Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 4 May 2013 13:16:43 +0200
From: Zenny <>
Subject: Re: Owl-current and 3.0-stable 2013/04/08 snapshot

What is the timeline for Owl 4.0 compatible with RHEL6?

Look forward to. Thanks for the great work!

On 5/4/13, Zenny <> wrote:
> It is nice to learn about the update, but what makes me wonder is the
> upstream for RHEL4 is alreade EoL (end of life) about a year ago (2012
> Feb as far as I remember).
> It would be nice if Owl get upgraded to be compatible with the
> packages for RHEL6/CentOS6 which has an end of life for 10 years? If
> not at least, RHEL5/CentOS5 which alos has EoL for a decade.
> Actually I encountered a lot of backward  incompatibility when I try
> to use some applications.
> Thanks!
> On 4/11/13, Solar Designer <> wrote:
>> Hi,
>> A few days ago, we've released new snapshots of Owl-current and Owl
>> 3.0-stable, as usual including ISO images, OpenVZ container templates,
>> binary packages for i686 and x86_64, and full sources:
>> The Linux kernel has been rebased on the latest from OpenVZ's
>> RHEL5-based branch (RHEL 5.9-based currently), thereby fixing a number
>> of vulnerabilities including the PTRACE_SETREGS vs. process death race
>> condition (CVE-2013-0871), which could allow for a local root compromise
>> and OpenVZ container escape.  (However, the risk probability might have
>> been low due to the race being difficult to win.)
>> GnuPG has been updated to 1.4.13, which fixes a memory corruption bug
>> (CVE-2012-6085).  The bug allowed an attacker to crash gpg(1) and
>> corrupt the public keyring database file.  Arbitrary code execution was
>> not possible because the attacker cannot control the corrupted data.
>> The corrupted data is stored in the keyring file, so the DoS effect is
>> persistent, but the keyring can be manually restored by recovering from
>> the pubring.gpg~ backup file (which is created by gpg(1) itself).
>> In Owl 3.0-stable, both of the above changes have been merged (although
>> the kernel has fewer features enabled than Owl-current's), and
>> additionally the earlier xinetd security update from Owl-current and
>> some glibc bugfixes have been merged.  Owl 3.0-stable's kernel is now
>> compressed with Zopfli (pigz -11) instead of gzip -9.
>> More detail is available in the change logs:
>> There's one known regression in Owl-current as compared to 3.0-stable:
>> the strace program fails to work against 32-bit x86 program binaries.
>> Indeed, we're going to correct this.
>> This Owl-current update is a lot more conservative than what we've been
>> planning to have by this date.  Frankly, progress has been slow.  We did
>> prepare an experimental update of Owl to RHEL6'ish kernels, and it was
>> in fact committed, but in light of severe security issues discovered in
>> the Linux kernel we chose to temporarily revert the major update and to
>> provide the security fixes on top of a more stable system first.
>> Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.