news

GTK+ 2.12.11 is now available for download at: http://download.gnome.org/sources/gtk+/2.12/ gtk+-2.12.11.tar.bz2 md5sum: f7aab88e856a813386f797aade5867ad gtk+-2.12.11.tar.gz md5sum: 98ff001a7321a4c93cda83d635449dc3 This is a bug fix release in the 2.12 series. What is GTK+ ============ GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites. GTK+ has been designed from the ground up to support a range of languages, not only C/C++. Using GTK+ from languages such as Perl and Python (especially in combination with the Glade GUI builder) provides an effective method of rapid application development. GTK+ is free software and part of the GNU Project. However, the licensing terms for GTK+, the GNU LGPL, allow it to be used by all developers, including those developing proprietary software, without any license fees or royalties. Where to get more information about GTK+ ======================================== Information about GTK+ including links to documentation can be found at: http://www.gtk.org/ An installation guide for GTK+ 2.x is found at: http://developer.gnome.org/doc/API/2.0/gtk/gtk-building.html Common questions: http://developer.gnome.org/doc/API/2.0/gtk/gtk-question-index.html http://www.gtk.org/faq/ Contributing ============ GTK+ is a large project and relies on voluntary contributions. We are actively searching for new contributors in various areas and invite everyone to help project development. If you are willing to participate, please subscribe to the project

GNOME Power Manager is a session daemon that makes it easy to manage the power on your laptop or desktop system. This _unstable_ release contains lots of crazy new code since 2.23.1 was released. WARNING, this code may impregnate your cat called Dave and steal all of the magazines from the bathroom. ============== Version 2.23.3 ============== - Fixed #483144, Gconf key for battery brightness labeled incorrectly... (Richard Hughes) - Fixed #492132, policy timeout prevents computer from suspend (Richard Hughes) - Fixed #517914, Inconsistent colors of graphs (Richard Hughes) - Fixed #521686, Removing gnome_program_init removes session management (Richard Hughes) - Fixed #522078, aborts when suspend is chosen when running under GDM (Richard Hughes) - Fixed #522236, g-p-m should set a window type hint for the brightness feedback window (Richard Hughes) - Fixed #522336, Change Playbin state back to NULL on error and EOS : fix potential memory leak when using pulsaudio (Richard Hughes) - Fixed #523152, GetBrightness returns a INT not a UINT (Richard Hughes) - Fixed #524449, gnome-power-preferences gives a critical warning (Richard Hughes) - Fixed #526178, Should check user capability "CanShutdown" before providing shutdown option in combo box (simon.zheng) - Fixed #526349, gnome-power-bugreport.sh doesn't work on Solairs (simon.zheng) - Fixed #534335, cpu load calculation doesn't work on Solaris (simon.zheng) - Fixed #535271, XBACKLIGHT is very slow (Richard Hughes) - Fixed #536956, Should remove cpufreq_show gconf key (simon.zheng) Translations: - Updated ru: Yuri Kozlov - Updated fr: Claude Paroz - Updated bg: Alexander Shopov - Updated nn: Eskild Hustvedt - Updated el: Kostas Papadimas - Updated vi: Clytie Siddall - Updated is: Andre Klapper - Updated sv: Daniel Nylander - Updated ar: Djihed Afifi - Updated en_GB: Richard Hughes - Updated th: Theppitak Karoonboonyanan - Updated cs: Petr Kovar - Updated et: Priit Laes - Updated gl: Ignacio Casal Quinteiro - Updated es: Jorge Gonzalez _______________________________________________

TechwareLabs has published our review of Gaming with Dell & HP. Here's a clip from the article: Quote: Looking for a new gaming rig but don't want to build it yourself? Interested in what Dell and HP have to offer with a preconfigured machine and a good warrenty to boot? We take a look at how the offerings of Dell and HP stack up against eachother and give you a good idea of where your money is best spent. LINK: http://www.techwarelabs.com/articles/editorials/gaming-with-dell&hp/ Title: Gaming with Dell & HP ( -at -) TechwareLabs Image: http://www.techwarelabs.com/articles/editorials/gaming-with-dell&hp/images/720_ClearSide_XPS.jpg A news post would be greatly appreciated!

Title: Apple Wireless Keyboard Reviewed ( -at -) TheTechLounge Quote: "Mmm, Mac hardware. Sharp. Purposeful. Tasty. Downright industrial designelicious. Half of the people who make the vaunted switch do so because of this keyboard. I mean, not literally this keyboard, but because of the engineering and style that this wireless device is the apex embodiment of. The keyboard is small because it's cut down; the keys are standard but a lot is sacrificed to make the whole package as miniscule as possible without cramping digits. I see a lot of potential in this input device, and not because it's portable. But I also can't help but wonder, can design be taken too far?" Article URL: http://www.thetechlounge.com/article/535/Apple+Wireless+Keyboard/ Image URL: http://www.thetechlounge.com/files/articles/535/index_197.jpg If you think this article is of interest to your readers, we would greatly appreciate a post in your site's news. Please feel free to

Hi Editors, Tech-Reviews.co.uk has just posted a news review online. A link or inclusion of the review in a news post would be much appreciated. Title: BHV Homepage Maker 6 Express ( -at -) Tech-Reviews.co.uk Briefing: Website design software is useful for many people from massive websites like Google and eBay to the smaller one-man band sites. If you do happen to be a bored housewife breaking out into the wide world of the internet then you probably don't have much programming knowledge. BHV's Homepage Maker 6 Express states that you need no programming knowledge to be able to use this software. So let's put this software to the test and see just how easy it is to use. Link: http://tech-reviews.co.uk/reviews/bhv-homepage-maker-6-express/ Image SRC: http://tech-reviews.co.uk/images/thumbs/homepagemaker.jpg Please continue to send us news at the provided address:

Just a few short years ago, home theater PCs were pretty cutting-edge. You pretty much had to be an enthusiast to even know such a thing was possible, and setting up a suitable system wasn't cheap—especially if you wanted to make the most of a high-definition TV. But as is often the case in this industry, cutting edge features and capabilities quickly trickle down to the mainstream. Even today's run-of-the-mill home theater PCs are leagues ahead of the once-impressive media rig that I assembled several years ago and still use today. Several factors have conspired to make home theater PCs so capable and popular. Microsoft deserves some credit for bringing a 10-foot GUI to Windows, making it easier for folks to control their PCs from the couch without having to mess with additional software. The industry trend toward lower power consumption has helped, too, delivering scores of cool-running chips that can get by with the kind of near-silent cooling you want in your living room. Integrated graphics chipsets have also stepped up in a big way, offering credible gaming chops and an arsenal of advanced video decoding tricks. For a few months now, AMD's 780G has reigned as the only integrated graphics chipset capable of handling high-definition video decoding. Now it has company in the form of Nvidia's new GeForce 8300. This single-chip core logic package features a graphics core derived from the GeForce 8400 GS, full Blu-ray decode acceleration, a HyperTransport 3.0 processor link prime for Phenom processors, PCI Express 2.0 connectivity, Gigabit Ethernet, loads of SATA RAID, and an even dozen USB ports. Impressive specs, no doubt, but can the GeForce 8300 unseat the 780G as our integrated graphics chipset of choice? Read on to find out. http://techreport.com/articles.x/14993 Thanks, Geoff ---- Geoff Gasior The Tech Report http://techreport.com -- To unsubscribe from: TR-News, just follow this link:

Hi Editors, Tech-Reviews.co.uk has just posted a news review online. A link or inclusion of the review in a news post would be much appreciated. Title: Scythe Kaze Master Fan Controller ( -at -) Tech-Reviews.co.uk Briefing: With the ever increasingly popular gaming cases - such as the Twelve Hundred which we reviewed at Tech-reviews yesterday - more and more fans are being added to cases. This is good in the way of cooling; hence better performance from components, however installing lots of fans increases the noise levels of computers considerably. To drop these noise levels, you need control over your fans and if you don't have mystic powers, one such product that achieves this is a fan controller. Fortunately, we've been lucky enough to review a fan controller from reputable manufacturer Scythe. Introducing the Scythe Kaze Master. Link: http://www.tech-reviews.co.uk/reviews/scythe-kaze-master-fan-controller/ Image SRC: http://tech-reviews.co.uk/images/thumbs/kazemaster.jpg Please continue to send us news at the provided address:

Hello, - Double D Dodgeball Website Launched and Trailer http://www.gamershell.com/news_54090.html - King's Bounty: The Legend Tales of Endoria Trailer #2 and Screens #6 http://www.gamershell.com/news_54088.html - Legendary Creatures Trailers http://www.gamershell.com/news_54086.html Best Regards, GamersHell.com Staff =============================================================================

Hello, - Double D Dodgeball Website Launched and Trailer http://www.gamershell.com/news_54090.html - King's Bounty: The Legend Tales of Endoria Trailer #2 and Screens #6 http://www.gamershell.com/news_54088.html - Legendary Creatures Trailers http://www.gamershell.com/news_54086.html Best Regards, GamersHell.com Staff =============================================================================

Hello, Corsair Voyager GT 16Gb and Voyager 4Gb USB Stick Review "The Voyager GT is the high speed cousin of the well known Corsair Voyager USB stick. In this review we compare its performance to several other USB drives as well as the none-GT Voyager." http://www.madshrimps.be/gotoartik.php?articID=845 ____________________________________ Thank you in advance for posting,

Hello, - ByteShield at Gamefest 2008 http://www.gamershell.com/news_54082.html - Concerto Gate Announced and Screens/Trailer http://www.gamershell.com/news_54080.html - PDC World Championship Darts Announced for Xbox 360 and PSP http://www.gamershell.com/news_54078.html - Guitar Hero III: Legends of Rock New Downloadable Content in July http://www.gamershell.com/news_54076.html - The Who Joins Rock Band http://www.gamershell.com/news_54074.html - StoneAge 2 Housing System Details and Screens #3 http://www.gamershell.com/news_54072.html - Mount & Blade v0.960 Demo/Patch and Trailer http://www.gamershell.com/news_54070.html Best Regards, GamersHell.com Staff =============================================================================

Lost Planet was one of those games that got critically panned when it was released and yet surprisingly against all odds, I thought it was a killer title. It was released in 2007 for Xbox 360 and PC and then was later ported over to Sonys Playstation 3. Colonies Edition is a greatest hits style release with extra content for the PC and Xbox 360 priced at a reasonable $29.99 in the USA. http://www.driverheaven.net/gamingreviews.php?reviewid=612 DriverHeaven and GamingHeaven News Mailer

Corsair took their time and did it right. The new HX1000W quietly serves up 1,000W of clean, efficient power and continues to reinforce Corsair's reputation for delivering quality and reliability. URL: http://www.pcper.com/article.php?aid=583 Quote: "Corsair took their time and did it right. The new HX1000W modular power supply is one of the best 1,000W PC power supplies we have tested to date. The HX1000W PSU provides excellent voltage regulation and delivers clean outputs with very good efficiency. As if that weren't enough, the HX1000W does it's job quietly, is 80Plus and NVIDIA Triple SLI certified, and comes backed with a 5-year warranty and 24/7 support. Highly recommended!" Thanks for a post! Ryan Shrout Owner - PC Perspective rshrout ( -at -) pcper.com

Dear Sir of Madam, The Akademy 2008 Team would love to welcome you to the yearly KDE world summit, Akademy 2008 in Sint-Katelijne-Waver, Belgium. A great opportunity to interview our Board of Directors, our most valued partners or speakers or the get a better insight in our future involvements. Please find inclosed your invitation and more information on how to register. Sincere greetings Van Craen Wendy Akademy2008 vice-organiser http://akademy2008.kde.org http://www.kde.org

AMD Phenom X4 9950 and 9350e Quad-Core Processor Review AMD was busy last month with the launch of the ATI Radeon HD 4850 and Radeon HD 4870 graphics cards, which have both proved themselves to be price versus performance winners. This month, AMD is starting off by launching three new processors: the Phenom X4 9950 processor and the energy-efficient Phenom X4 9350e and 9150e processors. Read on to see how these new processors do! Quote: "AMD has launched three more Phenom processors that are sure to get people talking. The energy-efficient 65W Phenom processors are the ones to keep an eye on. They are priced under $200 and will be a nice upgrade path for those looking to drop in a processor and move on..." Article Title: AMD Phenom X4 9950 and 9350e Quad-Core Processor Review ( -at -) Legit Reviews Article URL: http://www.legitreviews.com/article/735/1/ --

Dare to be Creative releases ResizeMe 1.0, batch image and photo editor - Published on 07/01/08 Dare to be Creative today announced the release of ResizeMe, a batch image and photo editor for Mac OS X Tiger and Leopard. Designed to improve productivity and efficiency, ResizeMe allows users to resize, scale, rotate and flip many images and photos at once with a drag and drop interface. Vienna, Austria - Dare to be Creative today announced the release of ResizeMe, a batch image and photo editor for Mac OS X Tiger and Leopard. ResizeMe can resize, scale, rotate and flip many images and photos at once, and is the latest tool by Dare to be Creative aimed at creative professionals. Batch resize, scale, rotate and flip: With ResizeMe, users can resize, scale, rotate and flip many images at once. Resizing allows users to reduce the size of their photos for emailing, or creating thumbnails for images to post on websites. Users can rotate images to quickly switch from portrait mode to landscape, or vice versa. And by flipping images horizontally or vertically users can easily create mirror effects. A tool for creative professionals: ResizeMe is the third tool by Dare to be Creative designed for creative professionals such as graphic designers and web designers. Alongside ResizeMe are Renamer4Mac, a batch file renamer, and Dragoman, a batch image and photo converter. With Renamer4Mac, photographers and creative professionals can save hours of work by renaming thousands of images at once, such as renaming photos downloaded from digital cameras into something meaningful. Designers and creative professionals benefit from Dragoman's support for popular image and raw digital camera formats, allowing them for example to batch convert TIFF to PNG, or from raw digital camera files such as from Canon or Kodak cameras to JPEG. Features in a nutshell: * Batch image editor that resizes, scales, rotates and flips (horizontally and vertically) images and photos * Handles the popular image formats JPEG, PNG, TIFF, PDF, JPEG-2000 (JP2), Silicon Graphics Image (SGI), Targa Graphics (TGA) * Easy drag and drop interface * Preserves EXIF data * Built-in, automatic self updates that inform users when new versions are available Minimum Requirements: * Mac OS X Version 10.4 or higher * Universal Binary for PowerPC and Intel Pricing and Availability: ResizeMe is $19.95 USD, and available as a free download from Resize-Me.com. It runs initially in a 10-day trial mode with all features active. This is the first release of ResizeMe. ResizeMe: Batch image editor that resizes, scales, rotates and flips images: http://resize-me.com/ ResizeMe: Screenshots of ResizeMe in action: http://resize-me.com/screenshots.html ResizeMe: List of supported image and photo formats: http://resize-me.com/features/supported-image-formats.html Renamer4Mac: A batch file renamer: http://renamer4mac.com/ Dragoman: A batch file converter for images, photos, music and archive files: http://dragoman-mac.com Located in Vienna, Austria, Dare to be Creative Ltd. is a software company founded in 2006 by a group of Mac enthusiasts. The Dare to be Creative team focuses exclusively on developing utility applications for Mac OS X designed to save valuable time while being enjoyable and easy to use. The current portfolio includes a) iArchiver, an archiving and file compression utility, iCombiner, a tool to combine images and PDF files into single PDF documents, c) Renamer4Mac, a batch file renamer, d) ResizeMe, a batch image editor that resizes, scales, rotates and flips images, and e) Dragoman, a batch file converter for image, music and archive files. All Material and Software © 2006-2008 Dare to be Creative Ltd. / All Rights Reserved. ### Philipp Mayerhofer Chief Operational Officer +4319551750 philipp ( -at -) iarchiver.com *******

At Phoronix we have posted a new article. A link to this from your site's news section would be greatly appreciated. Title: Intel Core 2 Duo E8400 Linux Performance ( -at -) Phoronix Direct Link: http://www.phoronix.com/vr.php?view=12551 Summary: "Back in March we had looked at the Intel Core 2 Duo T9300 mobile processor with its Penryn core and 6MB of shared L2 cache between its two cores clocked at 2.50GHz. We were very pleased with the performance of this mobile processor on Linux, which was found within a Lenovo ThinkPad T61 notebook, and today we are looking at the Penryn's desktop counterpart. Intel's Core 2 Duo "Wolfdale" E8000 series processors were released earlier this year with 6MB of L2 cache, 45nm manufacturing, a 1333MHz FSB, and support for SSE 4.1. The processor from the Wolfdale series we are looking at today under Linux is the Core 2 Duo E8400." Please feel free to contact us with any questions or comments you may

Hello fellow editors! Tech ARP ( http://www.techarp.com/ <http://www.techarp.com/>'>http://www.techarp.com/> ) has just posted the ED#98 : What Happens When The CMOS Battery Fails? Quote - Ever wondered what happens if your CMOS battery fails? Most of us know that the CMOS settings are retained whenever the PC is powered, but what happens when you turn off the PC? Will those CMOS settings just go poof? Or will they remain intact as long as the power supply remains turned on? Believe it or not, no one knew for sure, so iModAMD decided to test a few motherboards and find out. Direct URL - http://www.techarp.com/showarticle.aspx?artno=564 Logo URL - http://www.techarp.com/editorials/img/0826_CMOS_Battery_Failure_big.png We would appreciate your help in getting the word out. Rest assured that we will reciprocate and post your news with all due haste. If you have any news, please feel free to send it to our news mailbox at news ( -at -) techarp.com. Thanks! Tech ARP http://www.techarp.com/ <http://www.techarp.com/>

Hello, We've just posted our latest review and would love it if you linked it. TIA! "Sony's DSC-W130 is a good all-rounder, though image quality is quite run of the mill with softening around edges and noise at ISO 800 and higher. Colours are vibrant and shots are generally acceptable, though aren't quite as sharp as they could be - but they're more than suitable for respectable A4 prints, e-mailing, and posting on the Web. The DSC-W130 doesn't set the world on fire, but its build quality, fast shutter, longer-than-normal lens, and handy in-camera editing and slide show functions make it a well-rounded offering for the asking price." http://www.biosmagazine.co.uk/rev.php?id=768 _____ Christian Harris Editor/Publisher BIOS (http://www.biosmagazine.co.uk) _____

Quixpace announces Stitches 1.0 for Mac OS X - Published on 07/01/08 Quixpace is proud to announce Stitches 1.0, their professional level cross-stitching and charting application for Mac OS X. Stitches allows anyone to create and design their own cross-stitch charts, either from scratch or by importing photos, drawings and clipart. With a focus on ease-of-use, Stitches offers powerful selection and painting tools for creating and printing gorgeous charts. Heist-op-den-Berg, Belgium - Quixpace is proud to announce Stitches 1.0, their professional level cross-stitching and charting application for Mac OS X. Stitches allows anyone to create and design their own cross-stitch charts, either from scratch or by importing photos, drawings and clipart. With a focus on ease-of-use, Stitches offers powerful selection and painting tools for creating and printing gorgeous charts. When creating a design from scratch, users may choose from up to 450 symbols to assign to their colors from 427 different DMC swatches. Imported artwork is automatically converted to DMC Standard colors. Once a chart design has been created, it can be printed faithfully in a variety of patterns, including an estimate of the amount of thread required. And since Stitches is WYSIWYG, what is on screen is what will be printed on paper and cloth. Feature highlights include: * Design charts from scratch * Import photos, drawings and clipart * Choose from 450 symbols * Powerful selection editing tools: magic wand, select by color and more * Powerful painting tools: brush, flood fill and more * Insert text in every font available to the System * Print symbols, color blocks, a combination of both or colored symbols Language support: English, and Dutch Minimum Requirements: * Mac OS X Version 10.4 Tiger, 10.5 Leopard or later * Universal Binary for PowerPC and Intel * 512 MB Minimum Ram (1 Gig recommended) * 5.3 MB Hard Drive space Pricing and Availability: Stitches may be purchased for 49.99 EUR ($79.99 USD). After purchasing customers will be emailed a license code to unlock the application. Volume discounts are available for hobby and crafts organizations. Quixpace: http://www.quixpace.com/ Stitches 1.0: http://www.stitchesapp.com/ Download Stitches: http://www.stitchesapp.com/data/downloads/Stitches_1.0.dmg Purchase: http://www.stitchesapp.com/buy Screenshots and Screencast: http://www.stitchesapp.com/screencasts Free Stitching Charts (PDF): http://www.stitchesapp.com/free-cross-stitch-chart Headquartered in beautiful Heist-op-den-Berg, Belgium, Quixpace is a privately funded company founded in 2005 by Kasper Nauwelaerts. Kasper has a decade of experience working in business automation and IT services, and founded Quixpace with the intention of bringing this experience to the Mac platform. Copyright 2005-2008 Quixpace. All Rights Reserved. Apple, the Apple logo, are registered trademarks of Apple Computer in the U.S. and/or other countries. The DMC Needlepoint Standard is a registered trademark of the DMC Group/DMC Incorporated. ### Kasper Nauwelaerts Owner +32-496-213970 kasper ( -at -) quixpace.com *******

Hi News Poster Hardwareoverclock Austria have just published a new article: Intel Core2Duo E8400 overclocking guide. The article is in german, but the pictures and results are international. Title: Intel Core2Duo E8400 overclocking guide ( -at -) Hardwareoverclock Austria Link: http://www.hardwareoc.at/Intel_Core2Duo_E8400_Overclocking_Anleitung.htm A news post on your site would be appreciated. Rene Rostislav Zak Chefredakteur Hardwareoverclock Austria <http://www.hardwareoc.at> http://www.hardwareoc.at <mailto:admin ( -at -) hardwareoc.at> admin ( -at -) hardwareoc.at

Dear Editors, we just posted a new article which might be interesting to your readers. A post in your news section would be appreciated. Title: AXP 2.5/3.5" SATA to eSATA & USB Dock Link: http://www.techpowerup.com/reviews/AXP/SATA_HDD_eSATA_USB_Dock Brief: AXP is now offering the very popular external hard drive docking station for SATA drives. The unit can take a 2.5 or 3.5 inch drives and offers eSATA on top of the usual USB 2.0 connectivity.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Motion: Execution of arbitrary code Date: July 01, 2008 Bugs: #227053 ID: 200807-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Motion might result in the execution of arbitrary code. Background ========== Motion is a program that monitors the video signal from one or more cameras and is able to detect motions. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/motion < 3.2.10.1 >= 3.2.10.1 Description =========== Nico Golde reported an off-by-one error within the read_client() function in the webhttpd.c file, leading to a stack-based buffer overflow. Stefan Cornelius (Secunia Research) reported a boundary error within the same function, also leading to a stack-based buffer overflow. Both vulnerabilities require that the HTTP Control interface is enabled. Impact ====== A remote attacker could exploit these vulnerabilities by sending an overly long or specially crafted request to a vulnerable Motion HTTP control interface, possibly resulting in the execution of arbitrary code with the privileges of the motion user. Workaround ========== There is no known workaround at this time. Resolution ========== All Motion users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/motion-3.2.10.1" References ========== [ 1 ] CVE-2008-2654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2654 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200807-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security ( -at -) gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Python: Multiple integer overflows Date: July 01, 2008 Bugs: #216673, #217221 ID: 200807-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple integer overflows may allow for Denial of Service. Background ========== Python is an interpreted, interactive, object-oriented programming language. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/python < 2.4.4-r13 *>= 2.3.6-r6 >= 2.4.4-r13 Description =========== Multiple vulnerabilities were discovered in Python: * David Remahl reported multiple integer overflows in the file imageop.c, leading to a heap-based buffer overflow (CVE-2008-1679). This issue is due to an incomplete fix for CVE-2007-4965. * Justin Ferguson discovered that an integer signedness error in the zlib extension module might trigger insufficient memory allocation and a buffer overflow via a negative signed integer (CVE-2008-1721). * Justin Ferguson discovered that insufficient input validation in the PyString_FromStringAndSize() function might lead to a buffer overflow (CVE-2008-1887). Impact ====== A remote attacker could exploit these vulnerabilities to cause a Denial of Service or possibly the remote execution of arbitrary code with the privileges of the user running Python. Workaround ========== There is no known workaround at this time. Resolution ========== The imageop module is no longer built in the unaffected versions. All Python 2.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r6" All Python 2.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r13" References ========== [ 1 ] CVE-2008-1679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679 [ 2 ] CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 [ 3 ] CVE-2008-1887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200807-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security ( -at -) gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Hello, - Diablo 3 Renewed Artistic Direction Petition http://www.gamershell.com/news_54068.html - Simbin Officially Denies False Rumours Regarding Xbox 360 Game http://www.gamershell.com/news_54066.html - NARUTO: Ultimate Ninja STORM Demo This Month http://www.gamershell.com/news_54064.html Best Regards, GamersHell.com Staff =============================================================================