Hi, We've released an update of Owl 3.0-stable today - including ISOs, OpenVZ container templates, binary packages for i686 and x86-64, and indeed the sources: http://www.openwall.com/Owl/ It includes relevant changes recently tested in Owl-current: rebase of the kernel on OpenVZ/RHEL 5.7, RPM security fix, and timezone data update (critical for Russia and certain other countries, and now updated for the latest reconsideration by Ukraine). Please refer to my previous announcement (pertaining to Owl-current) for "release notes" on these changes: http://www.openwall.com/lists/announce/2011/10/11/1 Additionally, we've included security fixes for two vulnerabilities in pam_env that were made public on Monday (CVE-2011-3148, CVE-2011-3149). This PAM module is not in use on default installs of Owl, and it never was, hence there was no impact for default installs. Finally, we've added the hardlink(1) program - a tool to consolidate duplicate files via hardlinks. This has resulted in discovery of security issues in the program, which we've fixed at inclusion time. We've notified other distro vendors via the public oss-security mailing list, and CVE IDs have been assigned. Since Owl had these issues addressed right away, please do not expect us to release any fix for them - we sort of already did. The changes mentioned above are also documented in the usual place: http://www.openwall.com/Owl/CHANGES-3.0-stable.shtml Alexander P.S. Meanwhile, Owl-current has successfully moved to GCC 4.6.1. More on this in a separate announcement.Received on Wed Oct 26 2011 - 02:35:27 PDT
This archive was generated by hypermail 2.2.0 : Wed Oct 26 2011 - 02:35:52 PDT