"Linux Gazette...making Linux just a little more fun!" Contents: News in General Software Announcements

News in General SECURITY: (linux-alert) LSF Update#14: Vulnerability of the lpr program. Date: Sat, 26 Nov 1996 Linux Security FAQ Update -- lpr Vulnerability A vulnerability exists in the lpr program version 0.06. If installed suid to root, the lpr program allows local users to gain access to a super-user account. Local users can gain root privileges. The exploits that exercise this vulnerability were made available. lpr utility from the lpr 0.06 suffers from the buffer overrun problem. Installing lpr as a suid-to-root is needed to allow print spooling. This LSF Update is based on the information originally posted to linux-security mailing list. For additional information and distribution corrections: Linux Security WWW: http://bach.cis.temple.edu/linux/linux-security linux-security & linux-alert mailing list archives: ftp://linux.nrao.edu/pub/linux/security/list-archive LINUXEXPO '97 TECHNICAL CONFERENCE Durham, N.C. December 31,1996-- It was announced today that the third annual LinuxExpo Technical Conference will be held at the N.C. Biotechnology Center in Research Triangle Park, NC on April 4-5, 1997. The conference will consist of fourteen elite developers who will give technical talks on various topics all related to the development of Linux. This year the event is expected to draw 1,000 attendees who will be coming not only for the conference, but to visit the estimated 30 Linux companies and organizations that will be selling their own Linux products and giving demonstrations. The event will also include a Linux User's Group meeting, an install fair, and a job fair for all of the computer programming hopefuls. LinuxExpo '97 will be complete with refreshments and entertainment from the Class Action Jugglers. For addtional information: Anna Selvia, anna@linuxexpo.org LinuxExpo '97 Technical Conference, www.linuxexpo.org 3201 Yorktown Ave. Suite 113 Durham, NC 27713 WWW: Linux Archive Search Site Date: Thu, 21 Nov 1996 Tired of searching sunsite or tsx-11 for some program you heard about on irc? Well, the Linux Archive Search (LAS) is here. It is a search engine that searches an updated database of the files contained on sunsite.unc.edu, tsx-11.mit.edu, ftp.funet.fi, and ftp.redhat.com. You can now quickly find out where the files are hiding! The LAS is living at http://torgo.ml.org/las (It may take a second to respond, its on a slow link). So give it a whirl, who knows, you may use it a lot! For additional information: Jeff Trout, threshar@serve.com The Internet Access Company, Inc. Netherlands - Linux Book On-line Date: Thu, 05 Dec 1996 The very first book to appear in Holland on the Linux operating system has gone on-line and can be found at: http://www.cv.ruu.nl/~eric/linux/boek/ And of course from every (paper) copy sold, one dollar is sent to the Free Software Foundation. For additional information: Hans Paijmans, KUB-University, Tilburg, the Netherlands paai@kub.nl , http://purl.oclc.org/NET/PAAI/ New O'Reilly Linux WWW Site Date: 26 Nov 1996 Check out the new O'Reilly & Associates, Inc. Linux web site at http://www.ora.com/info/linux/ It has: Free excerpt from Linux Multimedia Guide Interview with Olaf Kirch Recommended links to the best Linux web sites. Links to our Unix & Linux book pages For additional information: O'Reilly & Associates, Inc., john@ora.com PCTV Reminder The "Unix III - Linux" show will air on the Jones Computer Network (JCN) and the Mind Extension University Channel (MEU) the week of January 20, 1997. The scheduled times are: Mon. 11:30 PM - 12:00 AM Wed. 9:30 PM - 10:00 PM Thu. 11:30 PM - 12:00 AM Fri. 9:30 PM - 10:00 PM Sun. 9:30 PM - 10:00 PM This show will also air on the NBC Superchannel (CNBC) January 25, 1997. It is best to call your local cable operator to find the appropriate channel. Tom Schauer, Production Assoc. PCTV

Software Announcements daVinci V2.0.2 - Graph Visualization System November 20, 1996 (Bremen, Germany) - The University of Bremen announces daVinci V2.0.2, the new edition of the noted visualization tool for generating high-quality drawings of directed graphs with more than 2000 installations worldwide. Users in the commercial and educational domain have already integrated daVinci as user interface for their application programs to visualize hierarchies, dependency structures, networks, configuration diagrams, dataflows, etc. daVinci combines hierarchical graph layout with powerful interactive capabilities and an API for remote access from a connected application. In daVinci V2.0.2, a few extensions related to improving performance and usage of the previous V2.0.1 release have been made based on user feedback. daVinci V2.0.2 is licensed free of charge for non-profit use and is immediately available Linux. The daVinci system can be downloaded with this form: http://www.informatik.uni-bremen.de/~davinci/daVinci_get_daVinci.html For additional information: Michael Froehlich, daVinci Graph Visualization Project Computer Science Department, University of Bremen, Germany http://www.informatik.uni-bremen.de/~davinci , daVinci@Informatik.Uni-Bremen.DE WWW: getwww 1.3 - download an entire HTML source tree Date: Wed, 04 Dec 1996 Getwww is designed to download an entire HTML source tree from a remote URL, recursively changing image and hypertext links. From the LSM: Primary-site: ftp.kaist.ac.kr /incoming/www 25kB getwww++-1.3.tar.gz Alternate-site: sunsite.unc.edu /pub/Linux/system/Network/info-systems/www 25kB getwww++-1.3.tar.gz Platform: Linux-2.0.24 Copying-policy: GPL For additional information: In-sung Kim, Network Tool Group, kisskiss@soback.kornet.nm.kr Motif Interface Builder on Unifix 2.0 Date: Sun, 01 Dec 1996 Unifix Software GmbH is proud to announce View Designer/X, a new Motif interface builder available for Linux. A demo version of VDX is included on Unifix Linux 2.0. With object oriented and interactive application development tools, the software developer is able to design applications with better quality and in shorter times. For more information and to download the latest demo version, see: http://www.unifix.de/products/vdx For additional information: Unifix Software GmbH, info@unifix.de View Designer/X Date: Fri, 13 Dec 1996 View Designer/X, a new Motif Interface Builder for Linux has been released. It enables application developers to design user interfaces with Motif 2.0 widgets and to generate C and C++ code. The VDX provides an interactive Wysiwyg View and a Widget Tree Browser which can be used to modify the structure of the user interface. All resources are adjustable by Widget Resource Editor and by using template files the code generation of VDX is more flexible than those of other interface builders. Bredex GmbH, Germany is distributing the View Designer/X via Web service. Please see following web page for more information and downloading the free demo version: http://www.bredex.de/EN/vdx/ Dirk Laessig, dirk@unifix.de X-Files 1.21 - graphical file manager in tcl/tk Date: Sun, 01 Dec 1996 X-Files is a graphical file management program for Unix/X-Window environment developed on Linux. For more information and packages see: http://pinhead.tky.hut.fi/~xf_adm/ http://www.hut.fi/~mkivinie/xfindex.html ftp://java.inf.tu-dresden.de:/pub/unix/x-files/:wq For questions: xf_adm@pinhead.tky.hut.fi For additional information: Mikko Kiviniemi, mkivinie@cc.hut.fi , jforsten@cc.hut.fi Helsinki University of Technology This page written and maintained by the Editor of Linux Gazette, gazette@linuxgazette.net Copyright © 1997 Specialized Systems Consultants, Inc.