Follow @Openwall on Twitter for new release announcements and other news
Owl homepage

Andere Sprachen:
Englisch, Russisch

Konzepte
Architekturen
Arbeitsumgebung
Installationsanweisungen

Download (HTTP, FTP, rsync, anoncvs, CVSweb)

Änderungen:
Änderungen in current
 Änderungen in 3.1-stable
Änderungen in 3.1
Änderungen in 3.0-stable
Änderungen in 3.0
Änderungen in 2.0-stable
Änderungen in 2.0
Änderungen in 1.1-stable
Änderungen in 1.1
Änderungen in 1.0
Änderungen in 0.1-stable

Kunstwerk
Screenshots
Präsentationsfolien

Owl VPS-Hosting

This file lists all changes made between Owl 2.0 and its corresponding stable branch. Please note that the release itself remains fixed; it's only the stable branch which has these changes.

The dates shown in braces indicate when an equivalent change went into Owl-current, where applicable.

Security fixes have a "Severity" specified for the issue(s) being fixed. The three comma-separated metrics given after "Severity:" are: risk impact (low, medium, or high), attack vector (local, remote, or indirect), and whether the attack may be carried out at will (active) or not (passive). Please note that the specified risk impact is just that, it is not the overall severity, so other metrics are not factored into it. For example, a "high" impact "local, passive" issue is generally of lower overall severity than a "high" impact "remote, active" one - this is left up to our users to consider given their specific circumstances.

Per our current conventions, a Denial of Service (DoS) vulnerability is generally considered to have a "low" risk impact (even if it is a "remote, active" one, which is to be considered separately as it may make the vulnerability fairly critical under specific circumstances). Some examples of "medium" impact vulnerabilities would be bugs enabling non-critical information leaks, cryptographic signature forgeries, and/or sending of or accepting spoofed/forged network traffic (where such behavior was unexpected), as long as they would not directly allow for a "high" impact attack. Finally, a typical "high" impact vulnerability would allow for privilege escalation such as ability to execute code as another user ID than the attacker's (a "local" attack) or without "legitimately" having such an ability (a "remote" attack).

The metrics specified are generally those for a worst case scenario, however in certain cases ranges such as "none to low" or/and "local to remote" may be specified, referring to the defaults vs. a worst case yet "legitimate" custom configuration. In some complicated cases, multiple issues or attacks may be dealt with at once. When those differ in their severity metrics, we use slashes to denote the possible combinations. For example, "low/none to high, remote/local" means that we've dealt with issue(s) or attack(s) that are "low, remote" and those that are "none to high, local". In those tricky cases, we generally try to clarify the specific issue(s) and their severities in the description.

Changes made between Owl 2.0 and Owl 2.0-stable.

2010/02/19	kernel
SECURITY FIX	Severity: none to medium, remote, active

Updated to Linux 2.4.37.9-ow1. The 2.4.37.9 kernel fixes an e1000 Ethernet driver issue that could have allowed remote attackers to bypass packet filters. Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4536 

(2010/01/20)
2010/01/20	Package: gzip
SECURITY FIX	Severity: none to high, indirect, passive

Applied upstream's fix for an integer underflow leading to an array index error in the way gzip used to decompress data compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. An attacker could provide a specially-crafted LZW-compressed gzip archive, which once decompressed by an unsuspecting user on a 64-bit system would lead to a gzip crash or potentially to arbitrary code execution with the privileges of the user running gzip. Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001 

(2009/11/17)
2009/11/17	kernel
SECURITY FIX	Severity: none to high, local, active

Updated to Linux 2.4.37.7-ow1. The 2.4.37.7 kernel fixes a number of security-related bugs. 

(2009/10/25)
2009/10/25	kernel
SECURITY FIX	Severity: none to medium, local, active

Updated to Linux 2.4.37.6-ow1. The 2.4.37.6 kernel fixes a number of information leak vulnerabilities. One of these was already fixed in 2.4.37.5-ow1, and the remaining ones may or may not affect specific systems depending on both kernel and userspace configuration. 

(2009/08/23)
2009/08/23	kernel
SECURITY FIX	Severity: none to high/medium, local, active

Updated to Linux 2.4.37.5-ow1. The 2.4.37.5 kernel adds a fix for the "Linux NULL pointer dereference due to incorrect proto_ops initializations", which on Owl was not exploitable into privilege escalation on its own due to the vm.mmap_min_addr feature, as long as the latter was enabled and working (there have been no known issues with it in recent kernels). In our patched kernels, vm.mmap_min_addr is enabled by default. Additionally, our default kernels did not include support for any socket types via which the bug is known to be triggerable. More importantly, Linux 2.4.37.5-ow1 adds a fix for the sigaltstack local information leak affecting 64-bit kernel builds. References:
http://lists.openwall.net/bugtraq/2009/08/13/11
http://www.openwall.com/lists/oss-security/2009/08/14/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
http://www.openwall.com/lists/oss-security/2009/08/05/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 

(2009/07/15)
2009/08/23	Package: dhcp
SECURITY FIX	Severity: none to low, remote, active

Updated to 3.0.7. Fixed the DHCP server premature termination bug when receiving certain well-formed DHCP requests, provided that the server configuration mixes host definitions using "dhcp-client-identifier" and "hardware ethernet". It has not been fully researched whether the bug had any impact on versions 3.0.x of the DHCP server, and there is a specific reason why it might not have had any impact, yet we're fixing the underlying bug. Discovery and patch by Christoph Biedl. References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892
http://www.openwall.com/lists/owl-users/2009/07/16/1 

(2009/07/20 - 2009/08/03)
2009/08/03	kernel
SECURITY FIX	Severity: none to high, local to remote, active

Updated from Linux 2.4.37.2-ow1 to 2.4.37.4-ow1 (jumping over the update to 2.4.37.3-ow1, which was temporary and thus only made in Owl-current). This update adds the "-fno-delete-null-pointer-checks" option to gcc invocations, which is important to reduce the impact of a class of kernel bugs (which are yet to be found and fixed individually, but are known to exist in general). It also introduces an additional security hardening measure where the kernel will no longer allow the "personality" feature (which is needed to support some program binaries from other operating systems) to be abused to bypass the vm.mmap_min_addr restriction via SUID-root programs with a certain class of design errors in them. Finally, the update adds several security-relevant fixes to the RTL-8169 NIC driver, and makes other assorted changes. References:
http://git.kernel.org/linus/a3ca86aea507904148870946d599e07a340b39bf
http://www.openwall.com/lists/oss-security/2009/07/16/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 

(2009/07/28)
2009/07/29	Package: bind
SECURITY FIX	Severity: low, remote, active

Backported upstream fix for a remote DoS bug: by sending a specially crafted dynamic update packet to a BIND server, a remote unauthenticated attacker could cause the server to crash. According to the ISC and to our own testing, this vulnerability affects servers that are masters for one or more zones - it is not limited to those that are configured to allow dynamic updates. Our default BIND configuration includes several master zones, such as 127.in-addr.arpa, which are usable for the attack. BIND's own access controls (such as the "allow-query" directive) are ineffective against the attack. References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975
https://www.kb.cert.org/vuls/id/725188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 

(2009/07/07)
2009/07/07	kernel
SECURITY FIX	Severity: none to high, remote, active

Updated to Linux 2.4.37.2-ow1. The 2.4.37.2 kernel release adds several bug fixes, including security-relevant ones. 

(2009/07/07)
2009/07/07	Package: openssh
SECURITY FIX	Severity: none to high, remote, active

Backported upstream fix for a syslog call inside a signal handler. The security impact this issue might have had was not fully evaluated. On Debian systems, the reported impact was processes getting stuck on locks inside glibc. On Owl, no problems were ever reported, yet the call was unsafe, with the worst-case impact being arbitrary code execution (depending on processing inside glibc). References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4109 

(2009/05/24)
2009/05/24	kernel
SECURITY FIX	Severity: none to high, local, active

Updated to Linux 2.4.37.1-ow1. Linux 2.4.37.1, compared to 2.4.35-ow2, adds numerous security-relevant fixes to various kernel subsystems. 

(2009/05/09)
2009/05/23	Package: postfix

Introduced a patch to prevent leaking of the install host's name into the aliases.db file. 

(2009/04/08)
2009/04/11	Package: tcb

In the new version 1.0.3 of the tcb package, child processes spawned by pam_tcb will now always use _exit(2) rather than exit(3) to avoid triggering side effects. When changing passwords, pam_tcb will now fsync(2) the temporary file prior to renaming it over the actual shadow file, as needed on filesystems with not entirely atomic rename(2) (XFS). Thanks to Pascal Terjan of Mandriva and to Ermanno Scaglione for reporting these two issues, respectively. 

(2009/03/06)
2009/03/06	Package: bind

Dropped the root-delegation-only directive from the default named configuration because the list of TLDs that are not delegation-only was incomplete and wouldn't be maintained/updated on all installs, causing some DNS lookups of valid records to fail. Reference:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217829 

(2009/01/08)
2009/01/21	Packages: openssl, bind
SECURITY FIX	Severity: medium, remote, passive

Backported upstream fixes for multiple OpenSSL signature verification API misuses. References:
http://www.openwall.com/lists/oss-security/2009/01/07/2
https://www.openssl.org/news/secadv_20090107.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 

(2008/08/14)
2008/08/24	Package: postfix

Disabled the Solaris symlink hack that allowed local mail deliveries through "root-owned" symlinks. Although this is a security update for some other systems, on Owl the problem was avoided or mitigated in several ways:
- we have a patch, introduced prior to Owl 2.0, that adds the local_minimum_uid setting with a default of 500 - preventing local mail deliveries to user "root" (unless it is correctly setup as an alias to some other e-mail address), as well as to other system special accounts;
- there's no potential attack vector to get group "mail" privileges on Owl with no third-party software added - no single program is installed SGID "mail";
- the mail spool directory is only writable by root and group "mail" (not world-writable), yet it has the sticky bit set (mode 1771), which prevents the attack for already-existing mailboxes;
- "useradd -m", which must be used to create a user account with a home directory, also pre-creates the mailbox;
- our default kernel includes the CONFIG_HARDEN_LINK option, enabled by default, which thwarts the hardlink-to-symlink attack. 

(2008/08/10)
2008/08/10	Package: bind

Updated to 9.3.5-P2, added an OpenBSD-derived patch to implement support for more than 1024 simultaneous recursive queries. 

(2008/07/08)
2008/07/11	Package: bind
SECURITY FIX	Severity: medium, remote, active

Updated to 9.3.5-P1, which additionally randomizes UDP query ports to improve resilience to DNS cache poisoning attacks. References:
https://www.kb.cert.org/vuls/id/800113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 

(2008/05/27)
2008/05/30	Package: openssh

Implemented support for RSA/DSA key blacklisting in sshd based on partial fingerprints, added a subpackage with blacklisted 48-bit partial fingerprints for 1024-bit and 2048-bit RSA and 1024-bit DSA keys as generated on vulnerable Debian, Ubuntu, and derived systems for PID range 1 to 32767. Due to the encoding scheme used, the blacklist file size is just 1.3 MB, which corresponds to less than 4.5 bytes per fingerprint. This effort was supported by CivicActions. References:
http://www.openwall.com/lists/oss-security/2008/05/27/3
http://www.debian.org/security/2008/dsa-1571
http://www.ubuntu.com/usn/usn-612-1/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166 

(2008/03/26)
2008/03/26	Package: gnupg

Updated to 1.4.9. 

(2008/03/20)
2008/03/22	Package: bzip2

Updated to 1.0.5. This release fixes a potential buffer over-read bug, which allowed user-assisted remote attackers to cause a crash in libbz2 via a crafted file. Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372 

(2006/02/20)
2008/03/16	Package: sed

Updated to 4.1.5. 

(2008/01/01)
2008/01/04	Package: gnupg

Updated to 1.4.8. 

(2008/01/01)
2008/01/04	Package: e2fsprogs

Updated to 1.40.4. This release fixes multiple integer overflows in libext2fs which allow user-assisted remote attacks via a crafted filesystem image. Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5497 

(2007/10/07 - 2007/11/08)
2007/11/08	Package: bind

Updated L.ROOT-SERVERS.NET address. Added "recursing-file" directive to option.conf file, to make "rndc recursing" work in "control bind-debug enabled" mode. Changed startup script to use /dev/urandom as a source of randomness during rndc key generation. Changed startup script to robustify stopping the server. 

(2007/10/13)
2007/10/13	Package: openssl

Backported upstream fix for off-by-one bug in the SSL_get_shared_ciphers function. It is unclear whether the bug had any security impact. References:
http://lists.openwall.net/bugtraq/2007/09/27/14
http://lists.openwall.net/bugtraq/2007/10/01/7
https://www.openssl.org/news/secadv_20071012.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 

(2007/08/30)
2007/08/30	Package: vim
SECURITY FIX	Severity: none to high, indirect, passive

Backported upstream fix to restrict dangerous functions in modelines. Note that vim's modelines have always been disabled on Owl by default (with a setting in /usr/share/vim/vimrc) and even this fix is no guarantee modelines will be safe to use or the restricted mode safe to rely upon in the future. Backported upstream fix for format string vulnerability in the helptags_one function, which allowed user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file. References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953 

(2007/08/18)
2007/08/18	kernel

Updated to Linux 2.4.35-ow2. The single known security-relevant change added with Linux 2.4.35 is correction of the randomness pool update bug discovered by the PaX Team. The -ow2 revision adds a fix for the parent process death signal bug in the Linux kernel discovered by Wojciech Purczynski of COSEINC PTE Ltd. and iSEC Security Research; this bug has no security impact on Owl with no added SUID programs. Also added are two security hardening features, both enabled by default: restricted access to VM86 mode (specific to 32-bit x86) and restricted zero page mappings (generic). References:
http://www.openwall.com/lists/announce/2007/08/08/1
http://www.openwall.com/lists/announce/2007/08/14/1
https://isec.pl/en/vulnerabilities/isec-0024-death-signal.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3848 

(2007/07/30)
2007/07/30	Package: bind
SECURITY FIX	Severity: medium, remote, passive

Updated to 9.3.4-P1, which fixes a weakness in DNS query ids generator when answering resolver questions or sending NOTIFY messages to slave name servers. The weakness used to make it easier for remote attackers to guess the next query id and perform DNS cache poisoning. References:
http://www.trusteer.com/bind9dns
https://marc.info/?l=bind-announce&m=118531674631565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 

(2007/05/31)
2007/05/31	Package: mutt

Updated to 1.4.2.3. This release fixes msgid validation in APOP authentication and potential buffer overflow in passwd gecos field parser. References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2683 

(2007/03/25 - 2007/05/22)
2007/03/25 -
2007/05/23	Package: file
SECURITY FIX	Severity: high, indirect, passive

Fixed potential heap buffer overflow in the file_printf function of the libmagic library. Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 

(2007/04/23)
2007/04/25	Package: grep

Applied upstream fix for "grep -D skip". Fixed several potential NULL dereferences and reads beyond end of buffer. Applied "fgrep -w" fix by Pavel Kankovsky. Adopted Debian fix for big file handling. 

(2007/03/06)
2007/03/06	Package: gnupg
SECURITY FIX	Severity: medium, indirect, passive

Updated to 1.4.7. This includes a fix for an unsigned data injection vulnerability: An attacker is able to add arbitrary content to a signed message, and the receiver of the message may not be able to distinguish the forged and the properly signed parts of the message. References:
https://www.coresecurity.com/content/gnupg-and-gnupg-clients-unsigned-data-injection-vulnerability
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1263 

(2007/02/21)
2007/02/21	Package: bash

Removed the duplicate "file locks" entries from "ulimit -a" and the bash(1) man page. 

(2006/12/26)
2007/02/07	Package: crontabs

Updated run-parts from debianutils-2.17.4. Restricted permissions to /etc/cron.* directories and /etc/crontab file to root only. 

(2007/01/29)
2007/01/30	Package: bind
SECURITY FIX	Severity: low, remote, active

Updated to 9.3.4, which fixes two security issues. The first issue is a "use after free" vulnerability which allowed remote DoS attack via unspecified vectors that cause BIND to "dereference (read) a freed fetch context". The second issue allowed remote DoS attack via a type ANY DNS query response that contains multiple RR sets in the answer section, which triggers an assertion error if DNSSEC validation is enabled. References:
https://marc.info/?l=bind-announce&m=116968519321296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
https://marc.info/?l=bind-announce&m=116968519300764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494 

(2006/12/27)
2006/12/27	kernel

Updated to Linux 2.4.34-ow1. 

(2006/12/06)
2006/12/07	Package: gnupg
SECURITY FIX	Severity: high, indirect, passive

Updated to 1.4.6. This includes a fix for a remotely controllable function pointer vulnerability: using malformed OpenPGP packets an attacker was able to modify and dereference a function pointer in gpg. Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235 

(2006/11/28)
2006/11/29	Package: gnupg
SECURITY FIX	Severity: high, indirect, passive

Applied upstream fix for heap buffer overflow bug in gpg when running gpg interactively. References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
https://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html 

(2006/11/28)
2006/11/29	Package: tar
SECURITY FIX	Severity: high, indirect, passive

Disabled GNUTYPE_NAMES handling by default to avoid directory traversal in GNU tar (where a malicious archive containing GNUTYPE_NAMES record with a symbolic link could specify files to be extracted to outside of the intended directory tree). References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
http://lists.openwall.net/full-disclosure/2006/11/21/20 

(2006/11/19)
2006/11/19	Package: rpm

Backported upstream fix for potential heap buffer overflow in showQueryPackage function. Although this particular bug is fixed, it remains unsafe to invoke "rpm" queries on untrusted package files. References:
https://bugzilla.redhat.com/show_bug.cgi?id=212833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5466 

(2006/11/09)
2006/11/09	Package: openssh

Backported upstream fix for a bug in the sshd privilege separation monitor that weakened its verification of successful authentication. References:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2006-November/024882.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5794 

(2006/11/07)
2006/11/07	Package: texinfo
SECURITY FIX	Severity: high, indirect, passive

Applied upstream patch that fixes potential heap buffer overflow in texindex utility. Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810 

(2006/10/29)
2006/10/31	Package: screen
SECURITY FIX	Severity: low, remote, passive

Applied upstream patch that fixes two bugs in UTF-8 combining characters handling. The bugs could be used to crash/hang screen by writing a special string to a window. References:
http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573 

(2006/04/04)
2006/10/14	Package: vim

Repaired ex, view and rview symlinks. Packaged rvim and vimdiff symlinks for completeness. 

(2006/10/03)
2006/10/14	Package: openssh
SECURITY FIX	Severity: low/none to high, remote/local, active

Backported upstream fixes for sshd connection consumption vulnerability (severity: low, remote, active), scp local arbitrary command execution vulnerability (severity: none to high, local, active), CRC compensation attack detector DoS (severity: low, remote, active), client NULL dereference on protocol error (severity: low, remote, passive). References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4925 

(2006/09/29)
2006/10/01	Package: openssl
SECURITY FIX	Severity: none to low/high, remote, active/passive

Applied upstream fixes for DoS bugs in the ASN.1 parser (CVE-2006-2937, CVE-2006-2940). Applied fixes for a buffer overflow in SSL_get_shared_ciphers() and a DoS bug in the SSLv2 client code, both discovered and patched by Tavis Ormandy and Will Drewry of Google Security Team (CVE-2006-3738, CVE-2006-4343). References:
https://www.openssl.org/news/secadv_20060928.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 

(2006/09/19)
2006/09/19	Package: gzip
SECURITY FIX	Severity: high, indirect, passive

Fixed multiple vulnerabilities (stack buffer overflow, heap buffer underflow, heap buffer overflow, infinite loop) discovered by Tavis Ormandy of Google Security Team. References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 

(2006/09/06)
2006/09/09	Package: openssl
SECURITY FIX	Severity: none to medium, remote, passive to active

Applied upstream patch to avoid RSA signature forgery. References:
https://www.openssl.org/news/secadv_20060905.txt
http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 

(2006/09/06)
2006/09/09	Package: bind
SECURITY FIX	Severity: none to low, remote, active

Updated to 9.3.2-P1, which fixes a couple of bugs that allowed for DoS attacks on certain BIND configurations. References:
https://www.kb.cert.org/vuls/id/915404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095
https://www.kb.cert.org/vuls/id/697164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096 

(2006/08/04)
2006/08/04	Package: gnupg
SECURITY FIX	Severity: high, remote, passive

Updated to 1.4.5. This includes fixes for two more possible memory allocation bugs, similar to the problem fixed in gnupg-1.4.4. References:
https://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000229.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746 

(2006/06/22 - 2006/06/28)
2006/06/28	Package: gnupg
SECURITY FIX	Severity: high, remote, passive

Updated to 1.4.4. This includes fix for integer overflow vulnerability in packet processing that could allow a remote attacker to cause gpg to crash and possibly overwrite memory via a message packet with a large length. References:
https://lists.gnupg.org/pipermail/gnupg-announce/2006q2/000226.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082 

(2006/06/27)
2006/06/28	Package: mutt
SECURITY FIX	Severity: high, remote, passive

Applied an upstream fix for potential stack-based buffer overflow when processing an overly long namespace from IMAP server. Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242 

(2006/03/11)
2006/03/25	Package: gnupg
SECURITY FIX	Severity: medium, indirect, passive

Updated to 1.4.2.2. This includes fixes for the signature verification vulnerabilities discovered by Tavis Ormandy of Gentoo. References:
https://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0455
https://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049 

(2006/02/27 - 2006/03/20)
2006/03/25	Package: john

Applied many minor corrections, including for better handling of certain uncommon scenarios and improper uses of John. Added a "keyboard cracker" to the default john.conf that will try sequences of adjacent keys on a keyboard as passwords. 

(2006/02/20)
2006/03/25	Package: tar
SECURITY FIX	Severity: high, local, passive

Backported upstream fix for potential heap buffer overrun in handling extended headers. References:
http://lists.gnu.org/archive/html/bug-tar/2005-06/msg00029.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300

$Owl: Owl/doc/CHANGES-2.0-stable,v 1.1.2.86 2018/05/23 20:06:40 solar Exp $