LinuxSecurity.com: A heap-based buffer overflow was found in how libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or possibly execute arbitrary code (CVE-2008-3529).

LinuxSecurity.com: A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy

LinuxSecurity.com: This update fixes several minor issues with draksnapshot, such as backups not being completed due to bad permissions. A number of fixes were done to the applet as well, including notifications showing as information instead of warnings. Draksnapshot now

LinuxSecurity.com: The vpnc package that shipped with Mandriva Linux 2008.1 was missing the cisco-decrypt binary, which is used for converting Cisco VPN client profile files encrypted passwords. As a result, any call to pcf2vpnc failed due to the missing binary.

LinuxSecurity.com: Coworkers at the University of Tel Aviv have presented a prototype for a new host-based intrusion detection system (HIDS) for Linux. Named Korset, it uses static code analysis and promises zero failures.

CEO Mark Shuttleworth said the Linux distributor is hiring designers and interactivity experts to help make its distribution more consistent and user-friendly.

Microsoft's chairman gets funky, '80s-style, in the latest spot from Crispin Porter + Bogusky.

Guest writer Nick Anstee is pleasantly surprised by the audio quality from Nokia's latest Bluetooth accessory - the pair of MD-7W speakers. Here's his full review. We hope you're enjoying seeing Nick's writings - if you have acquired something interesting

Canonical, the leading backer of the Ubuntu version of Linux, is hiring a team to help make open-source software on the desktop more appealing and easier to use.

The following errata for CentOS-2 have been built and uploaded to the centos mirror:

The Notice of Agenda [PDF] is posted now, and so we find out what is on the schedule for the SCO bankruptcy hearing on the 16th in Delaware. As I'll show you, there is also a letter to the bankruptcy

ZDNet AU: "The Red Hat-supported Fedora Project has started issuing updates to its Linux distribution again, after a hiatus of several weeks caused by a hacker break-in."

Planet OSS: "The live CD booted into KDE 4.1.1 desktop which has customized menu and theme/wallpaper. All the hardware components were detected and configured properly. There was no 'Live Install' icon on the desktop but you can find it under

Internet News: "The blogosphere had a field day with this image below. It was the industrial metal band Nine Inch Nails performing with what appeared to be a Windows blue screen of death crash on the backdrop screens."

Computerworld: "Professor Roberto Ierusalimschy offers an in-depth examination of what he believes to be the most successful programming language not born in a developed country."

Lew Rockwell: "My wife often rolls her eyes at me, because once I find a new hobby I latch onto it as though life depended on it. The more arbitrary the nature of the hobby, the less she's impressed with

Linux Magazine: "Coworkers at the University of Tel Aviv have presented a prototype for a new host-based intrusion detection system (HIDS) for Linux. Named Korset, it uses static code analysis and promises zero failures."link fixed--ed.

OS News: "OSNews has been reporting on the Debian/Ubuntu/GNU/Opensolaris hybrid for several years. But for those of you who've never looked more closely at this interesting OS, a Nexenta developer has laid out some of its more noteworthy features and

LXer: "Every year around this time a huge number of Linux geeks converge upon downtown Columbus Ohio. Registration (free!) has been open for quite some time. The even takes place October 11 and is part trade show, part geek-fest, part