Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20090707200401.GA18860@openwall.com>
Date: Wed, 8 Jul 2009 00:04:01 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com, announce@...ts.openwall.com
Subject: [openwall-announce] Owl updates; Linux 2.4.37.2-ow1

Hi,

I'll start with the simple stuff - there's a new revision of the kernel
patch, updated to Linux 2.4.37.2:

http://www.openwall.com/linux/

The changes between 2.4.37.1 and 2.4.37.2 are minor:

http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.2

More importantly, several Owl packages have been updated, including a
security update to OpenSSH (for both Owl-current and Owl 2.0-stable):

2009/07/07	Package: openssh
SECURITY FIX	Severity: none to high, remote, active
Backported upstream fix for a syslog call inside a signal handler.  The
security impact this issue might have had was not fully evaluated.  On
Debian systems, the reported impact was processes getting stuck on locks
inside glibc.  On Owl, no problems were ever reported, yet the call was
unsafe, with the worst-case impact being arbitrary code execution
(depending on processing inside glibc).
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4109

Updates of existing installs are strongly recommended.

In Owl-current, since the last ISO snapshot, we have also updated the
man-pages package, and we've added two new packages - pciutils and
dmidecode.  The kernel has been updated to 2.4.37.2-ow1, and there's a
new ISO image for 32-bit x86, generated today:

http://www.openwall.com/Owl/DOWNLOAD.shtml

-rw-r--r--    1 ftp      ftp      439842553 Jul 07 18:56 Owl-current-20090707-i586.iso.gz

As of this writing, the newest updates described above are available off
the FTP mirrors in Moscow, Russia and off the Czech mirror.  They should
propagate to the rest of our official mirrors within a day.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.