news

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Integer overflow vulnerability Date: April 18, 2008 Bugs: #217232 ID: 200804-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in CUPS might allow for the execution of arbitrary code or a Denial of Service. Background ========== CUPS provides a portable printing layer for UNIX-based operating systems. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.2.12-r8 >= 1.2.12-r8 Description =========== Thomas Pollet reported a possible integer overflow vulnerability in the PNG image handling in the file filter/image-png.c. Impact ====== A malicious user might be able to execute arbitrary code with the privileges of the user running CUPS (usually lp), or cause a Denial of Service by sending a specially crafted PNG image to the print server. The vulnerability is exploitable via the network if CUPS is sharing printers remotely. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r8" References ========== [ 1 ] CVE-2008-1722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1722 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-23.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security ( -at -) gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Hardware Canucks is pleased to present our review of the Thermalright IFX-10 Motherboard Backside Cooler. Quote: Today we will be looking at another of their innovative ideas, namely the InfernoFx-10 motherboard backside cooler. The IFX-10 (as it is commonly known) is designed to suck heat away from the bottom of your hot running CPU. Since it fits on the back of the motherboard it should easily fit the majority (if not all) 775 Intel motherboards on the market today and with its custom mounting system should also work with the majority of CPU cooling solutions available Link: http://www.hardwarecanucks.com/forum/hardware-canucks-reviews/5600-thermalright-ifx-10-motherboard-backside-cooler-review.html Image: http://images.hardwarecanucks.com/image/akg/Air_Cooling/ifx/ifx2_sm.jpg Hardware Canucks News

Test New Vista Shells Without Rebooting ( -at -) [OC]ModShop There are a few shell and desktop enhancements for Windows Vista. These third-party shells run in place of Explorer, which sometimes require registry edits or other tweaks to get working. Did you know what you can kill Explorer and test a new shell without rebooting Vista? Many people just to go Task Manager and kill explorer.exe, but if you do this then Explorer may start up automatically again. There is also a quick and dirty way of exiting Explorer, allowing you to test a few shells before deciding which one to install. This tip can also be handy if your system is just acting "wonky". If a file copy is hung, or your network is slow, then a reset of Explorer may be just what the doctor ordered. Review URL :: http://www.ocmodshop.com/ocmodshop.aspx?a=1092 Image URL :: http://www.ocmodshop.com/news/thumbnails/34983.gif Thank you for your time and attention as well as your continued interest in OCModShop.com. Alan McCloskey Owner / Managing Editor OCModShop.com Manage your OCModShop subscriptions (and browse previous newsletters) at http://www.ocmsmedia.com/newsletters/user-login.aspx

Hello Technology News Community, I4U NEWS reviews the Microsoft Wireless Laser Desktop 7000. Quote from the review: "Today we are looking at the latest wireless mouse and keyboard desktop set from Microsoft. The set is called the Microsoft Wireless Laser Desktop 7000 and features an Aero-esq design. Setting up the Microsoft Wireless Laser Desktop 7000 is dead easy. All you need to do is plug the transceiver in and you are ready to work in a few minutes. The proprietary 2.4GHz technology used by Microsoft claims to frequency hop when it encounters interference and seems to work well. It seems to work well since I had no issues with interference in my testing despite a variety of Bluetooth devices and other wireless items in my home." Full Review: http://www.i4u.com/full-review-415.html Photo: http://www.i4u.com/images/2007/wld7000-stock.jpg Homepage Link: http://www.i4u.com We would very much appreciate if you post this news story/review on your site. As always I4U News is open to cross-post your technology stories. Please visit http://www.i4u.com for more stories. As long as you provide credits and links to the original story on I4U News we appreciate any cross-posting of our content. If you don't want to receive review and news submissions from I4U News please just reply to this email indicating that or use the unsubscribe link below. We appreciate giving us a chance to inform you about our latest reviews and please apologize if this email reaches you in error or does not meet your interest. best regards, Chief Editor Luigi Lugmayr :: I4U Technology News Network :: http://www.i4u.com - Technology News http://shop.i4u.com - I4U Shop http://pricewatch.i4u.com - Shopping Guide http://www.wristdreams.com - Technology Wrist Watches :::

CentOS Errata and Security Advisory 2008:0145 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0145.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: fca41f49990a66f30601ace55e8f73f4 ImageMagick-6.2.8.0-4.el5_1.1.i386.rpm 0b1ad3ce7c8706bfafbdc0ec1ef71b79 ImageMagick-c++-6.2.8.0-4.el5_1.1.i386.rpm 6f9b1d9b941e6d8b9bd2558f4fe673bc ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.i386.rpm 57ed0d774c06405108ff75a4cc258f03 ImageMagick-devel-6.2.8.0-4.el5_1.1.i386.rpm 5d914a08ec603ff2629f9f02b6654fb7 ImageMagick-perl-6.2.8.0-4.el5_1.1.i386.rpm Source: 9f5d1eed9f493eb17363090ad544d7e6 ImageMagick-6.2.8.0-4.el5_1.1.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos ( -at -) irc.freenode.net _______________________________________________

CentOS Errata and Security Advisory 2008:0145 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0145.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: d82c3662434acc95ed0cfbfe42ae9887 ImageMagick-6.2.8.0-4.el5_1.1.i386.rpm 08413b7f9a634f6448d002ffeb639b2c ImageMagick-6.2.8.0-4.el5_1.1.x86_64.rpm 156dad9d5c72b555fd2c02ed6e2a94b1 ImageMagick-c++-6.2.8.0-4.el5_1.1.i386.rpm 8ccb37d78898684f14b477e120dd1134 ImageMagick-c++-6.2.8.0-4.el5_1.1.x86_64.rpm 48c422f81a075d0538d03e311a8cd916 ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.i386.rpm f1c11210aea0da12a85555b49c744f45 ImageMagick-c++-devel-6.2.8.0-4.el5_1.1.x86_64.rpm f10fb6cd1bda524fb417c74aef54aa05 ImageMagick-devel-6.2.8.0-4.el5_1.1.i386.rpm b573917ea73c5f5d24d7f87e92dd48a8 ImageMagick-devel-6.2.8.0-4.el5_1.1.x86_64.rpm de1af9f00d9048fed30926103f53d496 ImageMagick-perl-6.2.8.0-4.el5_1.1.x86_64.rpm Source: 9f5d1eed9f493eb17363090ad544d7e6 ImageMagick-6.2.8.0-4.el5_1.1.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos ( -at -) irc.freenode.net _______________________________________________

CentOS Errata and Security Advisory 2008:0214 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0214.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: bfee2c109e6896412f1b2560c7686265 squid-2.6.STABLE6-5.el5_1.3.x86_64.rpm Source: ea148aa566e59e13f2c794e5e2ee5094 squid-2.6.STABLE6-5.el5_1.3.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos ( -at -) irc.freenode.net _______________________________________________

CentOS Errata and Security Advisory 2008:0214 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0214.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: c1820c119ac1ee05bfd51800b7e9dfa5 squid-2.6.STABLE6-5.el5_1.3.i386.rpm Source: ea148aa566e59e13f2c794e5e2ee5094 squid-2.6.STABLE6-5.el5_1.3.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos ( -at -) irc.freenode.net _______________________________________________

CentOS Errata and Bugfix Advisory 2008:8237 Upstream details at : https://rhn.redhat.com/errata/RHBA-2008-8237.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 5bb0a597162bc7a12308e0ddba4e2025 sos-1.7-9.2.el5.noarch.rpm Source: 831797f6a69a2127d70f04ac01e12e5c sos-1.7-9.2.el5.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos ( -at -) irc.freenode.net _______________________________________________

CentOS Errata and Bugfix Advisory 2008:8237 Upstream details at : https://rhn.redhat.com/errata/RHBA-2008-8237.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: ee9b6163ee4e6e0766ddd6fd4317c3eb sos-1.7-9.2.el5.noarch.rpm Source: 831797f6a69a2127d70f04ac01e12e5c sos-1.7-9.2.el5.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos ( -at -) irc.freenode.net _______________________________________________

Hi, It's Kristofer from DragonSteelMods, and I have a new review today that I think your readers might find interesting. Title: ATT Tilt Review : Sort of... ( -at -) DragonSteelMods Review Link: http://www.dragonsteelmods.com/index.php?option=com_content&task=view&id=7170&Itemid=38 Review Snipit: "So I've got the Tilt for review today, but then I really don't have the Tilt for review today. When I first got the Tilt I quickly realized that it wasn't quite what I expected and it was a bit plain honestly, after doing quite a bit of research I found that AT&T pretty much stripped all of the great features out of the phone when they got their hands on it, and of course like any good company, added all sorts of bloatware onto it. So I took matters into my own hands and wiped it clean, added quite a few things back to it and now I've got the phone that I wanted in the first place. So that's what I'm taking a look at today... " Review Picture(200x150): http://www.dragonsteelmods.com/Images/reviews2/atttilt/tiltthumb.JPG Main site link: http://www.dragonsteelmods.com A post in your news would be greatly appreciated. Any and all news sent to me will be posted! If you would like to be added to our 'News Feeds' page please feel free to send me your http link to the feed and I will gladly add it ASAP. If you'd like to swap links for affiliation, I'd be happy to, just drop me a message...

The Ubuntu team is pleased to announce the Release Candidate for Ubuntu 8.04 LTS (Long-Term Support) on desktop and server. Codenamed "Hardy Heron", 8.04 LTS continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. We consider this release candidate to be complete, stable, and suitable for testing by any user. Ubuntu 8.04 LTS Desktop Edition features incremental improvements to familiar applications, with an emphasis on stability for this second Ubuntu long-term support release, and is easier than ever to try out with the new Wubi installer. Ubuntu 8.04 LTS Server Edition follows in the footsteps of Ubuntu 7.10 with even more virtualization support and security enhancements - enabling AppArmor for more applications by default, improving protection of kernel memory against attacks, and supporting KVM and iSCSI technologies out of the box. The Ubuntu 8.04 LTS family of variants, Kubuntu, Xubuntu, UbuntuStudio, and Mythbuntu, also reach RC status today. The final release of Ubuntu 8.04 LTS is scheduled for 24 April 2008 and will be supported for three years on the desktop and five years on the server. Before installing or upgrading to Ubuntu 8.04 LTS please read http://www.ubuntu.com/getubuntu/releasenotes/804 About The Release Candidate --------------------------- The purpose of the Release Candidate is to solicit one last round of testing before the final release. Here are ways that you can help: * Upgrade from Ubuntu, Kubuntu, or Edubuntu 7.10 to the Release Candidate by following the instructions given above. * Participate in installation testing using the Release Candidate CD images, by following the testing and reporting instructions at http://wiki.ubuntu.com/Testing/ISO Desktop features ---------------- Improved application selection: the GNOME desktop sports a number of improvements to the default applications, including more feature-full clients for BitTorrent and VNC, as well as an advanced UI for mastering CDs and DVDs. File browsing: an enhanced filesystem layer brings greater performance and flexibility to Nautilus, the GNOME file browser. Pluggable audio and video output: the PulseAudio sound server is integrated in the GNOME desktop for more flexible sound output, and a new Screen Resolution utility allows easier configuration of multiple video displays. Wubi installer: a new Windows-based installer option makes it easier than ever to try out Ubuntu, letting users install a full desktop on Windows systems without needing to partition their hard drive. Server features --------------- AppArmor profiles: a greater number of server applications are now protected by default with AppArmor, a kernel technology that limits the resources an application is allowed to access, providing added protection against undiscovered security vulnerabilities. Memory protection: additional protection now prevents direct access to system memory through /dev/mem and /dev/kmem, and the lower 64K of system memory is no longer addressable by default, changes which help to defend against malicious code. The kernel now also loads Position Independent Executables at randomized addresses, making it harder for application security vulnerabilities to be exploited. Virtualization and iSCSI: KVM is now an officially maintained option, which combined with libvirt (CLI) and virt-manager (GUI) management tools allows for a simple and efficient virtualization option on hardware that supports virtualization extensions (AMD-V or Intel-VT). Mounting iSCSI targets is now supported (including in the installer), allowing Ubuntu to interoperate with this class of cost-efficient Storage Area Network solutions. Ubuntu Education Edition ------------------------ Add-on configuration: Edubuntu is now provided as an add-on to Ubuntu rather than a separate stand-alone flavor, permitting even greater reuse of Ubuntu technologies. Kubuntu features ---------------- Kubuntu comes with the rock solid KDE 3 for those who want a commercially supported desktop. For those who want something more exciting, a KDE 4 Remix is available bringing this cutting edge new version to you first. Please see https://wiki.kubuntu.org/HardyHeron/RC/Kubuntu for details. Xubuntu features ---------------- Xubuntu comes with the light-weight Xfce 4.4.2 desktop environment for those who want to a desktop that is easy to use, but places particular emphasis on conserving system resources. New additions to the family --------------------------- Two new variants join us for this Ubuntu release. UbuntuStudio and Mythbuntu have done releases separately in the past, and with Hardy Heron we're happy to be able to welcome these fine community projects into the main Ubuntu release process. For a more in-depth tour of the features new in 8.04 LTS, see http://www.ubuntu.com/testing/804rc About Ubuntu ------------ Ubuntu is a full-featured Linux distribution for desktops, laptops, and servers, with a fast and easy install and regular releases. A tightly-integrated selection of excellent applications is included, and an incredible variety of add-on software is just a few clicks away. Professional technical support is available from Canonical Limited and hundreds of other companies around the world. For more information about support, visit http://www.ubuntu.com/support To Get the Ubuntu 8.04 LTS Release Candidate CD ----------------------------------------------- To perform a new installation or try out 8.04 LTS "live" from CD, download the Ubuntu 8.04 LTS Release Candidate (choose the mirror closest to you): Europe: http://ftp.belnet.be/mirror/ubuntu.com/releases/8.04 (Belgium) http://ubuntu.linux-bg.org/releases/8.04 (Bulgaria) http://hr.releases.ubuntu.com/8.04 (Croatia) http://mirror.u-soft.dk/ubuntu-releases/8.04 (Denmark) http://ftp.crihan.fr/releases/8.04 (France) http://gb.releases.ubuntu.com/8.04 (Great Britain) http://ftp.ntua.gr/pub/linux/ubuntu-releases/8.04 (Greece) http://ie.releases.ubuntu.com/8.04 (Ireland) http://it.releases.ubuntu.com/8.04 (Italy) http://nl.releases.ubuntu.com/8.04 (The Netherlands) http://ftp.snt.utwente.nl/pub/linux/ubuntu-releases/8.04 (The Netherlands) http://no.releases.ubuntu.com/8.04 (Norway) http://neacm.fe.up.pt/pub/ubuntu-releases/8.04 (Portugal) http://es.releases.ubuntu.com/8.04 (Spain) http://se.releases.ubuntu.com/8.04 (Sweden) Asia/Pacific: http://tw.releases.ubuntu.com/8.04 (Taiwan) http://ubuntu-releases.optus.net/8.04 (Australia) http://nz.releases.ubuntu.com/8.04 (New Zealand) Africa: http://za.releases.ubuntu.com/8.04 (South Africa) North America: http://us.releases.ubuntu.com/8.04 (United States) South America: http://br.releases.ubuntu.com/8.04 (Brazil) Rest of the world: http://releases.ubuntu.com/8.04 (Great Britain) Please download using Bittorrent if possible. See https://help.ubuntu.com/community/BitTorrent for more information about using Bittorrent. Upgrading from Ubuntu 7.10 and Ubuntu 6.06 LTS ---------------------------------------------- To upgrade to Ubuntu 8.04 LTS Release Candidate from Ubuntu 7.10 or Ubuntu 6.06 LTS, follow these instructions: https://help.ubuntu.com/community/HardyUpgrades Feedback and Helping -------------------- If you would like to help shape Ubuntu, take a look at the list of ways you can participate at http://www.ubuntu.com/community/participate/ Your comments, bug reports, patches, and suggestions will help turn this release into the best release of Ubuntu ever. Please report bugs through the Launchpad bug tracker: https://bugs.launchpad.net/ubuntu/+bugs If you have a question, or if you think you may have found a bug but aren't sure, first try asking on the #ubuntu IRC channel on FreeNode,

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PowerDNS Recursor: DNS Cache Poisoning Date: April 18, 2008 Bugs: #215567 ID: 200804-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Use of insufficient randomness in PowerDNS Recursor might lead to DNS cache poisoning. Background ========== The PowerDNS Recursor is an advanced recursing nameserver. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/pdns-recursor < 3.1.5 >= 3.1.5 Description =========== Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers. Impact ====== A remote attacker could send malicious answers to insert arbitrary DNS data into the cache. These attacks would in turn help an attacker to perform man-in-the-middle and site impersonation attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All PowerDNS Recursor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/pdns-recursor-3.1.5" References ========== [ 1 ] CVE-2008-1637 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1637 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-22.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security ( -at -) gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

At Phoronix we have posted a new article. A link to this from your site's news section would be greatly appreciated. Title: Phoronix Test Suite 0.3.0 Released ( -at -) Phoronix Direct Link: http://www.phoronix.com/vr.php?view=12237 Summary: "Less than two weeks ago Phoronix Test Suite 0.2.0 was released, which featured a number of profile updates, improved Linux hardware detection, and incorporating other feedback voiced by the initial users of this Linux benchmarking suite. Last Saturday version 0.2.1 was then released with initial support for PTS External Dependencies, a GLMark profile, GtkPerf profile, FRAC Benchmark profile, and other fixes. Continuing in an expedited development process, Phoronix Test Suite 0.3.0 has been released this morning with a number of major changes, including new test profiles and architectural improvements." Please feel free to contact us with any questions or comments you may

Dear Editors, we just posted a new article. A post in your news section would be appreciated. Title: NVIDIA 9600 GT Voltmodding Article Brief: NVIDIA's Geforce 9600 GT is quite an exceptional midrange card that offers excellent overclocking potential. Since the cards run at a relatively low voltage there is some extra overclocking waiting to be unleashed by raising the card's voltages. The GPU voltage mod we present in this article uses a new method which will not be affected by the card's overvoltage protection. Also we describe an easy to do modification to increase the memory voltage. Link: http://www.techpowerup.com/articles//overclocking/vidcard/150

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: April 18, 2008 Bugs: #204344 ID: 200804-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been identified, the worst of which allow arbitrary code execution on a user's system via a malicious Flash file. Background ========== The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-www/netscape-flash < 9.0.124.0 >= 9.0.124.0 Description =========== Multiple vulnerabilities have been discovered in Adobe Flash: * Secunia Research and Zero Day Initiative reported a boundary error related to DeclareFunction2 Actionscript tags in SWF files (CVE-2007-6019). * The ISS X-Force and the Zero Day Initiative reported an unspecified input validation error that might lead to a buffer overflow (CVE-2007-0071). * Microsoft, UBsecure and JPCERT/CC reported that cross-domain policy files are not checked before sending HTTP headers to another domain (CVE-2008-1654) and that it does not sufficiently restrict the interpretation and usage of cross-domain policy files (CVE-2007-6243). * The Stanford University and Ernst and Young's Advanced Security Center reported that Flash does not pin DNS hostnames to a single IP addresses, allowing for DNS rebinding attacks (CVE-2007-5275, CVE-2008-1655). * The Google Security Team and Minded Security Multiple reported multiple cross-site scripting vulnerabilities when passing input to Flash functions (CVE-2007-6637). Impact ====== A remote attacker could entice a user to open a specially crafted file (usually in a web browser), possibly leading to the execution of arbitrary code with the privileges of the user running the Adobe Flash Player. The attacker could also cause a user's machine to send HTTP requests to other hosts, establish TCP sessions with arbitrary hosts, bypass the security sandbox model, or conduct Cross-Site Scripting and Cross-Site Request Forgery attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-www/netscape-flash-9.0.124.0" References ========== [ 1 ] CVE-2007-0071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071 [ 2 ] CVE-2007-5275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275 [ 3 ] CVE-2007-6019 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019 [ 4 ] CVE-2007-6243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243 [ 5 ] CVE-2007-6637 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637 [ 6 ] CVE-2008-1654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654 [ 7 ] CVE-2008-1655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-21.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security ( -at -) gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

The Intel Core 2 Quad Q9300 processor is the entry level 45nm quad-core processor from Intel, but that doesn't mean it doesn't perform well! This 45nm quad-core 'Yorkfield' processor is operates at 2.50 GHz with a 1333MHz FSB and 6MB L2 cache. The Intel Core 2 Quad Q9300 processor should be a decent overclocker as it has a 7.5 multiplier. Just how high can you get the FSB is the question as the multiplier is a bit low to reach much higher than 4GHz. Quote: "Intel has a winner on their hands with the Core 2 Quad Q9300 processor. At $285.99 shipped to your door it is priced higher than any AMD Phenom quad-core processor, but rightly so as our benchmarking showed it out performing Phenom in every benchmark except memory bandwidth. Not too shabby for the entry level 45nm quad-core processor! Our top overclock was over 1GHz higher than the stock frequency and that pushed the final clock frequency to 3.5GHz!" Article Title: Intel Core 2 Quad 9300 Processor Review ( -at -) Legit Reviews Article URL: http://www.legitreviews.com/article/695/1/ --

While many people might not have heard of HuntKey before, they are currently the largest Chinese switching PSU manufacturer. They design and produce almost every kind of switching power supply currently available, including PC power supplies. Although they are not well known in the US and EU markets yet, their units have slowly been finding their way to store shelves. Today we will take a look at the HK650, a unit HuntKey designed for enthusiasts who want a powerful, yet inexpensive PSU. We will soon see if it's worthy of your time and, most importantly, money. http://www.driverheaven.net/reviews.php?reviewid=554 ______________________________ Driver Heaven News Mailing

Greetings, Overclockers Online has posted a new review. A news post would be greatly appreciated. Title: PowerColor AX3650 512MD2 at Overclockers Online Link: http://www.overclockersonline.net/?page=articles&num=1692 Quote: It has been quite some time since I have taken an entry level gaming card for a spin and PowerColor's AX3650 512MD2 has really surprised me. While you can't expect outrageous performance from a $70 card, you get pretty good gaming performance and a load of features to go with it. Overall great value. Thanks for the post. Best regards, Simon _______________________________________________

Hi all, We have just published an early look at *MSI's P45 Platinum and K9N2 Diamond* motherboards - if you could post a link on your site that would be very much appreciated. *Link:* http://www.bit-tech.net/hardware/2008/04/18/early_look_msi_p45_and_nforce_780a_mobos/1 *Picture:* http://images.bit-tech.net/content_images/2008/04/early_look_msi_p45_and_nforce_780a_mobos/fp_img.jpg *Quote: */"During my recent trip to China and Taiwan, I not only spent time with Intel's executives at the Intel Developer Forum in Shanghai, but also visited several manufacturers in Taiwan on the second leg of my trip. We've already had brief looks at what Cooler Master, Lian Li and Gigabyte have in the pipeline. Today it's time to look at two soon-to-be-released motherboards from MSI, the P45 Platinum and the K9A2 Diamond. It will come as no surprise that the former is based on Intel's up and coming P45 chipset, while the latter is based on Nvidia's nForce 780a SLI chipset, whose release is imminent. Before we get onto that board though, let's have a look at the P45 Platinum."/ * *Cheers guys! Tim Smalley www.bit-tech.net

Everything USB is pleased to announce our Logitech Z Cinema SRS TruSurround HD USB Speakers Review Everyone knows that nothing can beat the quality of sound that you get from a 5.1 surround system. Unfortunately with the aural bliss comes the headache of cable clutter and space constraints when trying to find a place to put those rear speakers. While the cable clutter is something that everyone can and usually does live with, the lack of space for rear speakers isn't. Featuring SRS TruSurround HD, the Logitech Z Cinema offers surround sound in a 2.1 speaker configuration. Full review in the link. http://www.everythingusb.com/logitech-z-cinema-advanced-surround-sound-speakers-14583.html Verdict: The Logitech Z Cinema is an excellent option when surround sound is desired but space is not available. While sound quality is exceptional, true audiophiles will find the Z Cinema inadequate to appease their appetites for a full surround system. Pros: + Excellent audio clarity + Surround sound with only 2 Speakers + Stylish design + MCE-compliant remote control bundled + 3.5mm headphone and line-in jacks Cons: - Somewhat pricey - Bulky - Virtual surround available only on PC - Lack of high volume - Remote not backlit - Requires Windows XP MCE or better Regards, Ian Chiu Managing Editor, Everything USB http://www.everythingusb.com/

About: ------ Tinymail is a library for developing mobile applications with E-mail functionality. The framework provides components that aid the developer with the user interface but of course also with the connectivity and the caching of messages. Release highlights: o. Changed the TnyHeader API to return string duplicates o. A lot of major and minor bugfixes o. Deprecated all the synchronous API that has asynchronous API For more information: http://tinymail.org Known E-mail clients using Tinymail: ------------------------------------ Modest (under development, betas are being released): http://modest.garage.maemo.org/ TMut (released software): http://tinymail.org/trac/tmut Let me know if you started a project and want to be in these release notes with it. Demos: ------ http://tinymail.org/demos.html Availability: ------------- Branch in the Subversion repository: https://svn.tinymail.org/svn/tinymail/releases/v1.0/pre-releases/v0.0.9 Trunk in the Subversion repository: https://svn.tinymail.org/svn/tinymail/trunk/ Online API documentation of this pre-release: http://tinymail.org/API/pre-releases/libtinymail-0.0.9 Tarball: http://tinymail.org/files/releases/pre-releases/v0.0.9/libtinymail-0.0.9.tar.gz http://tinymail.org/files/releases/pre-releases/v0.0.9/libtinymail-0.0.9.tar.bz2 MD5SUMS: http://tinymail.org/files/releases/pre-releases/v0.0.9/MD5SUMS 674db3cb4750ba0a3e90aa95ec28bcc7 libtinymail-0.0.9.tar.bz2 8570c8140b07e03a5a6226e786e3094c libtinymail-0.0.9.tar.gz Packages (usually older versions of Tinymail): Ubuntu Gutsy: http://packages.ubuntu.com/gutsy/mail/libtinymail-1.0-0 OpenEmbedded: http://www.openembedded.org/filebrowser/org.openembedded.dev/packages/tinymail Maemo: http://modest.garage.maemo.org/repos/dists/chinook/mail/binary-armel/ http://modest.garage.maemo.org/repos/modest-chinook.install Changes since pre-release 0.0.8: -------------------------------- The pre-release 0.0.8 can be found here: http://tinymail.org/files/releases/pre-releases/v0.0.8 Philip Van Hoof : *Removed unnecessary old code rot in TnyCamelSendQueue that might cause a deathlock *Decprecated tny_send_queue_add, use tny_send_queue_add_async *Corrections to reference handling for TnyCamelSendQueue *Removed a tny_folder_get_headers (deprecated API) *Fixed alerts when get-msg-async takes place to have their account not set to NULL *Moved the POP's get-msg-qasync queue to its normal interactive queue *Various bugfixes *Weak referenced folders in the folder-factor methods *Handling uncaching the password during account finalization *mlock-ing the password memory of accounts *Uncaching of the folder-list in case of tree-changing operations *Experimentally nuked the caching of services ... *Fixed a bug in case LIST and LSUB are not in agreement *Marking certain symbols as deprecated *Fixed a glitch in Jose Dapena Paz's patch of yesterday *Added API documentation about cancelling *Bugfix in folder listing *Refcount problem in async contexts *Fixing the actual problem, too *Merged patch for upstream camel-lite bug #257361 *Bugfix for ticket #76 *Added some robustness code *Added a name file, just like the url_string file, to each account *Moved the sendqueue's outbox and sentbox under a sendqueue subdir *Storing certificate fingerprints in cache_dir *Writing a file called url_string in the account's cache dir, to make it more easy for searchers and meta indexers to identify this account *Status reporting fix for POP accounts *Merging with camel upstream *Creating the POP account's cache dir when/if removed *Cleaning up cache when canceling a POP message download *Support for Importance header *Fixed several problems like documentation problems in Jose's patch *Review of Jose's patch *Fixed several insignificant smaller robustness problems *Fixed a major leak *Fixed a regression due to a performance fix when moving and renaming Maildir folders *Replaced a GByteArray with a EByteArray *Rewrote tny_camel_folder_remove_msgs_default *Added tny_folder_remove_msgs_async *Death-lock bugfix when canceling the sendqueue *This was a minor API change *Implementation of a connect() that will timeout within 15 seconds for the non-SSL connection types. Experimental. *Fast message moves when source and dest folder are both Maildir *Bugfix when sending large E-mails to GMail's SMTP service *When a large mail is being sent, it takes a long time to move it from Outbox to Sentbox. If during that time a flush() is requested on the TnySendQueue, then it's possible that the message gets send twice. To avoid this, we mark the message as TNY_HEADER_FLAG_ANSWERED *Made tny_folder_transfer_msgs_async cancellable *Added extra insurance that an INBOX folder will be present *IMAP provider: bugfix when asking for a list of folders that has no subfolders, on Cyrus. *Experimental improvement in locking *Introduction of TnySeekable *This is experimental *Experimental improvement in locking in the POP3 provider *Bugfix when canceling POP summary retrieval *Check-for-duplicates in TnyFolderObserver and TnyFolderMonitor *Introduction of tny_gtk_header_list_model_set_no_duplicates *Introduction of tny_gtk_header_list_model_get_no_duplicates for completeness of language bindings who'll make getters/setters from this. *This was a minor API change *Leave on disk, MIME parsing. Highly experimental *Smaller bug fixes in the build *filename= encoding fixes *Fixes in the POP code for POP servers that return invalid CAPA responses (like pop.sina.com) *Experimental reduction of libraries (camel-lite merged with camel-lite-providers) *Non-initialization of a variable caused memory corruption on the stack * Fixed race condition in case re-selecting the same folder * Attempt at making mime parsing use the seekable capability of streams in stead of copying them in memory. This is experimental! José Dapena Paz : *libtinymail-camel/tny-camel-mime-part.c (tny_camel_get_decoded_stream_default): now we detect errors getting the decoded stream from camel. *libtinymail-gnomevfs/tny-vfs-stream.c (tny_vfs_stream_read): return -1 if there was an error reading from the vfs stream. *Added libtinymail-camel/camel-lite/camel/camel-certdb-cst.c. Implementation of certificates database using maemo libcst. This makes you can manage certificates using the maemo tablet certificate manager. *libtinymail-camel/camel-lite/camel/camel-certdb.h, libtinymail-camel/camel-lite/camel/camel-private.h: modified to have a pointer to the CST object in certdb and certificate id in certificate object in case we compile with CST support. *libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c: Modified a bit the code for proper integration with cst (mainly removing direct access to internal fields). *libtinymail-camel/camel-lite/configure.ac, libtinymail-camel/camel-lite/camel/Makefile.am: Added support for detection and configuration of libcst. *libtinymail-camel/tny-camel-account.c: (tny_camel_account_set_pass_func_default) reactivate the account always, even when we're setting the same pass func again. *Replace old tny_header_get_ api for strings with tny_header_dup_ api. This should be a bit better for being thread safe. Also modified code using this. The goal is being able to do the string copy in a lock. *Now moving a folder copies all the cached messages, but not the summaries, to avoid crashes trying to reuse the old summary. *Respect better the attachment flag headers also in POP (equivalent to previous change in imap. *libtinymail-camel/camel-lite/camel/providers/imap/camel-imap-folder.c (message_from_data): don't free the message before evaluating headers. Also take into account the case we get ms has attachments but we don't have priority flag, for avoiding using heuristics. *libtinymail-gnome-desktop/tny-gnome-device.c: (tny_gnome_device_is_online) if we try to get the network state and find that the network manager context is invalid, we shutdown it AND after this we nullify the context reference. *libtinymail-camel/tny-camel-folder.c: Now poke_status only tries to do the job if folder is connected/active. Should prevent getting lots of attempts to connect in queue that have to be finished later. *tests/c-demo/tny-demoui-summary-view.c: Added a simple syntax to provide different parent folders in rename/copy operation. Now you can provide paths as "/newfolder", "../another-parent/folder", etc. *libtinymail-camel/camel-lite/camel/providers/imap/camel-imap-store.c: (connect_to_server): we don't abort connection attempt if we get LOGINDISABLED but we have secure auth methods in capabilities. *libtinymail-camel/tny-camel-mime-part.c: Now, when we get the parts of a mime part that's a message, we check if any part has an attachment content disposition, and update the attachments flag properly. *Moved bodystructure parser to camel, so that we can use it there. *libtinymail-camel/camel-lite/bs/bodystruct.c: Added missing if, to avoid fetching the header badly (and causing coredumps) for bodystructure strings not including BODYSTRUCTURE prefix. Alberto Garcia Gonzalez : *libtinymail-gnomevfs/tny-vfs-stream.c: (tny_vfs_reset): Set priv->position to 0 after a successful reset *Reverted the "Leave on disk, MIME parsing" patch, as it's causing serious problems. *tinymail/libtinymail-camel/tny-camel-mem-stream.h *tinymail/libtinymail-camel/tny-camel-mem-stream.c: Added tny_camel_mem_stream_new_with_buffer() *debian/libtinymail-camel-1.0-0.install *debian/libtinymail-camel-1.0-0-dev.install: Install libcamel-lite *debian/libtinymail-camel-1.0-0.install *debian/libtinymail-camel-1.0-0-dev.install: Removed obsolete libraries Sergio Villar Senin : * libtinymail-camel/tny-camel-common.c (_string_to_camel_inet_addr): fixes an small memory issue when the email address starts with an "

Today we look at the ASUS P5E3 Premium WIFI Ap ( -at -) n. SNIP: Today we at Bjorn3D plan to help you procrastinators out there by providing some useful facts that will help with your decision making dilemma. We will be reviewing the ASUS's top of the line X48 based P5E3 Premium WIFI-AP ( -at -) n motherboard. We plan to take this review to a new limit by testing the board with both the Intel® Q6600, 65nm processor and the Intel's new X3350 Xeon 45nm Quad core processor which is said to mimic the long awaited, forthcoming 9450 processor in all respects. We will also test the board using the 64 bit version of Vista using both 2GB of high-speed DDR3 as well as 4GB of lower latency DDR3. While this presentation is first and foremost a motherboard review we hope to assist as well in providing data to help you purchase the right accessories to make it shine. http://www.bjorn3d.com/read.php?cID=1263 A post on your site would be great if you can. Thank you, Scott -----------------------------------------

Hi, bugfix release heads up ! What is Glade ? =============== Glade is a RAD tool to enable quick & easy development of user interfaces for the Gtk+ toolkit and the GNOME desktop environment. The user interfaces designed in Glade are stored in XML format, enabling easy integration with external tools. In particular libglade can load the XML files and create the interfaces at runtime. The DTD for the XML files is included with libglade, and is also at http://glade.gnome.org/glade-2.0.dtd. Other tools are available which can turn the XML files into source code in languages such as C++, Perl and Python. =========== Glade 3.4.4 =========== - Now first toplevel in project automatically shows up in the workspace - Project no longer allows duplicate widget names - Fixed bugs 528511, and 528552. New and updated translations ============================ - Laurent Dhima (sq) - Baris Cicek (tr) - Alexander Shopov (bg) - Kenneth Nielsen (da) - Jorge Gonzalez (es) - Philip Withnall (en_GB) - Ani Peter (ml) - Leonardo Ferreira Fontenelle (pt_BR) - Rajesh Ranjan (hi) Where can I get it ? ==================== http://download.gnome.org/sources/glade3/3.4/ For more information consult our home page at http://glade.gnome.org/ Enjoy, - The Glade team _______________________________________________

Hi all, We have just published a review of Asus Eee PC 900 - if you could post a link on your site that would be very much appreciated.* Link: http://www.bit-tech.net/hardware/2008/04/18/asus_eee_pc_900/1 **Picture: http://images.bit-tech.net/content_images/2008/04/asus_eee_pc_900/s03.jpg *Quote: The Eee PC 900 is an exciting little laptop on the surface but, when you break it down to the basics, it isn’t all that dissimilar to the original Eee PC... ...if you haven’t got an Eee and you’re in the market then this is definitely the cream of the crop right now and if you’re looking for a new ‘netbook’ then we can’t recommend the Eee PC 900 enough. Cheers guys! Tim Smalley www.bit-tech.net