Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
Owl homepage
Other languages
Build environment
Installation instructions
Upgrade instructions
Download (HTTP, FTP, rsync, anoncvs)
Purchase CDs
Change logs
Changes in current
Changes in 3.0-stable
Changes up to 3.0
Changes in 2.0-stable
Changes up to 2.0
Changes in 1.1-stable
Changes up to 1.1
Changes up to 1.0
Changes in 0.1-stable
Presentation slides
OpenVZ virtualization
Owl VPS hosting
Owl in the news
This file lists the major changes made between Owl releases. While some of the changes listed here may also be made to a stable branch, the complete lists of stable branch changes are included with those branches and as errata for the corresponding Owl releases only.

This is very far from an exhaustive list of changes. Small changes to individual packages won't be mentioned here unless they fix a security or a critical reliability problem. They are, however, mentioned in change logs for the packages themselves.

Changes made between Owl 1.0 and Owl 1.1.

2003/12/19	kernel

Updated to Linux 2.4.23-ow2.

2003/12/12 -
2003/12/16	Package: lftp
SECURITY FIX	Severity: high, remote, passive

Updated to 2.6.10 fixing a buffer overflow vulnerability in the HTTP directory listing parsing code discovered by Ulf Harnhammar. The vulnerability could allow a malicious HTTP server to execute arbitrary code on the client system. Additionally, a patch by Nalin Dahyabhai of Red Hat needed to handle malformed HTTP server responses gracefully has been added. Reference:

2003/12/08	Package: glibc

Sanity check the forward and backward chunk pointers in the unlink() macro used by Doug Lea's implementation of malloc(3). If the pointers are determined to have been overwritten, the process will be forced to terminate thereby reducing the impact of a common class of attacks on memory overwrite vulnerabilities present in various applications. Credit for the idea for this countermeasure is due to Stefan Esser.

2003/11/29	kernel
SECURITY FIX	Severity: high, local, active

Updated to Linux 2.4.23-ow1. Linux 2.4.23 includes a fix to a vulnerability in the brk(2) system call discovered by Andrew Morton which allowed user-space processes to access the kernel's data structures and thus gain root access. Linux 2.2.x kernels are not affected. The Linux 2.4.22-ow1 kernel image used in Owl-current ISO images and CDs dated 2003/10/20 through 2003/11/03 did contain the additional brk(2) fix and thus is not affected. However, that fix is not a part of the published Linux 2.4.22-ow1 source code patch meaning that custom builds of Linux 2.4.22-ow1 are affected and need to be upgraded to 2.4.23-ow1. Additionally, this update of the kernel patch makes the reporting of returns onto stack more verbose and makes the kernel retry attempts to open the root filesystem device if the first attempt fails. Reference:

2003/11/29	Package: gnupg
SECURITY FIX	Severity: medium, remote, passive

Added a patch by David Shaw to disable the ability to create signatures using the ElGamal sign+encrypt (type 20) keys as well as to remove the option to create such keys. Reference:

2003/11/22	Package: iproute2
SECURITY FIX	Severity: low, local, passive

Added a patch from Herbert Xu of Debian to prevent a local denial of service attack on iproute2 utilities via spoofed Netlink messages. Reference:

2003/11/06	Package: openssl

Updated to 0.9.6l. The added bug fix is believed to be not security related on Linux.

2003/10/26	Packages: nmap, owl-etc

Added a reduced version of the drop privileges patch from ALT Linux. Nmap, when run as root, will now switch to pseudo-user nmap retaining only raw socket access (CAP_NET_RAW) and, if option -n is given, also chroot to /var/empty.

2003/10/26	Packages: libcap, vsftpd

New package: libcap, a library for dealing with POSIX.1e capabilities. vsftpd has been updated to 1.2.1pre1 and now uses libcap.

2003/10/24	Packages: owl-cdrom, openssh;

Support special installs for Owl bootable CDs with "MAKE_CDROM=yes" in installworld.conf.

2003/10/20	kernel; Package: owl-cdrom

Updated to Linux 2.4.22-ow1.

2003/10/18	Package: libnids
SECURITY FIX	Severity: none to high, remote, active

Updated to 1.18 which fixes incorrect buffer memory reallocation (and thus a possible buffer overflow) in TCP stream reassembly which may be remotely exploitable into arbitrary code execution. This does not affect applications that are currently a part of Owl (scanlogd does not use libnids' TCP stream reassembly capability), but a number of other applications such as those in dsniff toolkit are affected. The vulnerability has been discovered by Robert Watson. Reference:

2003/10/12 -
2003/10/17	Packages: iproute2, iputils

Updated iproute2 to snapshot ss020116, iputils to ss020927, and corrected builds with Linux 2.4.22+.

2003/10/11	Package: nmap

Updated to 3.48 which adds service version detection.

2003/10/01	Package: openssl
SECURITY FIX	Severity: low, remote, active

Updated to 0.9.6k. This version corrects an out of bounds read in ASN.1 parsing code, a crash in the public key verification code if it is set to ignore decoding errors (which is normally done for debugging purposes only), and an SSL/TLS protocol handling error which would cause the server to parse a supplied client certificate even if one wasn't requested. The problems were discovered due to NISCC's SSL/TLS test suite. References:

2003/09/29	Package: raidtools

New package: tools for creating and maintaining software RAID devices.

2003/09/17	Package: openssh
SECURITY FIX	Severity: medium, remote, active

Multiple memory management errors have been discovered in OpenSSH, and this update corrects 6 such real or potential errors based on an exhaustive review of the OpenSSH source code for uses of *realloc() functions. At this time, it is uncertain whether and which of these bugs are exploitable. If exploits are possible, due to privilege separation, the worst direct impact should be limited to arbitrary code execution under the sshd pseudo-user account restricted within the chroot jail /var/empty, or under the logged in user account. Reference:

2003/08/24 -
2003/09/15	Package: john

Added an event logging framework.

2003/09/09 -
2003/09/14	Packages: dhcp, owl-etc

New package: the ISC Dynamic Host Configuration Protocol (DHCP) distribution. The DHCP server and relay programs have been modified to run with reduced privileges and are now a part of Owl. The DHCP client is not officially a part of Owl yet and it is not built with Owl by default.

2003/08/25 -
2003/09/12	Package: xinetd

Updated to 2.3.12.

2003/08/20 -
2003/08/22	Packages: iptables, ipchains

New package: iptables, tools for managing Netfilter/iptables packet filtering rules with Linux 2.4.x kernels.

2003/08/02 -
2003/08/10	Packages: glibc, pam, sysklogd

LFS (Large File Support) corrections to glibc on SPARC, pam_limits, and syslogd. LFS will only work when Owl userland is built against Linux 2.4.x kernel headers and a Linux 2.4.x kernel is booted.

2003/07/25	Packages: prtconf, owl-dev

New package: prtconf, utilities to dump and modify SPARC OpenPROM.

2003/07/22	Package: pam
SECURITY FIX	Severity: none to medium, local, active

Patched pam_wheel to never rely on getlogin(3), even if use_uid is not specified. The default /etc/pam.d/su on Owl doesn't use pam_wheel, and, after "control su wheel", uses it with use_uid. This change was only needed to make other local configurations with pam_wheel safe.

2003/07/21	Package: openssh
SECURITY FIX	Severity: none to medium, local, active

VerifyReverseMapping is now deprecated and replaced with a new option, UseDNS, which is enabled by default. This should solve the client address restriction circumvention attack discovered by Mike Harding. Reference:

2003/07/04	Package: perl

RELIABILITY FIX: Corrected the Perl getpwent() to not rely on getspent(3) returning entries in the same order as getpwent(3) does; this actually makes a difference with /etc/tcb and likely with non-files password databases.

2003/06/12	Package: stmpclean

RELIABILITY FIX: Updated to 0.3 which will refuse to run on relative pathnames. The previous version would interpret relative pathnames in a way most people wouldn't expect potentially removing files outside of the intended directory trees.

2003/06/02	Packages: nmap, libpcap

New package: Nmap, a network exploration tool and security scanner.

2003/06/02	Package: openssh

Updated to 3.6.1p2. When we know we're going to fail authentication for reasons external to PAM, pass there a hopefully incorrect password to have it behave the same for correct and incorrect passwords.

2003/06/02	Package: lftp

Updated to 2.6.6.

2003/05/23 -
2003/05/29	Packages: owl-etc, glibc, SimplePAMApps, openssh,
		owl-setup, shadow-utils, rpm;

tcb is now the default password shadowing scheme and, when updating existing installs, automatic conversion to tcb is attempted.

2003/05/11 -
2003/05/15	Package: gnupg
SECURITY FIX	Severity: medium, remote, passive

Updated to 1.2.2, fixing the key validity bug. References:

2003/05/05	Package: acct

Support /dev/pts in lastcomm(1).

2003/04/27 -
2003/05/01	Package: cvs

New package: a version control system. This is CVS 1.11.5 with many corrections.

2003/04/27	Packages: msulogin, SysVinit, owl-startup

New package: msulogin, our implementation of sulogin(8) with support for having multiple root accounts on a system.

2003/04/23	Package: SysVinit

Updated to 2.85 which includes most of our old patches plus quite a few from ALT Linux, including to make wall(1) not trust utmp contents more than it has to (this prevents a group utmp -> root attack). Added more patches from ALT and Red Hat Linux, including for alternate program executable matching in start-stop-daemon and pidof(8) such that processes may be located even after their executables could have been unlinked. This should make no difference for packages in Owl, but may help lame third-party packages which attempt to stop their daemon processes after having replaced the programs on disk.

2003/04/17 -
2003/04/18	Packages: tcb, openssh, popa3d, screen, shadow-utils,
		SimplePAMApps, vsftpd

pam_tcb now implements proper fake salt creation for non-existent or password-less accounts to reduce timing leaks. OpenSSH will now run PAM with password authentication even for non-existent or not allowed usernames.

2003/04/17	Packages: console-tools, kbd, man-pages, owl-setup

console-tools has been replaced with kbd.

2003/04/16	Package: xinetd

Updated to 2.3.11.

2003/04/15	Package: SimplePAMApps

Imported ALT Linux patches, most importantly replacing command line parsing in su(1) such that it will better match the behavior of other implementations.

2003/04/14	Package: util-linux

Updated to 2.11z.

2003/04/12	Packages: pam_userpass, openssh, popa3d, screen,
		shadow-utils, vsftpd;

Moved the common pam_userpass PAM conversation function into a library, libpam_userpass (both shared and static versions are built). This is due to work by Dmitry V. Levin of ALT Linux.

2003/04/12	Package: openssl
SECURITY FIX	Severity: medium, remote, active

Updated to 0.9.6j which adds two security fixes. One of the fixes is to enable RSA blinding (a technique to avoid information leaks via timing with RSA encryption), without an application having to request it explicitly, despite the small performance impact this has. The other is to prevent the Klima-Pokorny-Rosa attack on RSA in SSL/TLS. References:

2003/04/08	Package: openssh

Updated to 3.6.1p1.

2003/04/02	Package: mktemp

Updated to 1.5.

2003/03/26	Package: mutt
SECURITY FIX	Severity: high, remote, passive

Updated to 1.4.1. This version fixes a buffer overflow vulnerability in Mutt's IMAP client code which could result in arbitrary code execution if Mutt is used to connect to a malicious or spoofed IMAP server. The vulnerability has been discovered by Diego Kelyacoubian, Javier Kohen, Alberto Solino, and Juan Vera of Core Security Technologies, and fixed by Edmund Grimley Evans. References:

2003/03/23	Package: glibc
SECURITY FIX	Severity: none to high, remote, active

Included Red Hat's back-port of the Sun RPC XDR integer overflow fixes from glibc CVS. The fixes are by Paul Eggert and Roland McGrath, and the xdrmem_getbytes() integer overflow has been discovered by Riley Hassell of eEye Digital Security. Please note that Owl does not include any RPC services (but it does include a few RPC clients). It has not been fully researched whether an Owl install with no third-party software added is affected by this vulnerability at all. References:

2003/03/20	kernel
SECURITY FIX	Severity: low to high, local/remote, active/passive

Updated to Linux 2.2.25-ow1. Linux 2.2.25 fixes the kmod/ptrace race condition vulnerability discovered by Andrzej Szombierski. The vulnerability could result in a local root compromise if the kernel is built with support for auto-loading modules (CONFIG_KMOD) and the path to a module loader program is specified in /proc/sys/kernel/modprobe. It is recommended that you not enable or use kmod, for both security and reliability reasons. The kernels used on Owl CDs have never been built with support for kmod. Owl startup scripts, unlike those used on some other distributions, don't setup a path to modprobe with the kernel. This version of the kernel also corrects "Etherleak" issues with a number of Ethernet drivers (a common class of vulnerabilities publicized by Ofir Arkin and Josh Anderson of @stake) and a local DoS vulnerability with mmap(2) of /proc/<pid>/mem files discovered by Michal Zalewski of BindView. Linux 2.2.25-ow1 patch makes the added RLIMIT_NPROC enforcement also work for 32-bit syscalls on sparc64 (thanks to Brad Spengler for noticing that this was missing). References:

2003/03/16	Package: man

Updated to 1.5l. This version fixes a bug discovered by Jack Lloyd where a specially crafted man page would result in an attempt to execute a program named "unsafe". This is only a security issue if untrusted directories are present in $PATH, which should not be the case. References:

2003/03/15	Package: vim

Updated to 6.1 patchlevel 386. This includes a fix for Georgi Guninski's discovery of a particular way to abuse vim's modelines to execute arbitrary shell commands from a specially crafted text file when it is loaded into vim and to bypass vim's restricted mode. Note that vim's modelines have always been disabled on Owl by default (with a setting in /usr/share/vim/vimrc) and even this fix is no guarantee modelines will be safe to use or the restricted mode safe to rely upon in the future. References:

2003/03/02 -
2003/03/10	Package: popa3d

Rate-limit the "sessions limit reached" log message similarly to the per-source one; spotted by Michael Tokarev. Ensure proper logging of abnormally terminated sessions: distinguish server failures from external modification to the mailbox by other instances of popa3d or other MUAs. Previously, if external mailbox modification would occur during processing of a RETR command, popa3d could improperly log a "server failure" (0.6) or even a "premature disconnect" (older versions). Added the -V option to print out version information. Started maintaining a non-package-specific popa3d change log due to popular demand, added a separate file with contact information.

2003/03/07	Package: file
SECURITY FIX	Severity: medium to high, local, passive

Updated to 3.41, which fixes a buffer overflow vulnerability in file(1). The overflow could be triggered by an invalid ELF binary and, with a specially-crafted fake ELF binary, would result in execution of arbitrary code.

2003/02/25	Package: zlib

Corrected a potential buffer overflow in gzprintf(), thanks to Bugtraq postings by Crazy Einstein, Richard Kettlewell, and Carlo Marcelo Arenas Belon.

2003/02/24	Package: libutempter

Updated to 1.1.1 for a signal handling fix.

2003/02/20	Package: openssl
SECURITY FIX	Severity: medium, remote, passive

Updated to 0.9.6i. This version adds a security fix to minimize information leaks via timing, by performing a MAC computation even if incorrect block cipher padding has been found. The leaks could be triggered and exploited in a man-in-the-middle attack, where the attacker has to play an active role, yet relies on many actions and properties of the SSL/TLS client to succeed. This weakness will be demonstrated in an upcoming paper by Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion). References:

2003/02/20	Package: popa3d

Approached another stable release, 0.6. The recent changes are limited to minor bug fixes (documented in the package change log), so this release is of more importance to uses on non-Owl.

2003/01/20	Package: mutt

New package: a feature-rich text-based mail user agent. Our initial package is based on Mutt 1.4i with many temporary file handling fixes.

2003/01/18	Package: xinetd

Updated to 2.3.10.

2003/01/10 -
2003/01/17	Package: dialog

Updated to 0.9b-20020814 with a patch needed for RSBAC administration tools. Corrected unsafe temporary file handling in the samples.

2003/01/17	Packages: utempter, libutempter, rpm, screen

Red Hat's utempter has been replaced with ALT Linux's libutempter package, which features an improved API while still supporting the old one for compatibility. rpm has been enhanced to support symbol versioning with automatic dependencies on libraries other than glibc (packages which depend on libutempter's new API will use this), and screen switched to the new API.

2003/01/12	Package: diffstat

Updated to 1.32.

2003/01/08	Package: owl-control

Added control(8) and control-dump(8) manual pages.

2003/01/07	Package: hdparm

Updated to 5.3.

2002/12/29	Package: nc

New package: ported netcat from OpenBSD (post-3.2). netcat (nc) is a simple utility for reading and writing data across network, using TCP or UDP.

2002/12/19	Packages: tcp_wrappers, openssh, xinetd

Handle error conditions with tcp_wrappers' table matching, patch from Steve Grubb.

2002/12/17	Package: rpm

Added rpminit(1), a script to setup a set of private directories for building RPM packages as the current user. Changed the default rpmrc to use more optimal flags for our gcc (note that builds of Owl itself use a different set of optimization flags anyway).

2002/12/14	Package: libnids

Updated to 1.17.

2002/12/12	Package: openssl

Updated to 0.9.6h.

2002/12/09	kernel

Updated to Linux 2.2.23-ow1.

2002/12/05	Owl/doc/TODO

New file: a public Owl TODO list. Its primary purpose is to give some ideas of how one may contribute to Owl development.

2002/10/24 -
2002/12/01	Package: owl-startup

Set net.ipv4.icmp_echo_ignore_broadcasts = 1 to prevent the use of Owl boxes for "smurf" attacks even when proper packet filters aren't in place (suggested by Steve Olszewski). Set net.ipv4.tcp_syncookies = 1 to defeat SYN flood attacks. Documented (in /etc/sysctl.conf) the security risk of having SYN cookies enabled with certain packet filter setups.

2002/11/27	kernel
SECURITY FIX	Severity: medium, local, active

Updated to Linux 2.2.22-ow2 which improves the "lcall" DoS fix for the Linux kernel to cover the NT (Nested Task) flag attack discovered by Christophe Devine.

2002/11/08	Package: glibc

RELIABILITY FIX: Made the x86 assembly code implementing bcrypt password hashing reentrant (this time for real), made it more careful about overwriting sensitive data. At the same time, the default /etc/nsswitch.conf file has been cleaned up and improved.

2002/11/07	Owl/doc/MIRRORING

New file: instructions for those who would like to setup and maintain an Owl mirror, official or not.

2002/11/05	Package: hdparm

Updated to 5.2.

2002/11/03	Packages: owl-control,
		iputils, openssh, postfix, shadow-utils, SimplePAMApps,
		traceroute, util-linux, vixie-cron

Keep owl-control settings over package upgrades (and thus over "make installworld" runs as well). Some of the owl-control scripts updates have been imported back from ALT Linux.

2002/10/21 -
2002/10/24	Packages: shadow-utils, tcb

Merged enhancements which remove the 32K users limit when /etc/tcb is in use, documented them in tcb(5) and login.defs(5) manual pages. Modified the tcb_chkpwd helper binary interface to support multiple users per UID (the username is now passed as well). Most of this was prepared by August but delayed until after Owl 1.0 release.

$Owl: Owl/doc/CHANGES-1.1,v 1.112 2011/07/29 08:57:44 solar Exp $

Powered by Openwall GNU/*/Linux - Powered by OpenVZ