Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20100925121140.GA26059@openwall.com>
Date: Sat, 25 Sep 2010 16:11:40 +0400
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com, owl-users@...ts.openwall.com
Subject: pam_mktemp 1.1.1; new Owl ISOs & kernel (CVE-2010-3081 fix)

Hi,

This is to announce 2+ things at once.  I'll start with the shorter
announcement:

1. pam_mktemp version 1.1.1 is out:

http://www.openwall.com/pam/

pam_mktemp provides per-user directories under /tmp.  This new release
adds SELinux support, Solaris support (requires GNU make and gcc), and
makes the use of the append-only flag with ext2/3/4 filesystems optional.
The rationale behind the optional SELinux and append-only flag support
has been documented in the README file.

2. New Owl-current ISOs and OpenVZ container templates for i686 and
x86-64 have been generated yesterday:

http://www.openwall.com/Owl/

lftp mirrors.kernel.org:/openwall/Owl/current/iso> ls | fgrep 0924
-rw-r--r--         451M  2010-09-24 22:53  Owl-current-20100924-i686.iso.gz
-rw-r--r--         456M  2010-09-24 23:25  Owl-current-20100924-x86_64.iso.gz

lftp mirrors.kernel.org:/openwall/Owl/current/vztemplate> ls | fgrep 0924
-rw-r--r--         109M  2010-09-24 22:46  owl-current-20100924-i686.tar.gz
-rw-r--r--         113M  2010-09-24 23:20  owl-current-20100924-x86_64.tar.gz

Indeed, individual pre-built packages may be found under i686/ and
x86_64/ (for upgrades of previously-installed systems), and the full
source code is always available as well.

Most importantly, the kernel has been updated to include a fix for
CVE-2010-3081 (this was a "local root" and "container escape"
vulnerability on 64-bit kernels built with 32-bit compatibility
enabled).  Some other updates since the September 3 snapshot include the
introduction of xz and lzma compression support (the xz package and
changes made to rpm, less, and coreutils), new upstream versions of
lftp, bzip2 (CVE-2010-0405 fix), grep, hdparm, and OpenVZ kernel
(2.6.18-194.11.3.el5.028stab071.5 with our changes), and our new version
of pam_mktemp.

As usual, the changes are documented:

http://www.openwall.com/Owl/CHANGES-current.shtml

This set of updates was prepared by Dmitry V. Levin, Vasiliy Kulikov,
and me.

Any feedback is welcome on the owl-users list.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.