Language Selection

English French German Italian Portuguese Spanish

Security Flaws Found in Mplayer and Elm

Filed under
Security

Two serious security flaws have turned up in software widely distributed with Linux and Unix. The bugs affect Electronic Mail for Unix (Elm), a venerable e-mail client still used by many Linux and Unix systems administrators, and Mplayer, a cross-platform movie player that is one of the most popular of its kind on Linux.

The Elm flaw involves a boundary error when the client reads an e-mail's "Expires" header. A specially crafted e-mail could exploit the bug to cause a buffer overflow and execute malicious code on a system, according to security researchers.

The bug in Mplayer is the latest media-player bug to plague systems administrators. Widely used desktop applications such as media players are more difficult to patch than server-side bugs, because there are many times more copies in use, often without the knowledge of IT managers.

The flaw affects Mplayer versions 1.0pre7 and earlier and hasn't been patched, according to an advisory from FrSIRT.

Full Story.

More in Tux Machines

Nouveau On Oibaf PPA Is Back To Running Well

Upstream Nouveau was unaware of this issue that was affecting my entire assortment of NVIDIA GeForce hardware so it was then quickly assumed to be an issue with the Oibaf PPA that constantly is packaging the latest open-source Linux GPU drivers. On top of mainline Mesa Git, recently there's been the the Gallium3D Direct3D 9 patches (Gallium-Nine). While none of my testing was relying upon the Gallium-Nine D3D9 support, it was wreaking havoc on the system anyhow. As of earlier today some patches were backed out of the Oibaf PPA and since getting back closer to Mesa mainline the Nouveau problems are a matter of the past. With that said, now I'm in the process of running some Nouveau Steam/Source Engine Linux gaming tests similar to today's 20-Way Radeon Comparison With Open-Source Graphics For Steam On Linux Gaming. Read more

Red Hat Shake-up, Desktop Users, and Outta Time

Our top story tonight is the seemingly sudden resignation of Red Hat CTO Brian Stevens. In other news, John C. Dvorak says "Linux has run out of time" and Infoworld.com says there may be problems with Red Hat Enterprise 7. OpenSource.com has a couple of interesting interviews and Nick Heath has five big names that use Linux on the desktop. Read more

Kano's Alejandro Simon: If This, Then Do That

The OS has been available since February. It is open source. We tried to release a new version of it every two or three weeks. Anybody who runs Rasperry Pi can use it. So we already have users. They share content and discuss features and exchange idea on our forums. So far, we have sold 18,000 kits since last year, through the Kickstarter campaign via preorder. We are now in production and have most of the different pieces in place. We will start shipping by the beginning of September, hopefully. We do the materials and the hardware and the components and the packages ourselves. Finally, it is all coming together. Read more

Why Linux Isn't a Desktop Alternative

The year of the Linux desktop has become a joke, referred to ironically when mentioned at all. Under the circumstances Linus Torvalds showed either courage or naivete when he admitted last week at Linuxcon that he still wants to see Linux become popular on the desktop. However, neither Torvalds nor anyone else should stay up nights waiting for the event. Most users have no awareness of the possibility, or set impossible standards for it, even though, for a minority, the year of the Linux desktop happened years ago. The problem is not a technical one, as it was in Linux's earliest days. Linux desktops like KDE's Plasma or Linux Mint's Cinnamon are not only the equal of any proprietary desktop, but in many ways more advanced. Read more