The BarnOwl Developers are pleased to announce the release of BarnOwl
version 1.6.2. BarnOwl 1.6.2 is a security release on top of BarnOwl
1.6.1.

It has been installed in the Athena locker, and you can download it
from the website [1] or get the source from Github [2].

BarnOwl 1.6.2 fixes a bug where BarnOwl did not check the return code
from certain libzephyr functions, which could be remotely exploited to
crash BarnOwl or potentially execute arbitrary code
(CVE-2010-2725). This bug affects all previous versions of BarnOwl, as
well as the owl client BarnOwl is based on.

In addition, BarnOwl 1.6.2 improves BarnOwl's handling of its debug
log. In all previous versions of BarnOwl, the debug log, which
contains potentially sensitive data, was written to a
'/var/tmp/owldebug' file with default permissions. BarnOwl 1.6.2
writes to /var/tmp/barnowl.$PID, sets strict permissions, and
otherwise takes appropriate precautions to prevent hijacking of the
log file.

The full Changelog is available online [3].

Thank you for using BarnOwl, and we hope you enjoy the new release. As
usual, any bug reports, questions, or feature requests can be directed
to the developers at <barnowl@mit.edu>.

- Nelson Elhage
for the BarnOwl developers

[1] http://barnowl.mit.edu/wiki/Download/
[2] http://github.com/barnowl/barnowl/
[3] http://github.com/barnowl/barnowl/blob/barnowl-1.6.2/ChangeLog