Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 24 Feb 2010 20:38:25 +0300
From: Solar Designer <>
Subject: [openwall-announce] Linux; tcb 1.0.4; crypt_blowfish 1.0.4; JtR


This is to announce four minor updates at once:

1. The Linux 2.4 kernel patch has been updated to Linux  One
of the changes made between and is a security fix for
the e1000 Ethernet driver issue that could have allowed remote attackers
to bypass packet filters (CVE-2009-4536).  The Linux patch
additionally includes a post- fix for FAT filesystems:;a=commitdiff;h=940716e5206ebda003fca89b4ac1076b1fff5c99

2. We've released version 1.0.4 of our tcb suite (which implements the
alternative password shadowing scheme on Owl).  In this version, a
non-security buffer overflow bug with more than NGROUPS_MAX groups per
user has been fixed.  We do not treat the bug as a security issue
because there's no untrusted user input involved.  Also, the bug is not
even triggerable with typical uses of tcb, where the groups array in
question will be a root user's (perhaps just one group).

3. There's a minor update of crypt_blowfish (version 1.0.4), our public
domain password hashing framework for C/C++.  In this version, the check
for unsupported iteration counts has been corrected to reject certain
iteration counts that would previously be misinterpreted.  Also, section
.note.GNU-stack has been added to the x86 assembly file to avoid the
stack area unnecessarily being made executable on Linux systems that use
this convention.

On a related note, a Python interface to crypt_blowfish by Daniel Holth
has been added to the contributed resources list on the crypt_blowfish

4. Revision 3 of the jumbo patch for JtR has been released,
adding support for cracking NTLMv2 challenge/response exchanges
(contributed by JoMo-Kun), as well as support for Oracle 11g SHA-1 based
hashes (contributed by Alexandre Hamelin):


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.