details http://www.gamershell.com/news_54680.html Best Regards, GamersHell.com Staff =============================================================================

Hi all, We have just published a review of Zalman GS1000 PC case. If you could post a link on your site that would be very much appreciated. *Link: http://www.bit-tech.net/hardware/2008/07/09/zalman-gs1000/1* *Picture: http://images.bit-tech.net/content_images/2008/07/zalman-gs1000/1.jpg* *Quote: *Zalman has quite the reputation in the field of PC hardware, in the same way that BMW has quite the reputation in the field of cars. They both offer innovation, buckets of build quality, and for the most part, impressive performance, in exchange for massive chunks of your pay packet. What do we have here? Low and behold, Zalman has made a case, and remarkably kept the price tag at a level that we mere mortals can not only afford, but can genuinely consider as an alternative to the usual suspects of PC cases. Could this be the 1-series of PC cases? * *Cheers guys! Tim Smalley www.bit-tech.net

Hi all, We have just published a review of Alienware Area-51 m15x notebook. If you could post a link on your site that would be very much appreciated. *Link: http://www.bit-tech.net/hardware/2008/07/10/alienware-area-51-m15x/1* *Picture: http://images.bit-tech.net/content_images/2008/07/alienware-area-51-m15x/sb02.jpg* *Quote: *When you get right down to it, the Alienware Area 51 m15x is solid, but only marginally groundbreaking. There are a number of little things and touches which might help make the m15x stand out, mainly in terms of the adjustable colour schemes and the overall look and feel of the excellent keyboard, but for each one there's also a drawback. Besides, adjustable colour profiles may look fancy, but are functionally redundant. Still, niggles and nags aside the performance and style on offer here is very good, even if you do have to pay a premium. Gaming notebooks are an odd creature in that they aren't ever really intended to be notebooks as much as they /desktop replacements/. Even then, this is slightly more portable as a 15.4" rather than a 17". * *Cheers guys! Tim Smalley www.bit-tech.net

Hi everyone, While any of us could walk into our local computer hardware store at any time and pick up an external hard disk, many of us want something more than a simple off-the-shelf unit, particularly when the more upgrade-happy individuals amongst us find ourselves with spare hard disks lying around just begging to be put to use. It's largely for this reason that quite an industry has built up around the sale of external hard disk enclosures, offering up the opportunity to use a hard disk of your choice within an enclosure which often offers more flexibility than an off-the-shelf external drive. Today, we'll be taking a look at just such an enclosure, in the form of Vizo's Luxon Advanced unit. Read on to find out both how it looks and performs. Vizo Luxon Advanced hard disk enclosure review "A closer look at the PCB of the Luxon and we can see that as well as supporting eSATA and USB 2.0 interfaces externally, it is actually also capable of supporting either an IDE or Serial ATA hard drive internally. While Serial ATA is now by far the most prevalent standard in the desktop hard disk market, if you're looking to reuse an old drive as a backup device or the like then the Luxon's capability of supporting an IDE drive may well be most welcome." http://www.elitebastards.com/cms/index.php?option=com_content&task=view&id=589&Itemid=27 As always, a news post on your site would be hugely appreciated, and we guarantee to reciprocate by posting any news items received from yourselves. Many thanks! Regards, Hanners Elite Bastards ------------------------------------- Elite Bastards News Letter www.elitebastards.com

CentOS Errata and Security Advisory 2008:0583 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0583.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: db5dc92919072cfad2d6e73b5370daf8 compat-openldap-2.3.27_2.2.29-8.el5_2.4.i386.rpm 107401e8ef26343a3bb83450bdb5b16a compat-openldap-2.3.27_2.2.29-8.el5_2.4.x86_64.rpm 02c867e27cd69a70a31d2ccd64a2e841 openldap-2.3.27-8.el5_2.4.i386.rpm f211441ebcf6ceebc6d1b1cf1ab001d5 openldap-2.3.27-8.el5_2.4.x86_64.rpm bba30608b8a6ebcaec25151168fc5c51 openldap-clients-2.3.27-8.el5_2.4.x86_64.rpm 982c89dbb9de790b2a6dbb8f3669bfcf openldap-devel-2.3.27-8.el5_2.4.i386.rpm 834319f05131f6425f320611a2bc45ea openldap-devel-2.3.27-8.el5_2.4.x86_64.rpm f3f2347c7372b690cc8251950a5e93e2 openldap-servers-2.3.27-8.el5_2.4.x86_64.rpm fabebfd602803f639f2dbf926c0ce460 openldap-servers-sql-2.3.27-8.el5_2.4.x86_64.rpm Source: 20e65c6edbc0522e017c00ae1fb9ac31 openldap-2.3.27-8.el5_2.4.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos ( -at -) irc.freenode.net _______________________________________________

CentOS Errata and Security Advisory 2008:0584 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0584.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 4cfba549f6586536dd4b6d41f5ffe14a finch-2.3.1-2.el5_2.i386.rpm e8b15357285ff047b542fb2d2b3815ae finch-2.3.1-2.el5_2.x86_64.rpm aad2d01f126b8f92f29e0b7ee79811f7 finch-devel-2.3.1-2.el5_2.i386.rpm 0aa8db4ed1553187047374e8171889b3 finch-devel-2.3.1-2.el5_2.x86_64.rpm fba6d2868766814e0075d53ca59e03c5 libpurple-2.3.1-2.el5_2.i386.rpm de8726a752875a7747fdd9a09e6c8953 libpurple-2.3.1-2.el5_2.x86_64.rpm cdce84835b944c5bca2a797f7cc866a0 libpurple-devel-2.3.1-2.el5_2.i386.rpm efdacc53ff4807d9fe6a1d0ba0c1f210 libpurple-devel-2.3.1-2.el5_2.x86_64.rpm 61c93a7851c7fc9c20ced4cf1df4acb8 libpurple-perl-2.3.1-2.el5_2.x86_64.rpm 04bb58179c359363a7a77138d0b6973a libpurple-tcl-2.3.1-2.el5_2.x86_64.rpm abb1869d6e8d0c8819716548925743d0 pidgin-2.3.1-2.el5_2.i386.rpm 588d4771c338a31b74994307fd327ec8 pidgin-2.3.1-2.el5_2.x86_64.rpm 6551a4fc1afc7725f959f7f1edd5c073 pidgin-devel-2.3.1-2.el5_2.i386.rpm b21b8877c515ac42051fb683ef902802 pidgin-devel-2.3.1-2.el5_2.x86_64.rpm 04e3faaaf284fcfa65830e6d75ce8c12 pidgin-perl-2.3.1-2.el5_2.x86_64.rpm Source: c593f263ca1a65193acf2947129d05fd pidgin-2.3.1-2.el5_2.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos ( -at -) irc.freenode.net _______________________________________________

CentOS Errata and Security Advisory 2008:0583 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0583.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: b468dec55b2e41c222613fe663ba8c2f compat-openldap-2.3.27_2.2.29-8.el5_2.4.i386.rpm ec44dbd6a9792d9310f2e3b93c3281c5 openldap-2.3.27-8.el5_2.4.i386.rpm 71617f0521eb553d20681d65c49535d1 openldap-clients-2.3.27-8.el5_2.4.i386.rpm 70d1d4f559c6f190904d1e7390bfd828 openldap-devel-2.3.27-8.el5_2.4.i386.rpm 95dc263e3542a0a775ec3afd01d6972c openldap-servers-2.3.27-8.el5_2.4.i386.rpm 4a8fdab98d277b463c291c20433e738a openldap-servers-sql-2.3.27-8.el5_2.4.i386.rpm Source: 20e65c6edbc0522e017c00ae1fb9ac31 openldap-2.3.27-8.el5_2.4.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos ( -at -) irc.freenode.net _______________________________________________

CentOS Errata and Security Advisory 2008:0584 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0584.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 4cfba549f6586536dd4b6d41f5ffe14a finch-2.3.1-2.el5_2.i386.rpm aad2d01f126b8f92f29e0b7ee79811f7 finch-devel-2.3.1-2.el5_2.i386.rpm fba6d2868766814e0075d53ca59e03c5 libpurple-2.3.1-2.el5_2.i386.rpm cdce84835b944c5bca2a797f7cc866a0 libpurple-devel-2.3.1-2.el5_2.i386.rpm 56dab65da9e04c6f34cbeb77d03117c7 libpurple-perl-2.3.1-2.el5_2.i386.rpm 4b43e594dbcaf0a0919e965816a0b47a libpurple-tcl-2.3.1-2.el5_2.i386.rpm abb1869d6e8d0c8819716548925743d0 pidgin-2.3.1-2.el5_2.i386.rpm 6551a4fc1afc7725f959f7f1edd5c073 pidgin-devel-2.3.1-2.el5_2.i386.rpm 4892cf851777827450931773ec1c3204 pidgin-perl-2.3.1-2.el5_2.i386.rpm Source: c593f263ca1a65193acf2947129d05fd pidgin-2.3.1-2.el5_2.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos ( -at -) irc.freenode.net _______________________________________________

Force3D Radeon 4850 & 4870 tesdted <http://www.guru3d.com/article/radeon-4850-and-4870-review-force3d/>'>http://www.guru3d.com/article/radeon-4850-and-4870-review-force3d/> We dropped their name already a couple of times yet with this article I'd like to introduce a new company called Force3D. Force3D is a Hong Kong based company that opened it's doors earlier this year. Their focus is placed completely at AMD's ATI graphics solutions. Their timing could not have been better with the 4800 release, so today we'll review two of their 4800 series products, the Radeon HD 4850 and 4870. Link towards article: http://www.guru3d.com/article/radeon-4850-and-4870-review-force3d/ <http://www.guru3d.com/article/radeon-4850-and-4870-review-force3d/> --

A news post would be great. OCC has published a new review on the Tagan A+ CS-Monolize Here is a quote from the review: Quote: "Having used many cases that I felt had good airflow made me skeptical of how well two giant 250mm fans would be able to balance the airflow in and out of the chassis while keeping the components from sitting in stagnant air and cooking. Tagan has done an excellent job making sure there is an avenue of escape for all of the air being pushed into the case. The venting on the top, sides, front and rear panels all allow the 300+ C.F.M to flow through almost completely unobstructed. You can really feel the airflow moving out of the vents. Initially, I was thinking there was no way that the volume of air would be turned over enough to not have a positive case pressure and create areas of stagnant air. That hunch got stronger when I realized there were no additional fans to help move the volume of air being ingested. Before checking the specifications on the fans, I measured the incoming airflow on each fan and was surprised that my measured numbers came within 5 C.F.M. of the rated flow. A bonus!" Title: Tagan A+ CS-Monolize Review Link: http://www.overclockersclub.com/reviews/tagan_a_csmonolize/ Img: http://www.overclockersclub.com/siteimages/articles/tagan_a_csmonolize/9_thumb.jpg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2008-191-03) New seamonkey packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues. More details about the issues may be found here: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey Here are the details from the Slackware 12.1 ChangeLog: +--------------------------+ patches/packages/seamonkey-1.1.10-i486-1_slack12.1.tgz: Upgraded to seamonkey-1.1.10. This release closes several possible security vulnerabilities and bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/seamonkey-1.1.10-i486-1_slack11.0.tgz Updated package for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/seamonkey-1.1.10-i486-1_slack12.0.tgz Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/seamonkey-1.1.10-i486-1_slack12.1.tgz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-1.1.10-i486-1.tgz MD5 signatures: +-------------+ Slackware 11.0 package: d5c533c6017b90b5fae6d3a7bf2cb111 seamonkey-1.1.10-i486-1_slack11.0.tgz Slackware 12.0 package: f3f7cf6af09930549d2157f5f9494394 seamonkey-1.1.10-i486-1_slack12.0.tgz Slackware 12.1 package: 0308f33d311223d7870506d56db174a2 seamonkey-1.1.10-i486-1_slack12.1.tgz Slackware -current package: a8ad327e049eb96c94970c81cc16758e seamonkey-1.1.10-i486-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg seamonkey-1.1.10-i486-1_slack12.1.tgz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2008-191-02) New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to address a security problem. More details may be found at the following links: http://www.isc.org/sw/bind/bind-security.php http://www.kb.cert.org/vuls/id/800113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 Here are the details from the Slackware 12.1 ChangeLog: +--------------------------+ patches/packages/bind-9.4.2_P1-i486-1_slack12.1.tgz: Upgraded to bind-9.4.2-P1. This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache Poisoning Issue. This is the summary of the problem from the BIND site: "A weakness in the DNS protocol may enable the poisoning of caching recurive resolvers with spoofed data. DNSSEC is the only full solution. New versions of BIND provide increased resilience to the attack." It is suggested that sites that run BIND upgrade to one of the new packages in order to reduce their exposure to DNS cache poisoning attacks. For more information, see: http://www.isc.org/sw/bind/bind-security.php http://www.kb.cert.org/vuls/id/800113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.3.5_P1-i386-1_slack8.1.tgz Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.3.5_P1-i386-1_slack9.0.tgz Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.3.5_P1-i486-1_slack9.1.tgz Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.3.5_P1-i486-1_slack10.0.tgz Updated package for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.3.5_P1-i486-1_slack10.1.tgz Updated package for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.3.5_P1-i486-1_slack10.2.tgz Updated package for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.3.5_P1-i486-1_slack11.0.tgz Updated package for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bind-9.4.2_P1-i486-1_slack12.0.tgz Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.4.2_P1-i486-1_slack12.1.tgz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.4.2_P1-i486-1.tgz MD5 signatures: +-------------+ Slackware 8.1 package: c693e1ae4997c7cc23c0051ec1c90796 bind-9.3.5_P1-i386-1_slack8.1.tgz Slackware 9.0 package: 24326f563c6588a0541f3409bc7298cd bind-9.3.5_P1-i386-1_slack9.0.tgz Slackware 9.1 package: 67178dd97006cf4cf3543704c82741b8 bind-9.3.5_P1-i486-1_slack9.1.tgz Slackware 10.0 package: a12c9e8304c5a7e285fa4df7d4b9756b bind-9.3.5_P1-i486-1_slack10.0.tgz Slackware 10.1 package: 6209e4a5f9693451279b0d02795b9bd8 bind-9.3.5_P1-i486-1_slack10.1.tgz Slackware 10.2 package: e1c6d74c787fa3b7f3a5905fef206206 bind-9.3.5_P1-i486-1_slack10.2.tgz Slackware 11.0 package: d354a0118388bb0f3fd32fa79166746a bind-9.3.5_P1-i486-1_slack11.0.tgz Slackware 12.0 package: 5b1087e6a0dc79ebf06144f44d5bb52f bind-9.4.2_P1-i486-1_slack12.0.tgz Slackware 12.1 package: da76550505d62f0d902b710a078d1020 bind-9.4.2_P1-i486-1_slack12.1.tgz Slackware -current package: c255530e46f4cff8080a20b6c8d12443 bind-9.4.2_P1-i486-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.4.2_P1-i486-1_slack12.1.tgz Then, restart the nameserver: # /etc/rc.d/rc.bind restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2008-191-01) New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and 12.1 to fix security issues. More details about the issues may be found on the Mozilla site: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox Here are the details from the Slackware 12.1 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-2.0.0.15-i686-1.tgz: Upgraded to firefox-2.0.0.15. This release closes several possible security vulnerabilities and bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-firefox-2.0.0.15-i686-1.tgz Updated package for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mozilla-firefox-2.0.0.15-i686-1.tgz Updated package for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/mozilla-firefox-2.0.0.15-i686-1.tgz Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/mozilla-firefox-2.0.0.15-i686-1.tgz MD5 signatures: +-------------+ Slackware 10.2 package: c40f3e45eccdfad760101bbb2bf92961 mozilla-firefox-2.0.0.15-i686-1.tgz Slackware 11.0 package: c40f3e45eccdfad760101bbb2bf92961 mozilla-firefox-2.0.0.15-i686-1.tgz Slackware 12.0 package: c40f3e45eccdfad760101bbb2bf92961 mozilla-firefox-2.0.0.15-i686-1.tgz Slackware 12.1 package: c40f3e45eccdfad760101bbb2bf92961 mozilla-firefox-2.0.0.15-i686-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-firefox-2.0.0.15-i686-1.tgz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security ( -at -) slackware.com +------------------------------------------------------------------------+

Hello, OCIA.net has posted their review of the GELID Solutions GC-1 Thermal Compound. Below is a direct quote from the review: "Today we have for review one of GELID's first products ever, their thermal compound, GC-1. I've seen a lot of thermal compounds hit the market and pass it by, and often times it seems as though it will take something absolutely astonishing to overshadow the great name of Arctic Silver 5. Even though many pastes out there perform better, have better features (not electrically conductive, doesn't have a burn in period, etc.) and are cheaper than Arctic Silver 5, it seems impossible to knock it from its thrown." Direct Link: http://www.ocia.net/reviews/gelidgc1/page1.shtml Image Link: http://www.ocia.net/images/icons/319.jpg Site Link: http://www.ocia.net A news posting on your site would be greatly appreciated. Thanks in advance for your support! Thanks, OCIA.net Staff http://www.ocia.net

Big Stone Phone Ships iPhone Apps: TalkingPics, iGraffiti & Twittelator - Published on 07/10/08 Big Stone Phone Company has released for immediate download via Apple's new App Store 3 new incredible apps for the iPhone: TalkingPics, record audio and take photos, iGraffiti, take photos and fingerpaint on them and share on the web, and Twittelator - a full Twitter client that is 100% free! Big Stone Phone is collaboration of Andrew Stone, Jeff Biggus and Ollie Wagner. Albuquerque, NM - Big Stone Phone is proud to announce the release of three brand new applications for the iPhone. All three applications make use of the iPhone's built in camera, but with differing intentions - one app, TalkingPics, has many practical applications, while another, called iGraffiti, is just pure fun. The third application, Twittelator, is a full-featured Twitter client for the iPhone with the ability to send a map of the user's location with one click and automatically upload snapshots to TwitPics.com. TalkingPics allows the user to make many voice and music recordings for later playback. You can add a new snapshot, a library photo or even a map of your current location using the iPhone's GPS functionality. Think of it as "sonic captioning," allowing users to "make notes" without using a keypad or stylus to enter words. You can have many projects, which each contain as many entries as you like. The software has many practical applications, as developer Andrew Stone pointed out. "We designed it for working professionals such as doctors, police officers, real estate agents and any profession where people need to take visual and audio notes in a hands-free way. And of course, students will love it, especially the introductory price of just $9.99!" said Stone. iGraffiti lets users take a picture and then paint on it using the tip of the finger on the iPhone's touch screen. Users can adjust brush stroke, shadow and effects, and can choose from a 48-color "crayon" palette picker for their paint colors. Making use of the iPhone's motion features, users can shake the iPhone once to delete the last action, and shake twice to start from the beginning. Users can also pull images from the web for manipulation with iGraffiti, and then submit their art to the web. "We've been having a lot of fun with this one," said Stone. "Finished images can be saved in Photos and emailed to friends, used as Contact pictures or can even be shared with the iGraffiti community over the web. Visit Stone Software's website to see the public art space. At $4.99 USD, it's a must-have app!" Twittelator lets you instantly twitter a link to the map of your current location to the popular social networking site Twitter. In an emergency, you can microblog a help message with your location with just one click. With all the standard features of a twitter client, Twittelator is a must-have application for Twitter users. Most importantly, Twittelator is 100% free! Big Stone Phone is the result of a collaboration between two well-known Apple developers, Andrew Stone and Jeff Biggus and an award winning Mac artist, Ollie Wagner. Mr. Stone is the founder of Stone Design of Albuquerque, makers of Stone Works Creative Suite that bundles together 17 productivity applications for Mac OS X. The Suite includes Create, a page layout and web publishing program, iMaginator, an image manipulation program, and Videator, a video effects and VJ'ing program along with more than a dozen others. Mr. Biggus is a Chicago-based consultant who runs the popular HyperJeff OS X website for Mac users and developers. Mr. Wagner creates icons for applications on the Mac and iPhone. "Developing for the iPhone is so much fun," said Stone. "It's a new frontier. Part of the fun comes from knowing that there are tons of other developers out there trying to make great software for this incredible device. We're just one of hundreds if not thousands of groups on the planet trying to make something great." The applications are available for download and use today directly from your iPhone by clicking "App Store". Direct links to the apps will be posted at their website. Big Stone Phone Home: http://www.stone.com/bigstonephone Big Stone Phone iPhone Version: http://www.stone.com/iPhone/ iGraffiti Icon: http://www.stone.com/bigstonephone/images/iGraffiti_icon.png TalkingPics Icon: http://www.stone.com/bigstonephone/images/talkingPics_icon.png Twittelator Icon: http://www.stone.com/bigstonephone/images/twittelator_icon.png iGraffiti Guide: http://www.stone.com/iGraffiti_Users_Guide/ Big Stone Phone is the result of a collaboration between two well-known Apple developers, Andrew Stone & Jeff Biggus and an award winning Mac artist, Ollie Wagner. Mr. Stone is the founder of Stone Design of Albuquerque, makers of Stone Works Creative Suite that bundles together 17 productivity applications for Mac OS X. The Suite includes Create, a page layout and web publishing program, iMaginator, an image manipulation program, and Videator, a video effects and VJ'ing program along with more than a dozen others. Mr. Biggus is a Chicago-based consultant who runs the popular HyperJeff OS X website for Mac users and developers. Mr. Wagner creates icons for applications on the Mac and iPhone. ©2008 Stone Design Corp and Big Stone Phone. ### Andrew Stone CEO 505-345-4800 andrew ( -at -) stone.com Katie Graunke Big Stone Phone 505-345-4800 *******

This is a multi-part message in MIME format... ------------=_1215658839-11275-7244 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:142 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ruby Date : July 9, 2008 Affected: Corporate 3.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) ..%5c (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. (CVE-2008-1145) Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. (CVE-2008-2662) Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. (CVE-2008-2663) The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. (CVE-2008-2664) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the REALLOC_N variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. (CVE-2008-2725) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the beg + rlen issue. (CVE-2008-2726) Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. (CVE-2008-2376) The updated packages have been patched to fix these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376 _______________________________________________________________________ Updated Packages: Corporate 3.0: 078849cb78d43bbe44aed5faba17ce36 corporate/3.0/i586/ruby-1.8.1-1.10.C30mdk.i586.rpm 0c7e275a33a125c790cd109d67ff7355 corporate/3.0/i586/ruby-devel-1.8.1-1.10.C30mdk.i586.rpm 1e30796a41e440eb9a1ca6589737bd88 corporate/3.0/i586/ruby-doc-1.8.1-1.10.C30mdk.i586.rpm 0414d9413e6d5fbed3cad3096ca1e23c corporate/3.0/i586/ruby-tk-1.8.1-1.10.C30mdk.i586.rpm c75fdfc1387b13c4fe50f929b9125516 corporate/3.0/SRPMS/ruby-1.8.1-1.10.C30mdk.src.rpm Corporate 3.0/X86_64: 4b6992996fe4d1df03c189bdd51b14bc corporate/3.0/x86_64/ruby-1.8.1-1.10.C30mdk.x86_64.rpm 475a0ee98a513a4d2aada6fdbe33ff9c corporate/3.0/x86_64/ruby-devel-1.8.1-1.10.C30mdk.x86_64.rpm 8fc454cc2d5edb758958e72ee2f92d03 corporate/3.0/x86_64/ruby-doc-1.8.1-1.10.C30mdk.x86_64.rpm dfac76704ce02fd86b5fc8e29bd8ea34 corporate/3.0/x86_64/ruby-tk-1.8.1-1.10.C30mdk.x86_64.rpm c75fdfc1387b13c4fe50f929b9125516 corporate/3.0/SRPMS/ruby-1.8.1-1.10.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIdU/HmqjQ0CJFipgRAh67AJ98tDlBvyey9EJ3hGYdB6SDUD79WwCg9oEg 3ydTGyWfa+N5DkHuJK8FxTw= =0+4d -----END PGP SIGNATURE----- ------------=_1215658839-11275-7244 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________ ------------=_1215658839-11275-7244--

Hardware Canucks is pleased present our review of the BFG 8800GT OCX & 9600GT OCX Thermointelligence video cards *Article URL:* http://www.hardwarecanucks.com/forum/hardware-canucks-reviews/8451-bfg-8800gt-ocx-9600gt-ocx-video-card-review.html *Quote:* *BFG targets their OCX line of video cards at the people out there who want some of the fastest pre-overclocked cards on the market and in this case they have also equipped the 8800GT OCX and 9600GT OCX with aftermarket coolers (hence the Thermointelligence name). This provides a great jump in performance over stock-clocked cards while staying within the bounds of BFG's Lifetime warranty.* *Image URL:* http://images.hardwarecanucks.com/image/skymtl/GPU/BFG-THERMO/THERMO-7.jpg We would appreciate it if you could post this in your News section. Regards, -- Hardware Canucks News Team

This is a multi-part message in MIME format... ------------=_1215655238-11275-7243 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:141 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ruby Date : July 9, 2008 Affected: 2007.1, 2008.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) ..%5c (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. (CVE-2008-1145) Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and earlier, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. (CVE-2008-1891) Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption. (CVE-2008-2662) Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors. (CVE-2008-2663) The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca. (CVE-2008-2664) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the REALLOC_N variant. (CVE-2008-2725) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the beg + rlen issue. (CVE-2008-2726) Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. (CVE-2008-2376) The updated packages have been patched to fix these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: c252d5ada64ffce7573bc6e0d2184732 2007.1/i586/ruby-1.8.5-5.2mdv2007.1.i586.rpm 7c1687d94932963aed642743b1843212 2007.1/i586/ruby-devel-1.8.5-5.2mdv2007.1.i586.rpm cb3097b6b931faeb143924fbee1d3a28 2007.1/i586/ruby-doc-1.8.5-5.2mdv2007.1.i586.rpm d29d868f062bad90621381d386472777 2007.1/i586/ruby-tk-1.8.5-5.2mdv2007.1.i586.rpm 33d63f4835688a0ab7581c362e75dd64 2007.1/SRPMS/ruby-1.8.5-5.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 724556ab63e935db4a9f45612058936c 2007.1/x86_64/ruby-1.8.5-5.2mdv2007.1.x86_64.rpm 6ec3a76f976514e17fb99711e3cc68e3 2007.1/x86_64/ruby-devel-1.8.5-5.2mdv2007.1.x86_64.rpm 5c9deb0ff0b1696e8218f5000343bfac 2007.1/x86_64/ruby-doc-1.8.5-5.2mdv2007.1.x86_64.rpm ec156fb4f2f8f734b4f89a9aa16a62e8 2007.1/x86_64/ruby-tk-1.8.5-5.2mdv2007.1.x86_64.rpm 33d63f4835688a0ab7581c362e75dd64 2007.1/SRPMS/ruby-1.8.5-5.2mdv2007.1.src.rpm Mandriva Linux 2008.0: 89f70e454462048226c6059b95652f25 2008.0/i586/ruby-1.8.6-5.2mdv2008.0.i586.rpm d57091c563b105fd9e4127ef8008867d 2008.0/i586/ruby-devel-1.8.6-5.2mdv2008.0.i586.rpm 8a94d59110ecb0cd0a480b69ed1bf0bc 2008.0/i586/ruby-doc-1.8.6-5.2mdv2008.0.i586.rpm 0c43f8440eb12ec9178226ac5c77aa2e 2008.0/i586/ruby-tk-1.8.6-5.2mdv2008.0.i586.rpm 858395d3967c7de15b571385c197ccc4 2008.0/SRPMS/ruby-1.8.6-5.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: f120c134ce4fdead8965403ccc8eb49e 2008.0/x86_64/ruby-1.8.6-5.2mdv2008.0.x86_64.rpm a9609b6039420c64abfb9b91d92b68bc 2008.0/x86_64/ruby-devel-1.8.6-5.2mdv2008.0.x86_64.rpm 0e329d93db15b76812cc51b26f897604 2008.0/x86_64/ruby-doc-1.8.6-5.2mdv2008.0.x86_64.rpm 92600aca44e77277ed4f719c123e5b90 2008.0/x86_64/ruby-tk-1.8.6-5.2mdv2008.0.x86_64.rpm 858395d3967c7de15b571385c197ccc4 2008.0/SRPMS/ruby-1.8.6-5.2mdv2008.0.src.rpm Corporate 4.0: 7a9604cb39058bab09a4e553c0cbc2e3 corporate/4.0/i586/ruby-1.8.2-7.7.20060mlcs4.i586.rpm 5d900b1a9787097628a51b6c24ba4be9 corporate/4.0/i586/ruby-devel-1.8.2-7.7.20060mlcs4.i586.rpm b8729a0cf4552ea6a8fc611fc1104d11 corporate/4.0/i586/ruby-doc-1.8.2-7.7.20060mlcs4.i586.rpm c716012af6e742531fc28257f4696f4d corporate/4.0/i586/ruby-tk-1.8.2-7.7.20060mlcs4.i586.rpm c72b7dad7cb2bd7562d995da4c4e4efd corporate/4.0/SRPMS/ruby-1.8.2-7.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: 13d8f1e4329d0f7dfc5572a2705f8b86 corporate/4.0/x86_64/ruby-1.8.2-7.7.20060mlcs4.x86_64.rpm a7d4f516f8ff886168cf6335fcad125e corporate/4.0/x86_64/ruby-devel-1.8.2-7.7.20060mlcs4.x86_64.rpm 4d740dd82feaba8d2e9e1488c6cf2ef9 corporate/4.0/x86_64/ruby-doc-1.8.2-7.7.20060mlcs4.x86_64.rpm b2de140fb31dcfbcee01134bc31489ea corporate/4.0/x86_64/ruby-tk-1.8.2-7.7.20060mlcs4.x86_64.rpm c72b7dad7cb2bd7562d995da4c4e4efd corporate/4.0/SRPMS/ruby-1.8.2-7.7.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIdUGqmqjQ0CJFipgRAuXGAKCIQ0Va2dI9prKCa0oFhVtknariDACeLC6Z 3zJx/Rr6cvqbhMHr4JMKICM= =lPv+ -----END PGP SIGNATURE----- ------------=_1215655238-11275-7243 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________ ------------=_1215655238-11275-7243--

Good day, Today Neoseeker takes a look at memory from OCZ: DDR3 PC3-16000 Platinum. It is fast: http://www.neoseeker.com/Articles/Hardware/Reviews/ocz_pc3-16000/ "Mind you, current PC motherboards cannot make use of all of this bandwidth - a dual channel setup with these DIMMs is theoretically capable of supplying 32GB/sec memory bandwidth, however the processor<http://www.neoseeker.com/Articles/Hardware/Reviews/ocz_pc3-16000/7.html#>is connected to the northbridge normally with a 1333MHz or 1600MHz FSB; and even though we pushed the FSB in these tests to 2000MHz, due to bus overhead it is literally impossible to make use of the full bandwidth of even one bank of these DIMMs." Kevin Spiess Editor, Neoseeker.com

This is a multi-part message in MIME format... ------------=_1215654334-11275-7242 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:140 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ruby Date : July 9, 2008 Affected: 2008.1 _______________________________________________________________________ Problem Description: Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and earlier, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. (CVE-2008-1891) Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption. (CVE-2008-2662) Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors. (CVE-2008-2663) The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca. (CVE-2008-2664) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the REALLOC_N variant. (CVE-2008-2725) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the beg + rlen issue. (CVE-2008-2726) Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. (CVE-2008-2376) The updated packages have been patched to fix these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 0e1e1ae20f5896be9834c92122ca7370 2008.1/i586/ruby-1.8.6-9p114.1mdv2008.1.i586.rpm 36d73cca1086770e7279fd1dd14e4e2f 2008.1/i586/ruby-devel-1.8.6-9p114.1mdv2008.1.i586.rpm 587b0727fe52509778bf1848e5a83de3 2008.1/i586/ruby-doc-1.8.6-9p114.1mdv2008.1.i586.rpm 04f6c795bc9b7e54f055e0da561ca045 2008.1/i586/ruby-tk-1.8.6-9p114.1mdv2008.1.i586.rpm b7598818fcbe7488f1d2e65a4881aa6a 2008.1/SRPMS/ruby-1.8.6-9p114.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 8de0e1cf1ca63db2336406dbdddf293d 2008.1/x86_64/ruby-1.8.6-9p114.1mdv2008.1.x86_64.rpm 93a8132e84bd61ef5bc79e5833075fa2 2008.1/x86_64/ruby-devel-1.8.6-9p114.1mdv2008.1.x86_64.rpm 0b6b2455e98dfbaf65cf91094fc3ca09 2008.1/x86_64/ruby-doc-1.8.6-9p114.1mdv2008.1.x86_64.rpm ca1998f680630b126d243135f765e8e2 2008.1/x86_64/ruby-tk-1.8.6-9p114.1mdv2008.1.x86_64.rpm b7598818fcbe7488f1d2e65a4881aa6a 2008.1/SRPMS/ruby-1.8.6-9p114.1mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIdT7dmqjQ0CJFipgRAqx2AKDVcwjVj0MG/KrpovmuN0lr80ji6gCginyN XY+EoayKcK8xfkVCiuDdk40= =4hYe -----END PGP SIGNATURE----- ------------=_1215654334-11275-7242 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________ ------------=_1215654334-11275-7242--

Greenwave Software announces TalkBubbles 1.0 for iPhone and iPod Touch - Published on 07/09/08 Greenwave Software LLC is proud to announce TalkBubbles 1.0, their fun-to-use photo sharing utility for iPhone and iPod Touch. TalkBubbles can add comic-like speech and thought bubbles to a picture from either the image library or photos taken with the iPhone's camera. Easily manipulate, position, and change the bubbles with the iPhone's touch interface. Images can be saved back to the devices library to share with friends. Overland Park, Kansas - Greenwave Software LLC is proud to announce TalkBubbles 1.0, their fun-to-use photo sharing utility for iPhone and iPod Touch. TalkBubbles can add comic-like speech and thought bubbles to a picture from either the image library or photos taken with the iPhone's camera. Easily manipulate, position, and change the bubbles with the iPhone's touch interface. Images can be saved back to the devices library to share with friends. Starting with a picture taken with the iPhone or by selecting one from the photo library, users can add dialog bubbles by double-tapping the screen. The style and placement of the bubbles can easily be changed with a touch, pinch, or drag. If a picture is worth a thousand words, then a picture with witty additions must be priceless. With TalkBubbles, it's as easy as one, two, three, and friends will be ROTFL. Minimum Requirements: * iPhone OS 2.0 running on either an iPhone or iPod Touch Pricing and Availability: A single user license for TalkBubbles is only $4.99 USD. TalkBubbles will be available when the Apple App Store launches. Greenwave Software: http://www.greenwavesoftware.com/ TalkBubbles for iPhone and iPod Touch: http://www.iphonetalkbubbles.com/ Headquartered in Overland Park, Kansas, Greenwave Software LLC is a privately funded company founded in 2003 by Chip Coons. With over ten years developing on the Mac platform, Chip's aim is developing unique and useful software, complemented by first-class customer support. Copyright 2003-2008 Greenwave Software LLC. All Rights Reserved. Apple, the Apple logo, are registered trademarks of Apple Computer in the U.S. and/or other countries. ### Chip Coons Owner 913-269-0665 chipcoons ( -at -) greenwavesoftware.com *******