[SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access
Grok Headline matches for [SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access
[SECURITY] [DSA 538-1] New rsync
packages fix unauthorised directory
traversal and file access
[SECURITY] [DSA 538-1] New rsync
packages fix unauthorised directory
traversal and file access
08/17/2004 11:13 AMMartin Schulze (Aug 17 2004)
[SECURITY] [DSA 458-2] New python2.2
packages really fix buffer overflow
[SECURITY] [DSA 458-2] New python2.2
packages really fix buffer overflow
08/31/2004 05:18 PMMartin Schulze (Aug 31 2004)
[SECURITY] [DSA 404-1] New rsync
packages fix unauthorised remote code
execution
[SECURITY] [DSA 404-1] New rsync
packages fix unauthorised remote code
execution
12/04/2003 01:17 PMMartin Schulze (Dec 04 2003)
[SECURITY] [DSA 512-1] New gallery
packages fix unauthenticated access
[SECURITY] [DSA 512-1] New gallery
packages fix unauthenticated access
06/02/2004 03:21 PMMatt Zimmerman (Jun 02 2004)
[security bulletin] SSRT4719 hp OpenView
Select Access remote unauthorized access
[security bulletin] SSRT4719 hp OpenView
Select Access remote unauthorized access
05/26/2004 01:45 PMBoren, Rich (SSRT) (May 25 2004)
Python2.4 highlights
Python2.4 highlights
09/20/2004 11:18 PMA.M. Kuchling's "What's New in Python X" documents are
always a treat, and his gu
ide to the forthcoming Python 2.4 is no exception. Among other
things, 2.4 elevates sets to built in type
status, dramatically improves the usability of Python's
list sort method (for easier application of DSU, aka the Schwartzian
transform), makes reverse iteration easier and
introduces an alternative string
substitution method.
All that's before you get on to the really exciting stuff:
generator expressions,
the new decimal type (because
floating point numbers are such a nuisance) and the
controversial function decorators.
I have to admit I didn't understand the significance of
half of this stuff until I read about them in "What's New", which
explains the use-cases for the new features with great clarity.
Python seems to advance at just the right rate; new
features are introduced fast enough to keep me interested (and keep
the language feeling alive) but not so fast as to leave me feeling
left behind.
[SECURITY] [DSA 519-1] New CVS packages
fix several potential security problems
[SECURITY] [DSA 519-1] New CVS packages
fix several potential security problems
06/15/2004 06:24 PMMartin Schulze (Jun 15 2004)
Tomcat internals
Tomcat internals
06/20/2004 12:16 AM
Unauthorised research opened door to
MasterCard breach
Unauthorised research opened door to
MasterCard breach
06/22/2005 02:47 AMComedy of errors
[SECURITY] [DSA 497-1] New mc packages
fix several vulnerabilities
[SECURITY] [DSA 497-1] New mc packages
fix several vulnerabilities
04/30/2004 03:07 PMMartin Schulze (Apr 29 2004)
Re: [SECURITY] [DSA 515-1] New lha
packages fix several vulnerabilities;
Re:
Re: [SECURITY] [DSA 515-1] New lha
packages fix several vulnerabilities;
Re:
06/14/2004 10:05 AMGOTO Masanori (Jun 09 2004)
Re: [SECURITY] [DSA 515-1] New lha
packages fix several vulnerabilities
Re: [SECURITY] [DSA 515-1] New lha
packages fix several vulnerabilities
06/08/2004 05:49 AMlw_at_wszia.edu.pl (Jun 06 2004)
[SECURITY] [DSA 515-1] New lha packages
fix several vulnerabilities
[SECURITY] [DSA 515-1] New lha packages
fix several vulnerabilities
06/05/2004 06:16 PMMatt Zimmerman (Jun 05 2004)
PHP Compiler Cache Internals
PHP Compiler Cache Internals
10/29/2003 12:11 AMThe latest English issue of
PHP
Magazine has an interesting article about implementing a PHP
Opcode Cache by George Schlossnagle, the author of
APC.
If you're familiar with the English expression, don't throw the
baby out with the bath water, then you will be amused to learn
that that's exactly how the Zend Engine (PHP's compiler) works. It
will compile the PHP into opcodes for a page request, and throw the
opcodes away immediately after the code completes.
This may sound really wierd and inefficient, but of course Zeev and
Andi would not have been able to start their own company, Zend,
without a business plan that involved fixing this "stupidity". And you
thought Microsoft was evil ;-)
Now it is perfectly normal when developing a platform to leave gaps
for commercial vendors to fill. That creates a ecosystem where we have
companies willing to pay to maintain and promote PHP. So this isn't
meant to be an attack against Zend, but an acknowledgement of business
realities.
This omission of the Zend Engine stimulated interest in several open
source developers to create their own opcode caches. APC is one of the
earliest open source opcode caches.
In my benchmarks (yes, you see me benchmark a lot, because that's the
only way to understand the performance profile of PHP software without
spending a lot of time examining source code) I noticed that the
overhead of PHP opcode caches was less for small scripts. Obviously
there is some copying of instructions from the cache in shared memory
during script execution. The question was how much? How did it affect
performance?
Now we have the answer. George says restoration of the opcode info for
script execution "involves only a so-called shallow copy of the
op_array. A shallow copy means that only the structure itself is
copied, but none of the elements it contains pointers to."
This means that the actual opcodes are not actually copied, only the
pointers to the structures that contain the opcodes. Apart from that,
the function and class metadata and any static variables are restored,
and the inheritance hierarchy is dynamically resolved.
So the overhead of the opcode cache is O(n), where n is the number of
functions+classes+inheritance levels+properties+PHP files. It
is not proportional to the number of lines of code - that would be as
worrying as throwing the baby with the bath water.
Another excellent issue of PHP Magazine!
[SECURITY] [DSA 620-1] New perl packages
fix several vulnerabilities
[SECURITY] [DSA 620-1] New perl packages
fix several vulnerabilities
12/30/2004 07:35 PMMartin Schulze (Dec 30 2004)
[SECURITY] [DSA 546-1] New gdk-pixbuf
packages fix several vulnerabilities
[SECURITY] [DSA 546-1] New gdk-pixbuf
packages fix several vulnerabilities
09/16/2004 05:27 PMMartin Schulze (Sep 16 2004)
[SECURITY] [DSA 732-1] New mailutils
packages fix several vulnerabilities
[SECURITY] [DSA 732-1] New mailutils
packages fix several vulnerabilities
06/05/2005 11:39 PMPosted by Martin Schulze, Friday, 3 June
[SECURITY] [DSA 523-1] New www-sql
packages fix buffer overflow
[SECURITY] [DSA 523-1] New www-sql
packages fix buffer overflow
06/22/2004 09:55 PMMatt Zimmerman (Jun 19 2004)
[SECURITY] [DSA 543-1] New krb5 packages
fix several vulnerabilities
[SECURITY] [DSA 543-1] New krb5 packages
fix several vulnerabilities
08/31/2004 05:18 PMMartin Schulze (Aug 31 2004)
[SECURITY] [DSA 698-1] New mc packages
fix buffer overflow
[SECURITY] [DSA 698-1] New mc packages
fix buffer overflow
03/29/2005 03:00 PMMartin Schulze (Mar 29 2005)
[SECURITY] [DSA 407-1] New ethereal
packages fix several vulnerabilities
[SECURITY] [DSA 407-1] New ethereal
packages fix several vulnerabilities
01/05/2004 02:50 PMMartin Schulze (Jan 05 2004)
[SECURITY] [DSA 412-1] New nd packages
fix buffer overflows
[SECURITY] [DSA 412-1] New nd packages
fix buffer overflows
01/06/2004 11:58 AMMatt Zimmerman (Jan 06 2004)
[SECURITY] [DSA 707-1] New mysql
packages fix several vulnerabilities
[SECURITY] [DSA 707-1] New mysql
packages fix several vulnerabilities
04/13/2005 05:15 PMPosted by Martin Schulze, Apr 13 2005
[SECURITY] [DSA 667-1] New squid
packages fix several vulnerabilities
[SECURITY] [DSA 667-1] New squid
packages fix several vulnerabilities
02/05/2005 09:38 PMMartin Schulze (Feb 04 2005)
[SECURITY] [DSA 517-1] New CVS packages
fix buffer overflow
[SECURITY] [DSA 517-1] New CVS packages
fix buffer overflow
06/10/2004 04:33 PMMartin Schulze (Jun 10 2004)
[SECURITY] [DSA 702-1] New ImageMagick
packages fix several vulnerabilities
[SECURITY] [DSA 702-1] New ImageMagick
packages fix several vulnerabilities
04/01/2005 02:14 PMMartin Schulze (Apr 01 2005)
[SECURITY] [DSA 264-1] New lxr packages
fix information disclosure
[SECURITY] [DSA 264-1] New lxr packages
fix information disclosure
03/19/2003 10:25 PMMartin Schulze (Mar 19 2003)
[SECURITY] [DSA 486-1] New cvs packages
fix multiple vulnerabilities
[SECURITY] [DSA 486-1] New cvs packages
fix multiple vulnerabilities
04/17/2004 03:16 PMMatt Zimmerman (Apr 16 2004)
[SECURITY] [DSA 505-1] New cvs packages
fix remote exploit
[SECURITY] [DSA 505-1] New cvs packages
fix remote exploit
05/19/2004 01:33 PMMartin Schulze (May 19 2004)
[SECURITY] [DSA 424-1] New mc packages
fix buffer overflow
[SECURITY] [DSA 424-1] New mc packages
fix buffer overflow
01/17/2004 11:13 PMMatt Zimmerman (Jan 16 2004)
phpVolcano: New PHP Internals
Article/Presentation
phpVolcano: New PHP Internals
Article/Presentation
04/07/2005 07:31 AMphpVolcano has a pointer to a
new
article (the second in a series) about some of the internals
behind the Zend Engine in PHP.
[SECURITY] [DSA 499-2] New rsync
packages fix directory traversal bug
[SECURITY] [DSA 499-2] New rsync
packages fix directory traversal bug
06/02/2004 11:03 PMMatt Zimmerman (Jun 02 2004)
[SECURITY] [DSA 507-1] New cadaver
packages fix buffer overflow
[SECURITY] [DSA 507-1] New cadaver
packages fix buffer overflow
05/19/2004 02:58 PMMartin Schulze (May 19 2004)
[SECURITY] [DSA 550-1] New wv packages
fix arbitrary command execution
[SECURITY] [DSA 550-1] New wv packages
fix arbitrary command execution
09/20/2004 07:05 PMMartin Schulze (Sep 20 2004)
[SECURITY] [DSA 539-1] New kdelibs
packages fix denial of service
[SECURITY] [DSA 539-1] New kdelibs
packages fix denial of service
08/17/2004 01:23 PMMartin Schulze (Aug 17 2004)
[SECURITY] [DSA 410-1] New libnids
packages fix buffer overflow
[SECURITY] [DSA 410-1] New libnids
packages fix buffer overflow
01/06/2004 11:58 AMMatt Zimmerman (Jan 05 2004)
[SECURITY] [DSA 518-1] New kdelibs
packages fix URI handler vulnerabilities
[SECURITY] [DSA 518-1] New kdelibs
packages fix URI handler vulnerabilities
06/14/2004 01:01 PMMartin Schulze (Jun 14 2004)
[SECURITY] [DSA 409-1] New bind packages
fix denial of service
[SECURITY] [DSA 409-1] New bind packages
fix denial of service
01/06/2004 11:58 AMMatt Zimmerman (Jan 05 2004)
[SECURITY] [DSA 521-1] New sup packages
fix format string vulnerabilities
[SECURITY] [DSA 521-1] New sup packages
fix format string vulnerabilities
06/22/2004 08:18 PMMatt Zimmerman (Jun 18 2004)
Grok Description matches for [SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access
GrokA matches for [SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access
[SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access
