[owl-users] pam_mktemp 1.1.1; new Owl ISOs & kernel (CVE-2010-3081 fix)

From: Solar Designer <solar_at_private>
Date: Sat, 25 Sep 2010 16:11:40 +0400
Hi,

This is to announce 2+ things at once.  I'll start with the shorter
announcement:

1. pam_mktemp version 1.1.1 is out:

http://www.openwall.com/pam/

pam_mktemp provides per-user directories under /tmp.  This new release
adds SELinux support, Solaris support (requires GNU make and gcc), and
makes the use of the append-only flag with ext2/3/4 filesystems optional.
The rationale behind the optional SELinux and append-only flag support
has been documented in the README file.

2. New Owl-current ISOs and OpenVZ container templates for i686 and
x86-64 have been generated yesterday:

http://www.openwall.com/Owl/

lftp mirrors.kernel.org:/openwall/Owl/current/iso> ls | fgrep 0924
-rw-r--r--         451M  2010-09-24 22:53  Owl-current-20100924-i686.iso.gz
-rw-r--r--         456M  2010-09-24 23:25  Owl-current-20100924-x86_64.iso.gz

lftp mirrors.kernel.org:/openwall/Owl/current/vztemplate> ls | fgrep 0924
-rw-r--r--         109M  2010-09-24 22:46  owl-current-20100924-i686.tar.gz
-rw-r--r--         113M  2010-09-24 23:20  owl-current-20100924-x86_64.tar.gz

Indeed, individual pre-built packages may be found under i686/ and
x86_64/ (for upgrades of previously-installed systems), and the full
source code is always available as well.

Most importantly, the kernel has been updated to include a fix for
CVE-2010-3081 (this was a "local root" and "container escape"
vulnerability on 64-bit kernels built with 32-bit compatibility
enabled).  Some other updates since the September 3 snapshot include the
introduction of xz and lzma compression support (the xz package and
changes made to rpm, less, and coreutils), new upstream versions of
lftp, bzip2 (CVE-2010-0405 fix), grep, hdparm, and OpenVZ kernel
(2.6.18-194.11.3.el5.028stab071.5 with our changes), and our new version
of pam_mktemp.

As usual, the changes are documented:

http://www.openwall.com/Owl/CHANGES-current.shtml

This set of updates was prepared by Dmitry V. Levin, Vasiliy Kulikov,
and me.

Any feedback is welcome on the owl-users list.

Alexander
Received on Sat Sep 25 2010 - 05:11:40 PDT

This archive was generated by hypermail 2.2.0 : Sat Sep 25 2010 - 05:12:24 PDT