LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 27th, 2014
Linux Advisory Watch: October 24th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Slackware: 2013-215-01: gnupg / libgcrypt: Security Update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Slackware New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error packages are also available for Slackware 13.1 and older as the supplied version wasn't new enough to compile the fixed version of libgcrypt. [More Info...]
[slackware-security]  gnupg / libgcrypt (SSA:2013-215-01)

New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0,
13.1, 13.37, 14.0, and -current to fix a security issue.  New libgpg-error
packages are also available for Slackware 13.1 and older as the supplied
version wasn't new enough to compile the fixed version of libgcrypt.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.14-i486-1_slack14.0.txz:  Upgraded.
  Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
  secret keys.
  For more information, see:
    http://eprint.iacr.org/2013/448
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
  (* Security fix *)
patches/packages/libgcrypt-1.5.3-i486-1_slack14.0.txz:  Upgraded.
  Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
  secret keys.
  For more information, see:
    http://eprint.iacr.org/2013/448
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packagess/gnupg-1.4.14-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packagess/libgcrypt-1.5.3-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packagess/libgpg-error-1.11-i486-1_slack12.1.tgz

Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packagess/gnupg-1.4.14-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packagess/libgcrypt-1.5.3-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packagess/libgpg-error-1.11-i486-1_slack12.2.tgz

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packagess/gnupg-1.4.14-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packagess/libgcrypt-1.5.3-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packagess/libgpg-error-1.11-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packagess/gnupg-1.4.14-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packagess/libgcrypt-1.5.3-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packagess/libgpg-error-1.11-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packagess/gnupg-1.4.14-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packagess/libgcrypt-1.5.3-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packagess/libgpg-error-1.11-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packagess/gnupg-1.4.14-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packagess/libgcrypt-1.5.3-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packagess/libgpg-error-1.11-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packagess/gnupg-1.4.14-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packagess/libgcrypt-1.5.3-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packagess/gnupg-1.4.14-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packagess/libgcrypt-1.5.3-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packagess/gnupg-1.4.14-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packagess/libgcrypt-1.5.3-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packagess/gnupg-1.4.14-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packagess/libgcrypt-1.5.3-x86_64-1_slack14.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnupg-1.4.14-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/libgcrypt-1.5.3-i486-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnupg-1.4.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/libgcrypt-1.5.3-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 12.1 packages:
edfa6b7fd6406ed4abd81a1a9cd968a6  gnupg-1.4.14-i486-1_slack12.1.tgz
6d50ecae51b1bb5e4901a93441c8d979  libgcrypt-1.5.3-i486-1_slack12.1.tgz
012330680b03d757be4425c9ae536933  libgpg-error-1.11-i486-1_slack12.1.tgz

Slackware 12.2 packages:
64b7f7356246b46764079910885e91ea  gnupg-1.4.14-i486-1_slack12.2.tgz
0bf6ae65411c96d9bd8893cc1b41040a  libgcrypt-1.5.3-i486-1_slack12.2.tgz
e3669f73f15b88576cbb219ad2ca39a3  libgpg-error-1.11-i486-1_slack12.2.tgz

Slackware 13.0 packages:
93e89b3a685ce45179a4708158de6d63  gnupg-1.4.14-i486-1_slack13.0.txz
c7f1d20e76c639d2e412254909130dd7  libgcrypt-1.5.3-i486-1_slack13.0.txz
4f75e8be0543bfb9aa8067a2e4632b3f  libgpg-error-1.11-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:
b1725df1cb6183c22a385e41d68099ed  gnupg-1.4.14-x86_64-1_slack13.0.txz
4b1ae976b6b855de8c320cdeba870b67  libgcrypt-1.5.3-x86_64-1_slack13.0.txz
4c3f64870f18afdc2054cf5e47a5cbb4  libgpg-error-1.11-x86_64-1_slack13.0.txz

Slackware 13.1 packages:
b2f19bf31eab2d1e0ab32004f62baa20  gnupg-1.4.14-i486-1_slack13.1.txz
aec46a60340156b66d4aacf1cae150d7  libgcrypt-1.5.3-i486-1_slack13.1.txz
6f939d0733758181bbd18863144d089c  libgpg-error-1.11-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:
ee43d4a0a3c84add3c7b0ee616bb97bb  gnupg-1.4.14-x86_64-1_slack13.1.txz
11621b833256b6e69f9f925572e2b652  libgcrypt-1.5.3-x86_64-1_slack13.1.txz
835e0e7e05d6f70888927cdc8f7ba4c4  libgpg-error-1.11-x86_64-1_slack13.1.txz

Slackware 13.37 packages:
341734a954fcaaff59de62cb8fad8ba2  gnupg-1.4.14-i486-1_slack13.37.txz
fb40f68f56ee0ae72c4b7ded47d39049  libgcrypt-1.5.3-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages:
e437855c2593ea655c8a1999622f07d4  gnupg-1.4.14-x86_64-1_slack13.37.txz
89b4e2fef96511e5cba56ab37d6b06d4  libgcrypt-1.5.3-x86_64-1_slack13.37.txz

Slackware 14.0 packages:
fa77aa1d0fd98071a59e2879477d9687  gnupg-1.4.14-i486-1_slack14.0.txz
0f1b846d23f0d876a5f044e116d07f6d  libgcrypt-1.5.3-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
7046e1c0d35427659633d746b2c350af  gnupg-1.4.14-x86_64-1_slack14.0.txz
6381a6cfbe00c5450e0d92518bf41202  libgcrypt-1.5.3-x86_64-1_slack14.0.txz

Slackware -current packages:
2bebcc3164c45d8a68d24f5c807b15a2  n/gnupg-1.4.14-i486-1.txz
67e7f7d3c3215c3da7860ed882cf9ce3  n/libgcrypt-1.5.3-i486-1.txz

Slackware x86_64 -current packages:
a3423fe0d47ad239db726f83acfe1b0b  n/gnupg-1.4.14-x86_64-1.txz
0751449407fd5b87c6936f53ec154a79  n/libgcrypt-1.5.3-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg gnupg-1.4.14-i486-1_slack14.0.txz libgcrypt-1.5.3-i486-1_slack14.0.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data
Hackers target unclassified White House network
BYOD: Why the biggest security worry is the fool within rather than the enemy without
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.