Fedora Weekly News Issue 13

From FedoraNEWS.ORG

Issue Date: 2005-09-12

Welcome to our issue number 13 of Fedora Weekly News (FWN), the weekly newsletter for the Fedora community.

Table of contents

1 Firefox IDN buffer overflow security issue 2 Warning to Fedora.us FC3 APT Users! 3 Attention, Fedora CMCs! 4 Meeting Minutes for Fedora Marketing 5 Red Hat contributions 6 Fedora FAQs Revamped 7 PalmOS PDA and Fedora 4 8 Fedora Core 4 Review 9 Fedora Extras: yum-updateonboot 10 Linux In a Windows Network with SAMBA 11 OpenOffice.org goes LGPL 12 Tip of the Week 13 Fedora Core 4 Updates 14 Contributing to Fedora Weekly News 15 Editor's Blog

Firefox IDN buffer overflow security issue

On September 6 a security vulnerability affecting all versions of Mozilla Firefox and the Mozilla Suite was reported (http://marc.theaimsgroup.com/?l=full-disclosure&m=112624614008387&w=2) to Mozilla by Tom Ferris and on September 8th was publicly disclosed (https://bugzilla.mozilla.org/show_bug.cgi?id=307259).

On September 9, the Mozilla team released (https://addons.mozilla.org/messages/307259.html) a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. The fix is either a manual configuration change or a small download which will make this configuration change for the user.

Editor's Note

• Fedora Project already released Security Advisories and Updates for Firefox (http://fedoranews.org/mediawiki/index.php/Fedora_Core_4_Update:_firefox-1.0.6-1.2.fc4) and Mozilla (http://fedoranews.org/mediawiki/index.php/Fedora_Core_4_Update:_mozilla-1.7.10-1.5.2) to fix the vulnerability in CAN-2005-2871 (http://www.kb.cert.org/vuls/id/573857).
• We highly recommend to upgrade your Firefox and Mozilla to the latest version OR use manual configuration to set value for network.enableIDN to false.
• Here are related bugzillas for firefox (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167931), mozilla (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167935) and thunderbird (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167945)

Warning to Fedora.us FC3 APT Users!

Warren Togami (mailto:wtogami@redhat.com) announced (http://www.redhat.com/archives/fedora-announce-list/2005-September/msg00019.html) that download.fedora.us mirrors will completely remove FC3 and FE3 from the apt-only fedora.us mirror network on September 10th. He also reports that Fedora.us will discontine support for RH8 Extras but remains in development only for security updates of old Extras for RH9-FC2.

Attention, Fedora CMCs!

Greg DeKoenigsberg (mailto:gdk@redhat.com) reports (http://www.redhat.com/archives/fedora-marketing-list/2005-September/msg00048.html) Community Marketing Contacts (CMCs) (http://fedoraproject.org/wiki/Marketing/CommunityMarketingContacts) Fedora Wiki page is ready for your review.

Meeting Minutes for Fedora Marketing

Here is the Meeting Minutes (http://www.redhat.com/archives/fedora-marketing-list/2005-September/msg00039.html) for Fedora Marketing (http://fedoraproject.org/wiki/Marketing) meeting on September 08, 2005

Red Hat contributions

Rahul Sundaram started a new Fedora Wiki page called Red Hat contributions (http://fedoraproject.org/wiki/RedHatContributions) to list some of its contributions to Free and Open Source software.

Fedora FAQs Revamped

Patrick Barnes reports (http://www.redhat.com/archives/fedora-docs-list/2005-September/msg00004.html) that he has revamped FAQ (http://fedoraproject.org/wiki/FAQ) Fedora Wiki page as an actual list of Frequently Asked Questions.

PalmOS PDA and Fedora 4

Florin Andrei (mailto:florin.andrei@myip.org) reports (http://www.redhat.com/archives/fedora-list/2005-September/msg01131.html) that he has found an interim solution for PalmOS PDA on Fedora Core 4.

Fedora Core 4 Review

Here is another Fedora Core 4 Review by New Villege Boy (http://www.nascencetech.com/newvillageboy/2005/09/05/full-review-fedora-core-4/). It concludes "At the very least, the official Installation Guide (http://fedora.redhat.com/docs/fedora-install-guide-en/fc4/) should include the very useful tips and hints in the Unofficial Fedora FAQ (http://fedorafaq.org). Until then, I can only recommend FC4 to IT-literate users who are willing to spend a day or two scavenging howto’s and Google to get their ideal configuration."

Fedora Extras: yum-updateonboot

Here is a great utility found in Fedora Extras, yum-updateonboot (http://fedoraproject.org/extras/4/i386/repodata/repoview/yum-updateonboot-0-0.2-2.fc4.html) which runs yum update on system boot. This allows machines that have been turned off for an extended amount of time to become secure immediately, instead of waiting until the next early morning cron job.

Linux In a Windows Network with SAMBA

Mark Rais, Senior Editor ReallyLinux.com (http://www.reallylinux.com) has written a guide (http://www.reallylinux.com/docs/sambaserver.shtml) for setting up a full fledged FEDORA LINUX/SAMBA server.

OpenOffice.org goes LGPL

On 2 September 2005 Sun announced the retirement of the Sun Industry Standard Source License (SISSL). Effective 2 September 2005, all code in the 2.0 codeline will be licensed exclusively under the LGPL. All future versions of OpenOffice.org, beyond OpenOffice.org 2 Beta 2, will thus be released under the LGPL only. For more information, visit their License Change FAQ (http://www.openoffice.org/FAQs/license-change.html) page.

Tip of the Week

This week's Tip of the Week is "How to get Tux to watch your Boot Screen" by Jonathan Robinson (mailto:jonathanpete@gmail.com).

Fedora Core 4 Updates

During the week of September 5 - September 11, Fedora Project released 24 Fedora Core 4 Updates including 4 Security Advisories.

Contributing to Fedora Weekly News

Would you like to contribute your article to Fedora Weekly News?

Editor's Blog

Let's see anything interesting happened last week besides Fedora Weekly News