Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 8 Jul 2009 00:04:01 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com, announce@...ts.openwall.com
Subject: Owl updates; Linux 2.4.37.2-ow1

Hi,

I'll start with the simple stuff - there's a new revision of the kernel
patch, updated to Linux 2.4.37.2:

http://www.openwall.com/linux/

The changes between 2.4.37.1 and 2.4.37.2 are minor:

http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.2

More importantly, several Owl packages have been updated, including a
security update to OpenSSH (for both Owl-current and Owl 2.0-stable):

2009/07/07	Package: openssh
SECURITY FIX	Severity: none to high, remote, active
Backported upstream fix for a syslog call inside a signal handler.  The
security impact this issue might have had was not fully evaluated.  On
Debian systems, the reported impact was processes getting stuck on locks
inside glibc.  On Owl, no problems were ever reported, yet the call was
unsafe, with the worst-case impact being arbitrary code execution
(depending on processing inside glibc).
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4109

Updates of existing installs are strongly recommended.

In Owl-current, since the last ISO snapshot, we have also updated the
man-pages package, and we've added two new packages - pciutils and
dmidecode.  The kernel has been updated to 2.4.37.2-ow1, and there's a
new ISO image for 32-bit x86, generated today:

http://www.openwall.com/Owl/DOWNLOAD.shtml

-rw-r--r--    1 ftp      ftp      439842553 Jul 07 18:56 Owl-current-20090707-i586.iso.gz

As of this writing, the newest updates described above are available off
the FTP mirrors in Moscow, Russia and off the Czech mirror.  They should
propagate to the rest of our official mirrors within a day.

Alexander

-- 
To unsubscribe, e-mail owl-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.