phpBB 2.0.13 Released

phpBB Group announces the release of phpBB 2.0.13, the “Beware of the furries” edition. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to release a new version in such a short period of time.
Fortunately both fixes are easy and in each case just one line needs to be edited.

The first issue is critical (session handling allowing everyone gaining administrator rights) and we urge you to fix it on your forums as soon as possible: (code removed)

A second minor issue reported to bugtraq several days ago was the path disclosure bug in viewtopic.php which got fixed by applying the following steps: (code removed)

As with all new releases we urge you to upgrade as soon as possible. You can of course find this download available on our downloads page. As per usual three packages are available to simplify your upgrade.

I had to remove the code because b2evo doesn’t like code. The code is available at

gaim 1.1.4 released

version 1.1.4 (2/24/2005):
* Fixed a bug where Yahoo! would lose messages (and any other packet really)
* Correctly show the time when incoming Gadu-Gadu messages were sent (Carl-Daniel Hailfinger)
* Fixed crashes with glib 2.6
* Fixed MSN crash when conversations time out after the conversation window was closed
* Fixed an html parsing bug, CAN-2005-0208

Mozilla Foundation Announces Update To FireFox

All Firefox users are encouraged to download security update at

February 24, 2005, (Mountain View, CA). The Mozilla Foundation, a non-profit organization dedicated to preserving choice and promoting innovation on the Internet, today released an update to its award-winning Firefox 1.0 browser. The Firefox security update is available for the 27 million users who have already downloaded the free browser. The Mozilla Foundation encourages all users to download the update, which is available now on all platforms at

“Regular security updates are essential for maintaining a safe browsing experience for our users,” said Chris Hofmann, director of engineering for the Mozilla Foundation. “The Mozilla Foundation has developed a community of users and developers who continuously provide feedback on Mozilla software, and as a result of that constant vigilance, we are able to provide quick and effective responses to security vulnerabilities.”

The Mozilla Foundation evaluates security issues on an ongoing basis and will issue security updates as warranted. The security update for Firefox includes several fixes to guard against spoofing and arbitrary code execution. More information is available in the release notes at

Firefox has been widely praised for its stability, trustworthiness and innovative features including tabbed browsing, live bookmarks, built-in pop-up blocking, and hundreds of available extensions. SC Magazine, a leading security magazine, recently awarded the Mozilla Foundation with its Editor in Chief award. The browser has been downloaded more than 27 million times and is available in 28 languages.

phpBB 2.0.12 Released

phpBB Group are pleased to announce the release of phpBB 2.0.12 the “Horray for Furrywood” release. This release addresses a number of bugs and a couple of potential exploits. It also adds a new feature in the form of an ACP based version checker (maintainers of language packages please take note of the need for the additional localised string!).

Please note, the exploits of which we’ve been notified and which are addressed in 2.0.12 are in absolutely no way to blame for the loss of which we are still extremely confident was the fault of an outdated awstats and kernel.

However one of the potential exploits addressed in this release could be serious in certain situations and thus we urge all users, as always, to upgrade to this release as soon as possible. Mostly this release is concerned with eliminating disclosures of information which while useful in debug situations may allow third parties to gain information which could be used to do harm via unknown or unfixed exploits in this or other applications.

As with previous releases three different packages are available:

* Full Package
Contains entire phpBB2 source and English language package
* Changed Files Only
Contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release
* Patch Files
Contains patch compatible patches from the previous versions of phpBB.

Select whichever package is most suitable for you.

Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation or updates!.

Note to 2.0.3 users intending to use the patch file version

Users of 2.0.3 intending to use the patch version may (but not necessarily will) need to run (found in the contrib/ directory with the downloaded archive) before patching.

We recommend that all 2.0.3 users do a “dry run” patch first to see whether this you need to use this fix. To do this append –dry-run to the patch command, e.g. patch -cl -p1 –dry-run phpBB-2.0.3_to_2.0.12.patch. This will prevent any permanent changes being made to your installation. If you experience numerous (literally dozens and dozens) of hunk failed messages this applies to you.

To correct this problem go to your phpBB root directory, copy the to this location, chmod u+x and type ./ This will strip windows style carriage returns present in the 2.0.3 source

What has changed in this release?

The changelog (contained within this release) is as follows:

* Added confirm table to admin_db_utilities.php
* Prevented full path display on critical messages
* Fixed full path disclosure in username handling caused by a PHP 4.3.10 bug – AnthraX101
* Added exclude list to unsetting globals (if register_globals is on) – SpoofedExistence
* Fixed arbitrary file disclosure vulnerability in avatar handling functions – AnthraX101
* Fixed arbitrary file unlink vulnerability in avatar handling functions -AnthraX101
* Removed version number from powered by line
* Merged database update files to update_to_latest.php file
* Fixed path disclosure bug in search.php caused by a PHP 4.3.10 bug (related to AnthraX101’s discovery)
* Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug – matrix_killer

Red Hat Launches Red Hat Enterprise Linux 4

Linux moves closer to displacing Solaris in the enterprise.

LINUXWORLD, BOSTON�February 15, 2005�Red Hat, the leading provider of open source solutions to the enterprise, announced global availability of Red Hat Enterprise Linux v.4 last night at a press conference hosted by Red Hat executives, partners and customers. This latest release of Red Hat Enterprise Linux enables enterprise organizations to realize the benefits of open source innovation throughout their IT environment, particularly in the areas of performance and security. Red Hat Enterprise Linux proves that Linux solutions can effectively eliminate for the need for Solaris in the enterprise.

“This release of Red Hat Enterprise Linux is a defining milestone in the evolution of Linux as the backbone of the enterprise,” said Paul Cormier, Executive Vice President of Engineering at Red Hat. “Red Hat Enterprise Linux in 2002 marked the entrance of Linux in the enterprise. The second version one year later put us at par with Unix in terms of reliability, and ahead in terms of value. Red Hat Enterprise Linux v.4 has the performance, scalability, security, and application portfolio needed to make Linux the sensible choice for every deployment, from servers connected to client and desktop systems. This methodical delivery of innovation is helping create unprecedented value for the customer.”

Red Hat has engineered Red Hat Enterprise Linux v.4 with a focus on:

* Platform stability and maturity based on a well-tested Linux 2.6 kernel
* Productivity improvements particularly for the desktop
* Technologies to meet enterprise security and compliance demands
* Exceptional performance and scalability for both 32- and 64-bit workloads

Red Hat continues to place great emphasis on the importance of partner relationships and collaboration with the community. This work is most evident in the breadth of architecture and application support of Red Hat Enterprise Linux v.4:

* Red Hat Enterprise Linux v.4 is available on 64-bit Intel� XeonTM and Intel� Itanium� processor-based systems, AMD64, IBM POWERz-Series and S/390 and other x86 systems
* Hundreds of applications are currently in process to become certified on Red Hat Enterprise Linux v.4
* With the release of Red Hat Enterprise Linux v.4, more than 750 systems have been certified on Red Hat Enterprise Linux.
* Red Hat has collaborated with the community to bring to market mature open source technologies such as SELinux and Firefox, which greatly increase security and browser experience from servers through desktops and clients.
* Red Hat Desktop has made great strides in improving office productivity and usability. Also, capabilities ranging from mobility/wireless support (including Intel Centrino), to plug-and-play USB device recognition, to power management for laptops have been significantly upgraded.
* Customers will have a wide range of technologies to choose from, all based on a standard, single code base.

Red Hat Enterprise Linux v.4 is now available in 15 languages worldwide.

Sounds good. While I’m still sour about them charging for RHEL, I’m glad to see the advancement of the platform. Especially with free versions like CentOS out there.

Microsoft Buying Anti-Virus Software Maker

Microsoft Buying Anti-Virus Software Maker
Tuesday February 8, 2:34 pm ET
By Reed Stevenson

SEATTLE (Reuters) – Microsoft Corp. said on Tuesday it would buy anti-virus software maker Sybari Software Inc. in a direct challenge to Symantec Corp. and McAfee Inc., which currently dominate that market.

If Microsoft, the world’s largest software maker, bundles anti-virus features into its Windows operating system, security software makers could feel the pressure, analysts said.

“Microsoft’s acquisition of Sybari will get them into the (business) anti-virus market specializing in e-mail protection, a negative for Symantec and McAfee,” said Sterling Auty, an analyst with JP Morgan.

McAfee shares were down 8.55 percent, or $2.24 to $23.72 in afternoon trade on the New York Stock Exchange. Symantec, which recently bought storage software company Veritas to diversify and reduce its dependence on security, was down 5.64 percent or $1.33 to $22.27 on the Nasdaq.

The DOJ needs to step in here. Microsoft should not be entering new markets so it can force all of the other companies out of business. McAfee and Symantec are synonymous with security software, but if Microsoft gets its way, those companies will be out of business.

Abuse of monopoly power much, thanks?

6 lb. Cheeseburger?!


Would you like fries with that?


A 6 lb. Burger. Where’s the beef? It’s at a Pennsylvania pub that serves the world’s biggest burger � weighing in at NINE lip-smacking pounds! That’s no whopper � you can actually get this meat monster for $23.95, loaded with all the fixings: Two whole tomatoes, a half-head of lettuce, 12 slices of American cheese, a full cup of peppers, two entire onions, plus, a river of mayonnaise, ketchup, and mustard.