Date: Thu, 19 Nov 2009 04:58:54 +0300 From: Solar Designer <solar@...nwall.com> To: owl-users@...ts.openwall.com Subject: Linux 184.108.40.206-ow1; new Owl ISO Hi, This is to announce a couple of things at once: 1. Linux 220.127.116.11-ow1 is out: http://www.openwall.com/linux/ This is merely an update of the patch to the new 18.104.22.168 kernel release, which fixes a number of security-related bugs: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-22.214.171.124 One of these is documented as "fs: pipe.c null pointer dereference". Let me use this opportunity to remind you that having vm.mmap_min_addr set to a non-zero value is a must (e.g., it is set to 98304 on the system I'm typing this on). There are way too many NULL pointer dereference bugs and they are and will be getting discovered too often for reasonably keeping systems up-to-date with the fixes. A better strategy may be to treat possible vm.mmap_min_addr bypass bugs as higher severity ones, simply because there's an expectation that there are a lot fewer of these (if any are still left). This is the strategy we're going to use for Owl. vm.mmap_min_addr has defaulted to non-zero (specifically, 32768) in -ow patches and thus on Owl systems for a while. Thus, we're not treating NULL pointer dereference bugs as "local root" ones; instead, we'd treat possible vm.mmap_min_addr bypasses as such. 2. There's a new Owl-current ISO image for 32-bit x86 (generated on November 17) available on our FTP mirrors: http://www.openwall.com/Owl/DOWNLOAD.shtml There's also a direct download link (using one of the mirrors) right on the Owl homepage: http://www.openwall.com/Owl/ This is a very minor update. It uses Linux 126.96.36.199-ow1 as the kernel. Quite possibly, this is the last Owl ISO snapshot to use a 2.4 kernel, as we're working on fully switching Owl to 2.6 kernels. Alexander -- To unsubscribe, e-mail owl-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.