Debian Security Advisory - php4, Jul 17, 2003

The transparent session ID feature in the php4 package does not properly escape user-supplied input before inserting it into the generated HTML page. An attacker could use this vulnerability to execute embedded scripts within the context of the generated page.

For the stable distribution (woody) this problem has been fixed in version 4:4.1.2-6woody3.

He spoke candidly with San Jose Mercury News staff writer Dean Takahashi about the SCO Group vs. IBM lawsuit (where Big Blue is accused of illegally putting Unix code into Linux), about Microsoft and open source development.

He also shed light on his decision to leave chipmaker Transmeta for a Linux corporate software consortium, the Open Source Development Lab. Here is an edited transcript:

Webmaster's note: Update on a story about Microsoft allegedly punishing a Massachusetts company for offering Linux computers

The Massachusetts attorney general's office said Wednesday that tougher penalties are necessary to prevent Microsoft from engaging in anticompetitive behavior.

Massachusetts, the only state still pursuing antitrust charges against the software maker, said in a court filing that a set of penalties that a federal judge imposed last year are insufficient. "The failures of the district court's remedy are profound," the state said in a brief filed with the D.C. Circuit Court of Appeals. "It fails to stop Microsoft’s illegal conduct and does nothing to restore competition to the monopolized market or to prevent Microsoft from engaging in similar means to the same unlawful end."

It qualifies because it spans so many platforms - from small devices up to IBM's zSeries mainframe. It also qualifies because, like TCP/IP, it doesn't actually belong to anyone. It runs on most chips and is rapidly becoming the developer platform of choice. So the idea is starting to emerge that you virtualise storage by the use of SANs and NAS and you virtualise server hardware by the use of Linux - thus making it feasible to switch applications from one server to another automatically, and quickly. Within this capability you can cater for failover and make highly efficient use of resources.

Netcraft's Mike Prettejohn told us he was surprised at the number of Linux sites switching. Defectors include sites run on behalf of a variety of organisations, from smaller firms using shared hosting providers, to larger concerns - like gun manufacturer Colt.

Colt has had to reboot its Web site a significant number of times since shifting to Windows Server 2003, Prettejohn notes

Local vendors of Linux distributions have received requests from Red Hat to remove from their websites all trademarks, including names and meta tags, referring to the US company.

However, the Red Hat distribution, which is under the GNU Public Licence (GPL), can still be copied. It just can’t be called “Red Hat Linux” or even any play on the name, such as “Sombrero Rojo” or “Green Hat Linux”.

 View older news this year: Nov Oct Sep Aug Jul Jun May Apr Mar Feb Jan
 View news from other years: 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999