Linux News for Jul 18, 2001
Red Hat Security Advisory: Updated openssl packages available (Jul 18, 2001, 22:52)
"Versions of OpenSSL prior to 0.9.6a suffer from potential
security problems. These include potential leakage of information
after SSL version 3 key exchanges, imperfect distribution of random
numbers used when generating signatures, honoring of sensitive
environment variables in library functions in setuid or setgid
applications, and not taking precautions to counter effects of
potential hardware glitches when generating digital signatures. A
flaw has also been found in the pseudo-random number generator used
in versions of OpenSSL prior to 0.9.6b. The OpenSSL Project Team
has released a patch which corrects this problem."
Kernel Cousin Debian Hurd #99 by Paul Emsley (Jul 18, 2001, 21:57)
Highlights from the Debian-Hurd development mailing lists for
the previous week.
AllLinuxDevices: Empower Technologies Releases Linux for Palm III's (Jul 18, 2001, 21:01)
"Empower Technologies becomes the first and only corporation
within the consumer electronics industry to replace the Palm O/S,
providing Palm handheld users and other PDA manufacturers with an
DukeOfURL: Yellow Dog Linux 2.0 Review (Jul 18, 2001, 19:46)
From a performance point of view, Yellow Dog Linux may be the OS
of choice for Mac hardware according to this review, which says OS
X still lags in that area. The review also notes a superior
installation when compared to LinuxPPC.
CNN.com: Linux lends a hand to Sun engineers (Jul 18, 2001, 18:50)
Linux forms the foundation of a handheld designed and produced
by Sun. It will be used by field engineers, includes wireless
communications, and utilizes a Java VM. No WinCE, the article
mentions, for ideological and performance reasons.
Slashdot: Why Linux Won't Ever Be Mainstream (Jul 18, 2001, 16:36)
Using his experiences in search of a driver for a USB scanner,
CmdrTaco says trolls, flamers, and general childishness on the part
of bad advocates will dash Linux's hopes for mainstream success as
they alienate the manufacturers Linux will need for thorough device
LinuxProgramming: Guido van Rossum: RELEASED: Python 2.2a1
(Jul 18, 2001, 15:40)
"Are you worried that Python 2.2 will break all your old Python
code? Don't be! Help us make Python 2.2 as compatible and stable as
any release before it. I've released the first alpha release,
Python 2.2a1, for your perusal."
Advogato: Vidomi GPL violation case resolved (Jul 18, 2001, 14:20)
Andy Tai reports that a successful resolution of the Vidomi GPL
issue has been reached, with the FSF approving of a split of the
software. A link to Eben Moglen's opinion, which settled the issue,
and will likely be the most interesting to readers curious about
how GPL issues are settled "in the wild" may be found within.
Linux 2.4.7-pre7 Released (Jul 18, 2001, 08:09)
Linux 2.4.7-pre7 is out. Changelog within.
Kernel Cousin KDE #17 by Aaron J. Seigo (Jul 18, 2001, 07:58)
KDE is a powerful Open Source graphical desktop environment for
Unix workstations. It combines ease of use, contemporary
functionality, and outstanding graphical design with the
technological superiority of the Unix operating system.
LinuxPR: Clara OCR - powerful free/open-source OCR program
(Jul 18, 2001, 07:17)
"Clara OCR is an Optical Character Recognition (OCR) program. It
features both a powerful GUI for the X Window System, and a web
interface. The web interface is able to collect revision efforts
from the Internet, using a simple revision model."
Apache Today: ApacheCon 2001 Europe cancelled (Jul 18, 2001, 01:55)
The Apache Software Foundation is exploring options for future
DukeOfURL: EnGarde Secure Linux 1.0.1 (Jul 18, 2001, 01:41)
A positive review is one that calls its two complaints "nits,"
and that's what gets delivered by the DukeOfURL here in its look at
EnGarde Secure Linux, an e-commerce oriented distribution that's
been picking up positive evaluations from a number of reviewers
Caldera Security Advisory: docview (Jul 18, 2001, 00:15)
"Docview is a set of CGI scripts providing documentation over
http. A argument validation problem in one of the CGI scripts made
it possible for a local attacker to gain access to the 'httpd'
Caldera Security Advisory: imp uses /tmp unsafely (Jul 18, 2001, 00:15)
"Horde and Imp use /tmp in an unsafe manner, allowing local
users to gain access to the webserver (httpd) account. They also do
not protect internal data files from being viewed by local or
remote attackers. The updates packages fix the /tmp problems, add
restrictions on what files can be viewed and also disables it by