[owl-users] Owl 3.0-stable update

From: Solar Designer <solar_at_private>
Date: Wed, 26 Oct 2011 13:35:27 +0400
Hi,

We've released an update of Owl 3.0-stable today - including ISOs,
OpenVZ container templates, binary packages for i686 and x86-64, and
indeed the sources:

http://www.openwall.com/Owl/

It includes relevant changes recently tested in Owl-current: rebase of
the kernel on OpenVZ/RHEL 5.7, RPM security fix, and timezone data
update (critical for Russia and certain other countries, and now updated
for the latest reconsideration by Ukraine).  Please refer to my previous
announcement (pertaining to Owl-current) for "release notes" on these
changes:

http://www.openwall.com/lists/announce/2011/10/11/1

Additionally, we've included security fixes for two vulnerabilities in
pam_env that were made public on Monday (CVE-2011-3148, CVE-2011-3149).
This PAM module is not in use on default installs of Owl, and it never
was, hence there was no impact for default installs.

Finally, we've added the hardlink(1) program - a tool to consolidate
duplicate files via hardlinks.  This has resulted in discovery of
security issues in the program, which we've fixed at inclusion time.
We've notified other distro vendors via the public oss-security
mailing list, and CVE IDs have been assigned.  Since Owl had these
issues addressed right away, please do not expect us to release any fix
for them - we sort of already did.

The changes mentioned above are also documented in the usual place:

http://www.openwall.com/Owl/CHANGES-3.0-stable.shtml

Alexander

P.S. Meanwhile, Owl-current has successfully moved to GCC 4.6.1.  More
on this in a separate announcement.
Received on Wed Oct 26 2011 - 02:35:27 PDT

This archive was generated by hypermail 2.2.0 : Wed Oct 26 2011 - 02:35:52 PDT