lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.02.1608231358290.27386@connie.slackware.com>
Date: Tue, 23 Aug 2016 13:58:51 -0700 (PDT)
From: Slackware Security Team <security@...ckware.com>
To: slackware-security@...ckware.com
Subject: [slackware-security]  gnupg (SSA:2016-236-01)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  gnupg (SSA:2016-236-01)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.21-i586-1_slack14.2.txz:  Upgraded.
  Fix critical security bug in the RNG [CVE-2016-6313].  An attacker who
  obtains 580 bytes from the standard RNG can trivially predict the next
  20 bytes of output.  (This is according to the NEWS file included in the
  source.  According to the annoucement linked below, an attacker who obtains
  4640 bits from the RNG can trivially predict the next 160 bits of output.)
  Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
  For more information, see:
    https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnupg-1.4.21-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnupg-1.4.21-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnupg-1.4.21-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnupg-1.4.21-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnupg-1.4.21-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnupg-1.4.21-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnupg-1.4.21-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnupg-1.4.21-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gnupg-1.4.21-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gnupg-1.4.21-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gnupg-1.4.21-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gnupg-1.4.21-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnupg-1.4.21-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnupg-1.4.21-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
ad17f87851028e4d5cb29676a6fea7f6  gnupg-1.4.21-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
650dde6cc6bcdc6c13da90e6d5ac5f5a  gnupg-1.4.21-x86_64-1_slack13.0.txz

Slackware 13.1 package:
cb0755d93986a8df059ff531236f5adc  gnupg-1.4.21-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
8459f1510a4fe319a42e6f87d7a05600  gnupg-1.4.21-x86_64-1_slack13.1.txz

Slackware 13.37 package:
ad785789eb17bd355ac9befa05c03905  gnupg-1.4.21-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
acc63f9119344496925efd85a911f38c  gnupg-1.4.21-x86_64-1_slack13.37.txz

Slackware 14.0 package:
e7820ceca9a28c2c56929fd464384417  gnupg-1.4.21-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
765c22a321312e0b6a02ed4218e1d2b5  gnupg-1.4.21-x86_64-1_slack14.0.txz

Slackware 14.1 package:
1c0220324a41709919f77c942e7e8b17  gnupg-1.4.21-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
b08ee4540ec6552176c322c36c5da3e9  gnupg-1.4.21-x86_64-1_slack14.1.txz

Slackware 14.2 package:
5bdc1c890fd2f1bdb63bbd9e47ff5d4f  gnupg-1.4.21-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
7088d02a89172c997b799d34f9b84f7c  gnupg-1.4.21-x86_64-1_slack14.2.txz

Slackware -current package:
2808c06200971813a071efae1fb5f03a  n/gnupg-1.4.21-i586-1.txz

Slackware x86_64 -current package:
db3de668806143ab7a3b05b3af16a91e  n/gnupg-1.4.21-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg gnupg-1.4.21-i586-1_slack14.2.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@...ckware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@...ckware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAle8tkkACgkQakRjwEAQIjPNwACfW8eK+qHqEO1SLPCORZRaKlHs
+4YAn0Qjx44XUW45Ms54hw7BuixDa175
=vBAT
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ