Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=427adc842806b58913a37e1a44a76ac0a6963a2c
commit 427adc842806b58913a37e1a44a76ac0a6963a2c Author: Michel Hermier <[EMAIL PROTECTED]> Date: Sun Feb 3 13:04:56 2008 +0100 homepage * Add news letter 15 and related news. diff --git a/frugalware/weeklynews/issue15.html b/frugalware/weeklynews/issue15.html new file mode 100644 index 0000000..9fcd007 --- /dev/null +++ b/frugalware/weeklynews/issue15.html @@ -0,0 +1,123 @@ +<h2>Table of Contents</h2> +<ul> + <li><a href="#welcome">Welcome</a></li> + <li><a href="#events">Events</a></li> + <li><a href="#tips">Tips and tricks</a></li> + <li><a href="#packages">Focus on package(s)</a></li> + <li><a href="#fixes">Bug fixes</a></li> + <li><a href="#security">Security announcements</a></li> + <li><a href="#about">About the newsletter</a></li> +</ul> + +<a name="welcome"></a> +<h2>Welcome</h2> +<p> + The newsletter's aim is to keep you up to date with what's happened recently in the world of the Linux distribution 'Frugalware'. +</p> +<p> + Features of this issue include: + <ul> + <li>Kalgan - we're getting closer :)</li> + <li>You want security fixes? We've got 'em!</li> + <li>Tip - X video problem on boot? - <b>Don't panic!</b> (yet)</li> + <li>Stellarium - gazing at the stars from your PC</li> + </ul> +</p> + +<a name="events"></a> +<h2>Events</h2> +<p> + Here's a selection of events which have occurred since the previous newsletter: +</p> +<ul> + <li> + <h3>Kalgan - we're getting closer :)</h3> + <p>On 29 January 2008, vmiklos announced the release of Frugalware 0.8 ("Kalgan") release candidate 1. Included in this release are quite a number of bug fixes, updated packages and new packages. For more details on this exciting release, read vmiklos' <a href="http://www.frugalware.org/news/86">announcement</a>.</p> + <p>The purpose of Frugalware's pre-releases and release candidates is to allow anyone who's interested to test the work in progress. If you have the bandwidth and time required to help, <b>please</b> test these pre-releases and release candidates. The more bugs that are found during the testing phase, the better the quality of the final release.</p> + <p>According to my calculations, there are only 902,334,167,372,827,123 trillion light years to go. :) (In reality it's closer to 6 weeks, according to the <a href="http://www.frugalware.org/roadmap">roadmap</a>).</p> +</li> +</ul> + +<a name="tips"></a> + <h2>Tips and tricks</h2> + <b>Disclaimer</b> - Be aware that the hints & tips provided here have NOT been tested and so come with no warranty. +<ul> + <li> + <h3>Video problem? - don't panic - submitted by 'phayz'</h3> + <p><b>Question</b> - Let's take a common configuration - you have configured Frugalware to boot to a GUI login manager - KDM, GDM or SLiM for example. OK, now you've found on boot that X isn't working. If you can't get into your graphical desktop environment, how can you edit /etc/xorg.conf to fix the problem?</p> + <p><b>Answer</b></p> + <ol> + <li>When you see the graphical GRUB menu, press [Esc] and confirm that you want to exit from the graphical menu. You'll now see the standard text-only GRUB menu. </li> + <li>Highlight your prefered GRUB entry and press [E] (for 'Edit').</li> + <li>Press [E] again and you're dropped into a basic editor.</li> + <li>Press [End] to move the cursor to the end of the line.</li> + <li>Press [3], then [Enter] to end editing the GRUB entry.</li> + <li>Press [Enter] again to select the temporarily modified entry and GRUB will boot. The "3" which you added to the end of the GRUB entry specifies run level '3', which means that Frugalware will boot into a text-only mode - i.e. X will not be started.</li> + <li>Now you need to log in and, using a text-only editor (Vi, emacs, nano, pico, joe for example), correct your /etc/xorg.conf file.</li> + </ol> + </li> +</ul> + <p>This section relies on your contributions! If have some tips and tricks that you would like to be shown in the newsletter, <b><u><i>please</i></u></b> post them on the forums in the Tips and Tricks section!</p> + + +<a name="packages"</a> +<h2>Focus On Package(s)</h2> + + <p>In a new section of the newsletter, I focus on one or more packages and give a general overview of their features. The packages featured will usually be the more obscure ones. You're not likely to be reading about the major desktops.</p> + <h3>Stellarium - gazing at the stars from your PC</h3> + <p><a href="http://www.stellarium.org/">Stellarium</a> is an amazing application which is described on its home page as "a free open source planetarium for your computer. It shows a realistic sky in 3D, just like what you see with the naked eye, binoculars or a telescope." If you have any interest in what's "up there", you simply <b>must</b> look at Stellarium. The images it produces are just amazing and can be presented in a range of interesting ways. It's a very active project, with the latest release on 17 January 2008. Its system requirements are very reasonable so it can be used even on old PCs - a Pentium III for example.</p> + + +<a name="fixes"></a> +<h2>Bug fixes</h2> + +<p> + A list of bugs closed since the previous newsletter is available <a href="http://bugs.frugalware.org/index.php?string=&project=1&type%5B%5D=&sev%5B%5D=&pri%5B%5D=&due%5B%5D=&reported%5B%5D=&cat%5B%5D=&status%5B%5D=closed&percent%5B%5D=&opened=&dev=&closed=&duedatefrom=&duedateto=&changedfrom=&changedto=&openedfrom=&openedto=&closedfrom=2008-01-19&closedto=&do=index&submit=">here</a>. +</p> + + +<a name="security"></a> +<h2>Security announcements</h2> +<p> + According to the normal support arrangements for Frugalware, when Frugalware 0.7 (Sayshell) was released, support for the previous release ended. This means that no further security or bug fixes will be released for Frugalware 0.6 (Terminus). +</p> + +<p> + Here is a list of <a href="/security">security issues</a> which have been discovered and fixed in the 0.7 release since the previous newsletter. +</p> + +<ul> + <li>FSA366 - kernel: A vulnerability with unknown impact has been reported in the Linux Kernel. Please upgrade to kernel-2.6.22-7sayshell4.</li> + <li>FSA365 - joomla: MustLive has discovered a vulnerability in Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. Please upgrade to joomla-1.0.13-2sayshell1.</li> + <li>FSA364 - postgresql: Some vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious users to gain escalated privileges or to cause a DoS (Denial of Service). Please upgrade to postgresql-8.2.6-1sayshell1.</li> + <li>FSA363 - libcdio: Some vulnerabilities have been reported in the cd-info and iso-info applications of libcdio, which potentially can be exploited by malicious people to compromise a user's system. Please upgrade to libcdio-0.78.2-2sayshell1.</li> + <li>FSA362 - rsync: Two vulnerabilities have been reported in rsync, which can be exploited by malicious users to bypass certain security restrictions. Please upgrade to rsync-2.6.9-3sayshell1.</li> + <li>FSA361 - asterisk: Multiple vulnerabilities has been reported in Asterisk, which can be exploited by malicious people to conduct SQL injection attacks, bypass certain security restrictions and cause a DoS (Denial of Service). Please upgrade to asterisk-1.4.13-1sayshell2.</li> + <li>FSA360 - ruby-gnome2: Chris Rohlf has reported a vulnerability in Ruby-GNOME2, which can potentially be exploited by malicious people to compromise an application using the library. Please upgrade to ruby-gnome2-0.16.0-4sayshell1.</li> + <li>FSA359 - libxml2: A vulnerability has been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service). Please upgrade to libxml2-2.6.30-2sayshell1.</li> + <li>FSA358 - horde-webmail: Secunia Research has discovered a vulnerability in IMP Webmail Client and Horde Groupware Webmail Edition, which can be exploited by malicious people to bypass certain security restrictions and manipulate data. Please upgrade to horde-webmail-1.0.1-4sayshell1.</li> + <li>FSA357 - drupal: Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct cross-site scripting, script insertion, and cross-site request forgery attacks. Please upgrade to drupal-5.2-2sayshell3.</li> + <li>FSA356 - mantis: seiji has discovered a vulnerability in Mantis, which can be exploited by malicious users to conduct script insertion attacks. Please upgrade to mantis-1.0.8-2sayshell1.</li> + <li>FSA355 - vlc: Some vulnerabilities have been discovered in VLC Media Player, which can be exploited by malicious people to compromise a user's system. Please upgrade to vlc-0.8.6-8sayshell1.</li> + <li>FSA354 - libexif: Two vulnerabilities have been reported in libexif, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise an application using the library. Please upgrade to libexif-0.6.16-2sayshell1.</li> + <li>FSA353 - clamav: Some vulnerabilities have been reported in ClamAV, where one vulnerability has an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Please upgrade to clamav-0.91.2-2sayshell1.</li> + <li>FSA352 - opera: Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a user's system. Please upgrade to opera-9.25-1sayshell1.</li> + <li>FSA351 - cups: A vulnerability has been reported in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Please upgrade to cups-1.3.2-2sayshell3.</li> + <li>FSA350 - syslog-ng: A vulnerability has been reported in syslog-ng, which can be exploited by malicious people to cause a DoS (Denial of Service). Please upgrade to syslog-ng-2.0.5-2sayshell1.</li> + <li>FSA349 - apache: A vulnerability have been reported in Apache mod_imagemap module, which can be exploited by malicious people to conduct cross-site scripting attacks. Please upgrade to apache-2.2.6-2sayshell1.</li> + <li>FSA348 - scponly: A security issue has been reported in scponly, which can be exploited by malicious, local users to bypass certain security restrictions. Please upgrade to scponly-4.6-2sayshell1.</li> + <li>FSA347 - squid: A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service). Please upgrade to squid-2.6.STABLE16-2sayshell1.</li> +</ul> + + + +<a name="about"></a> +<h2>About the newsletter</h2> + <h3>Author</h3> + <p>The Frugalware newsletter is written by Russell Dickenson (AKA phayz). Credit for the Frugalware distribution goes to the development team.</p> + <h3>Translations</h3> + <p>The newsletter is currently translated into French and Danish. The <a href="http://frugalware-fr.tuxfamily.org/forums/index.php?board=34.0">French translation</a> is provided by the French Frugalware community. The <a href="http://frugalware.dk/?cat=5">Danish translation</a> is provided by the Danish Frugalware community. Thanks to all those involved in providing and hosting these translations.</p> + <h3>Release</h3> + <p>To allow time for review and corrections, each newsletter is written ahead of its release date. Therefore it may not mention events which occured in the few days before its release - e.g. security fixes. To be sure that you've got the very latest information on these topics, go to the appropriate page of the Frugalware web site.</p> + <h3>Feedback</h3> + <p>If you have feedback about the Frugalware newsletter - whether good or bad - please provide it via the forums. Your feedback is valuable because we want the newsletter to meet the needs of Frugalware's users.</p> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git