Hi, I'll start with the simple stuff - there's a new revision of the kernel patch, updated to Linux 2.4.37.2: http://www.openwall.com/linux/ The changes between 2.4.37.1 and 2.4.37.2 are minor: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.2 More importantly, several Owl packages have been updated, including a security update to OpenSSH (for both Owl-current and Owl 2.0-stable): 2009/07/07 Package: openssh SECURITY FIX Severity: none to high, remote, active Backported upstream fix for a syslog call inside a signal handler. The security impact this issue might have had was not fully evaluated. On Debian systems, the reported impact was processes getting stuck on locks inside glibc. On Owl, no problems were ever reported, yet the call was unsafe, with the worst-case impact being arbitrary code execution (depending on processing inside glibc). References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4109 Updates of existing installs are strongly recommended. In Owl-current, since the last ISO snapshot, we have also updated the man-pages package, and we've added two new packages - pciutils and dmidecode. The kernel has been updated to 2.4.37.2-ow1, and there's a new ISO image for 32-bit x86, generated today: http://www.openwall.com/Owl/DOWNLOAD.shtml -rw-r--r-- 1 ftp ftp 439842553 Jul 07 18:56 Owl-current-20090707-i586.iso.gz As of this writing, the newest updates described above are available off the FTP mirrors in Moscow, Russia and off the Czech mirror. They should propagate to the rest of our official mirrors within a day. Alexander -- To unsubscribe, e-mail owl-users-unsubscribe_at_private and reply to the automated confirmation request that will be sent to you.Received on Tue Jul 07 2009 - 13:04:01 PDT
This archive was generated by hypermail 2.2.0 : Tue Jul 07 2009 - 13:04:36 PDT