Risk
1/11/2011
10:42 PM
50%
50%

Microsoft, Apple, Oracle, EMC Still Pursuing Novell Patents

The four-company consortium, CPTN Holdings, plans to buy hundreds of Novell patents, despite withdrawing its plan from German regulators; a move Microsoft has asserted was merely procedural.

Open source advocates celebrating Web reports that a Microsoft-led consortium has withdrawn plans to buy hundreds of Novell patents will have to put the corks back in the champagne bottles.

Microsoft sent on Tuesday to InformationWeek and other news media a statement saying its withdrawals of the plan from German regulators was just a procedural matter. Bottom line: Nothing has changed.

"This is a purely procedural step necessary to provide time to allow for review of the proposed transaction," the statement says.

The software maker's response was to an earlier report from PC World that the consortium, called CPTN Holdings and formed by Microsoft, Apple, Oracle, and EMC, had withdrawn its plan to buy more than 880 Novell patents for $450 million. Some of those patents are believed to cover technology used in open source software. Novell has been a leader in the open source movement since the purchase of the German company Suse Linux in 2003.

Open source advocates fear that if CPTN gets a hold of the patents, then it would open the door to lots of patent infringement suits against the developers of open source software. The Open Source Initiative and other groups have voiced their opposition to the purchase and have appealed to the German Federal Cartel Office, which is investigating the transaction.

The Novell patents became available when the company agreed last November to be purchased by Attachmate for $2.2 billion. The transaction included sale of the patents to CPTN. Novell at the said it expected the sale of the company to be completed in the first quarter of this year.

Novell had built a product portfolio around Suse Linux and also operated a separate unit that marketed open source software. Novell signed a deal with Microsoft in 2007 to develop integration technology between Suse Linux and Windows. The agreement also protected Novell and Microsoft from suing each other over patent infringements in their respective technologies.

SEE ALSO:

Attachmate To Acquire Novell For $2.2 Billion

Enterprise 2.0: Novell Launches Vibe Platform

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6228
Published: 2014-12-28
Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split ...

CVE-2014-6229
Published: 2014-12-28
The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string,...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.