Follow @Openwall on Twitter for new release announcements and other news
Owl homepage
Other languages
Russian
Concepts
Architectures
Build environment
Installation instructions
Upgrade instructions
Download (HTTP, FTP, rsync, anoncvs)
CVSweb
Change logs
Changes in current
Changes in 3.1-stable
Changes up to 3.1
Changes in 3.0-stable
Changes up to 3.0
Changes in 2.0-stable
Changes up to 2.0
Changes in 1.1-stable
Changes up to 1.1
Changes up to 1.0
Changes in 0.1-stable
Artwork
Screenshots
Presentation slides
Wiki
OpenVZ virtualization
Packages
Owl VPS hosting
Owl in the news
This file lists all changes made between Owl 0.1-prerelease and its corresponding stable branch. Please note that the prerelease itself remains fixed; it's only the stable branch which has these changes.

Changes made between Owl 0.1-prerelease and Owl 0.1-stable.

(2002/07/30 - 2002/08/03)

2002/07/31 -
2002/08/03	Package: openssl
SECURITY FIX	Severity: high, remote, passive to active

Applied the official patch with 4 security fixes to vulnerabilities discovered by Ben Laurie and others of A.L. Digital Ltd and The Bunker under DARPA's CHATS program, by consultants at Neohapsis, and by Adi Stav and James Yonan. Added two post-0.9.6e security-related changes from the CVS. The first patch has been prepared by Ben Laurie and Dr. Stephen Henson, with one of the fixes partly based on a version by Adi Stav, and back-ported to OpenSSL 0.9.6a by Ademar de Souza Reis Jr. of Conectiva. The vulnerabilities affect only applications that use OpenSSL to provide SSL or TLS or use OpenSSL's ASN.1 parsing code on untrusted input. It hasn't been fully researched whether OpenSSH is affected, but the ASN.1 parsing vulnerability may affect OpenSSH's implementation of SSH protocol 2 in both the server and the client. As Owl currently only includes SSL clients (lftp and links), only passive attacks are possible via the SSL/TLS vulnerabilities on default installs. If, however, any SSL server software that uses OpenSSL is added, active attacks will likely become possible as well.

(2002/02/11)
2002/03/07	Package: zlib
SECURITY FIX	Severity: high, remote, active

There was a vulnerability in the zlib data compression library which, on certain invalid input to decompression, could cause segments of dynamically allocated memory to be deallocated twice (a double-free bug). The second attempt at deallocation would incorrectly treat what may happen to be user-supplied input as data structures internal to the dynamic memory implementation. As a result, the worst case impact is ability to execute arbitrary code within the context of the process doing decompression via carefully crafted invalid "compressed" input. On Owl, the zlib vulnerability affected the following packages: gnupg, openssh, rpm, texinfo, and any third-party software which may use the library. Of these, the rpm and texinfo packages contain binaries statically linked against zlib and thus aren't fully fixed by simply installing this zlib update. OpenSSH could potentially allow for an active remote attack resulting in a root compromise. If only SSH protocol version 1 is allowed in the OpenSSH server this is reduced to a local attack, but reverse remote attack possibilities by a malicious server remain.

(2002/03/05)
2002/03/07	Package: openssh
SECURITY FIX	Severity: high, local/remote, active/passive

Patched an off by one channel id check bug discovered by Joost Pol. The bug could be exploited by either a user able to login into a vulnerable OpenSSH server or a malicious SSH server attacking a vulnerable OpenSSH client. If successful, this could let one execute arbitrary code in the context of the remote server or client process.

2002/03/03	kernel
SECURITY FIX	Severity: medium to high, local to remote, active

Updated to Linux 2.2.20-ow2. This fixes an x86-specific vulnerability in the Linux kernel discovered by Stephan Springl where local users could abuse a binary compatibility interface (lcall) to kill processes not belonging to them (including system processes). Additionally, a kernel instance of the zlib double-free vulnerability is now fixed. Fortunately, the affected parts of the Linux kernel (Deflate compression support for PPP and the experimental Deflate compression extension to IrDA) are normally not used by the Owl userland.

2001/12/14	Package: glibc
SECURITY FIX	Severity: none to high, remote, active

Back-ported a glob(3) buffer overflow fix from the CVS. The bug has been discovered and an initial patch produced by Flavio Veloso of Magnux. While no Owl package is known to be affected by this glibc bug, it is likely that it may result in a security hole with certain third-party software such as FTP servers which support globbing and make use of the glob(3) interface. At the same time, asprintf(3) and vasprintf(3) have been modified to behave on errors and match the semantics of Todd Miller's implementation found on *BSD, the uses by glibc itself will now handle possible errors, -- thanks to Dmitry V. Levin of ALT Linux for discovering and looking into these issues. syslog(3) will no longer blindly trust __progname for the syslog ident if called by a SUID/SGID program without a preceding call to openlog(3). Certain minor corrections to the crypt(3) manual page have been applied. In general, the package has been mostly synced with Owl-current, except for one fix specific to the Alpha.

2001/12/12	Package: openssh
SECURITY FIX	Severity: none to high, local, active

Updated to 3.0.2p1 which fixes a security problem with UseLogin where, if UseLogin is enabled in the sshd configuration, a local user could gain root access by passing arbitrary environment variable settings to login(1) via authorized_keys file options. UseLogin has never been enabled on Owl by default and its use is discouraged.

2001/11/03	kernel
SECURITY FIX	Severity: none to medium, remote, active

Updated to Linux 2.2.20-ow1. Compared to our previous recommended kernel version/patch (2.2.19-ow3 or 2.2.19-ow4), Linux 2.2.20 adds a workaround for a vulnerability with certain packet filter setups and SYN cookies (http://cr.yp.to/syncookies.html) where the packet filter rules could be bypassed. Additionally, 2.2.20-ow1 moves even more of the support for combined ELF/a.out setups (in particular, uselib(2) and its related a.out library loaders) under the configuration option introduced with 2.2.19-ow4.

(2001/10/28)
2001/11/03	Package: popa3d

Updated to 0.5 which adds a popa3d(8) man page.

2001/10/22	kernel

RELIABILITY FIX: Updated to Linux 2.2.19-ow4 which fixes a symbol export issue introduced with 2.2.19-ow3 and moves the support for ELF executables which use an a.out format interpreter (dynamic linker) into a separate configuration option (disabled by default).

2001/10/18	kernel
SECURITY FIX	Severity: low to high, local, active

A new revision of the Openwall Linux kernel patch, 2.2.19-ow3, is now available. It contains fixes for two Linux kernel vulnerabilities discovered by Rafal Wojtczuk <nergal at cvs.openwall.com> and is strongly recommended for use with Owl. One of the vulnerabilities affected SUID/SGID execution by processes being traced with ptrace(2). It was possible to trick the kernel into recognizing an unsuspecting SUID root program as the (privileged) tracer process. Then, if that program would execute a program supplied by the malicious user (with the user's credentials), the user's program would inherit the ability to trace. Fortunately, there's no program that would meet all of the requirements for this attack in the default Owl install. However, certain supported non-default configurations of Owl are affected. In particular, if newgrp(1) is made available to untrusted users (which is a supported owl-control setting) or certain third-party software which contains SUID root binaries is installed, the vulnerability may become exploitable and result in a local root compromise. The other vulnerability allowed for an effective local DoS attack by causing the kernel to spend an almost arbitrary amount of time on dereferencing a single symlink, without giving a chance for processes to run.

2001/09/27	Package: gzip
SECURITY FIX	Severity: low, local, passive

Patched unsafe temporary file handling in gzexe, zdiff, and znew based on work by Todd Miller of OpenBSD.

(2001/06/29)
2001/09/27	Package: mktemp

Switched to packaging the portable mktemp, now that Todd Miller maintains it in addition to the OpenBSD-specific version. :-)

2001/09/27	Package: openssh
SECURITY FIX	Severity: low to high, remote, passive to active

Updated to 2.9.9p2, which fixes three security issues compared to our previous package version. The issues are: 1. The "from=" restriction in ~/.ssh/authorized_keys2 could fail to work when the file defines a mix of RSA and DSA keys. 2. A documentation problem that the authorized_keys* options didn't restrict the use of sftp. They do so now. sftp has never been enabled on Owl by default (it is owl-control'able). 3. As discovered by Yang Yu, the "echo simulation" traffic analysis countermeasure produced an extra echo packet for the carriage return after password entry. That could serve as a traffic signature for attackers.

2001/09/03	Package: groff
SECURITY FIX	Severity: none to high, remote, active

zen-parse has demonstrated a security problem with format string processing in the plot command of pic(1) when groff is used with LPRng on Red Hat Linux. While Owl doesn't (yet?) include a print server, our groff package did have the unfortunate pic(1) property and did provide a print filter for use on potentially untrusted input by a third-party print server package one could install. This has now been corrected. A patch by Sebastian Krahmer of SuSE Security Team has been applied to pic(1) to restrict the format string processing. The print filter has been dropped from the package.

2001/07/30	Package: pam

RELIABILITY FIX: Fixed a double-free bug in pam_pwdb which caused it to segfault after successful password changes in some cases. The bug was specific to Owl. :-( Fortunately, this had no security impact as the memory area was zeroed out before the second call to free(3) such that no user input would reach it.

(2001/07/05 - 2001/07/22)
2001/07/22	Package: xinetd
SECURITY FIX	Severity: none to high, remote, active

Performed an audit of the xinetd source code for several classes of vulnerabilities, and applied _many_ security and reliability fixes. The patch is 100 KB large. See AUDIT in the package documentation. None of the vulnerabilities are known to affect the default xinetd configuration on Owl.

2001/07/10	Package: tar

RELIABILITY FIX: There was a bug which caused tar to loop endlessly on a read error when verifying archives (this affected both -W, --verify, and -d, --diff, --compare). The bug is now fixed.

2001/07/06	Package: openssl
SECURITY FIX	Severity: none to medium, remote, passive to active

Applied patches provided by the OpenSSL team to correct a PRNG weakness which under unusual circumstances could allow an attacker to determine internal state of the PRNG and thus to predict future PRNG output. This problem has been discovered and reported to the OpenSSL team by Markku-Juhani O. Saarinen. No applications are known to be affected at this time.

(2001/05/29 - 2001/06/29)
2001/06/29	Package: xinetd
SECURITY FIX	Severity: none to high, remote, active

Updated to 2.3.0, which fixes the problem with xinetd's string handling routines discovered by Sebastian Krahmer of SuSE Security Team. This should complete an earlier security fix to the buffer overflow in the xinetd logging code discovered by zen-parse. The buffer overflow could be triggered by a remote attacker via xinetd's ident (RFC 1413) lookup feature and could allow for the execution of arbitrary code as the user xinetd is running as (typically root). ident lookups are and have always been disabled in the Owl xinetd package by default. Additionally, this update ensures the umask is no less restrictive than 022 when starting programs from xinetd (and is actually set to 077 by the startup scripts). The old xinetd behavior was to set the umask to 0 which resulted in a vulnerability on setups we support (Owl with third-party services installed).

2001/06/29	Owl/doc/fr/*

Updated French translations, from Denis Ducamp.

2001/06/27	Package: gpm
SECURITY FIX	Severity: none to low, physical, active

The mouse event handler gpm-root, if enabled, handled user-supplied configuration files unsafely, allowing a user with physical access to the mouse to gain root privileges on the running system. gpm-root was never started on Owl by default, and has now been moved to a separate subpackage which would need to be explicitly enabled to build. The support for user-supplied configuration files is now patched out and the documentation is updated accordingly. Additionally, many gpm-root reliability bugs including the format string bug reported by Colin Phipps to Debian (http://bugs.debian.org/102031) have been fixed.

2001/06/24	Owl/doc/CHANGES

New file: the system-wide change log will now be maintained.

(2001/06/21)
2001/06/23	Owl build environment

First attempt at supporting multiple branches.

(2001/06/21 - 2001/06/23)
2001/06/23	Package: owl-setup

RELIABILITY FIX: Set the domain in /etc/resolv.conf, ensure the newly created /etc/resolv.conf and /etc/hosts are mode 644.

(2001/06/15)
2001/06/23	Package: shadow-utils

DOCUMENTATION FIX: Rewrote most of the login.defs(5) man page and enabled its packaging. Added more defaults to /etc/login.defs, added a reference to login.defs(5). Fixed a bug in the lastlog(8) man page reported by Jarno Huuskonen.

(2001/06/14)
2001/06/23	Package: openssh
SECURITY FIX	Severity: none to low, remote, active

Prevent additional timing leaks with null passwords (when allowed). The default OpenSSH server configuration on Owl doesn't allow null passwords, making this a non-issue (not that it's much of an issue either way). When null passwords were allowed, the old package made it somewhat easier for a remote attacker to check whether a username is valid.

(2001/06/14)
2001/06/23	Package: pam_userpass

RELIABILITY FIX: Deal with null passwords correctly. Before this change null passwords wouldn't work even when allowed for a service.

(2001/06/12)
2001/06/23	Package: screen
SECURITY FIX	Severity: low, local, passive

Updated to 3.9.9, patched the unsafe temporary file handling in the configure script (which made it unsafe to _build_ screen).

(2001/06/11)
2001/06/23	Package: openssh
SECURITY FIX	Severity: low, local, active

Switch credentials when cleaning up temporary files and sockets to fix the vulnerability reported by zen-parse on Bugtraq which could allow a local user to remove files named "cookies" located anywhere on the system. The patch is by Markus Friedl (intended for testing only) with a later OpenSSH CVS change added and two bugs fixed.

(2001/06/04)
2001/06/23	Owl/doc/CONTACT

New file: explains Owl public mailing lists (only owl-users at the moment) and e-mail contacts.

(2001/06/03)
2001/06/23	Package: glibc
SECURITY FIX	Severity: low to medium, local, passive

Synced the fts(3) routines with current OpenBSD and FreeBSD; this is triggered by Nick Cleaton's report of yet another FTS vulnerability to FreeBSD, and a discussion with Kris Kennaway and Todd Miller. It should no longer be possible to trick FTS into leaving the intended directory hierarchy, but DoS attacks on FTS itself remain possible. The FTS code is used by software ported from BSD, including the Owl mtree package. GNU software uses other implementations, several of which will need fixing as well (our findutils package includes a fix since before the 0.1-prerelease, but there's room for improvement).

(2001/06/03)
2001/06/23	Package: glibc

DOCUMENTATION FIX: Updated to crypt_blowfish-0.4.1 which includes a crypt.3 man page that is more friendly to makewhatis.

(2001/05/30)
2001/06/23	Package: gnupg
SECURITY FIX	Severity: high, remote, passive

Updated to 1.0.6, which includes a fix to the format string vulnerability discovered by fish stiqz of Synnergy Networks. This vulnerability can allow a (possibly remote) attacker to execute arbitrary code as the user who attempted decryption of a specially crafted file. While the potential impact of this vulnerability is high, the chances of its successful exploitation in a real-world attack are low due to technical and social reasons.

(2001/05/29)
2001/06/23	Packages: SysVinit, owl-startup
SECURITY FIX	Severity: none to medium, local, passive to active

Ensure the umask is no less restrictive than 022 when starting programs from init and start-stop-daemon. Set umask to 077 in daemon() for the case when a service is started manually rather than from rc.sysinit. The change to init is only critical when running certain 2.4.x Linux kernel versions, which we don't yet support. The changes to start-stop-daemon and owl-startup are redundant.

(2001/05/27)
2001/06/23	Package: gawk
SECURITY FIX	Severity: low, local, passive

Patched unsafe temporary file handling in igawk, based on report and patch from Jarno Huuskonen (updated the igawk example in the texinfo documentation for gawk, which is used as the source for building the final igawk script). This is a very minor security problem as igawk is hardly ever used.

(2001/05/27 - 2001/06/19)
2001/06/23	Package: popa3d

RELIABILITY FIX: Updated from an earlier development version to 0.4.9.1.

(2001/05/23)
2001/06/23	Package: sysklogd
SECURITY FIX	Severity: none to medium, local, active

Back-ported a klogd DoS fix from 1.4.1, thanks to the reports from Jarno Huuskonen and Thomas Roessler who initially reported the problem to Debian (see http://bugs.debian.org/85478). The problem would only show up when the kernel or a kernel module incorrectly passes a NUL byte for logging. Linux 2.2.19 isn't known to have bugs like this, some Linux 2.4.x kernels are.

(2001/05/18)
2001/06/23	Owl/doc/CREDITS

New file: presents our development team and others involved with Owl.

(2001/05/18 - 2001/06/12)
2001/06/23	Package: man

Updated to 1.5i and later to 1.5i2. These versions are meant to fix the published ways to attack man when it is installed SUID/SGID, but the fixes are imperfect by design. Owl has never installed man SUID or SGID. Additionally, our makewhatis script was fixed since before we've released. Thus, this isn't a security update.

(2001/05/15)
2001/06/23	Owl/doc/fr/*

New files: French translations of the documentation, from Denis Ducamp <Denis.Ducamp at hsc.fr>.

$Id: CHANGES,v 1.2.2.24 2002/08/03 04:01:23 solar Exp $