-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  gnupg / libgcrypt (SSA:2013-215-01)

New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0,
13.1, 13.37, 14.0, and -current to fix a security issue.  New libgpg-error
packages are also available for Slackware 13.1 and older as the supplied
version wasn't new enough to compile the fixed version of libgcrypt.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.14-i486-1_slack14.0.txz:  Upgraded.
  Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
  secret keys.
  For more information, see:
    https://eprint.iacr.org/2013/448
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
  (* Security fix *)
patches/packages/libgcrypt-1.5.3-i486-1_slack14.0.txz:  Upgraded.
  Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
  secret keys.
  For more information, see:
    https://eprint.iacr.org/2013/448
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated packages for Slackware 12.1:

Updated packages for Slackware 12.2:

Updated packages for Slackware 13.0:

Updated packages for Slackware x86_64 13.0:

Updated packages for Slackware 13.1:

Updated packages for Slackware x86_64 13.1:

Updated packages for Slackware 13.37:

Updated packages for Slackware x86_64 13.37:

Updated packages for Slackware 14.0:

Updated packages for Slackware x86_64 14.0:

Updated packages for Slackware -current:

Updated packages for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 12.1 packages:
edfa6b7fd6406ed4abd81a1a9cd968a6  gnupg-1.4.14-i486-1_slack12.1.tgz
6d50ecae51b1bb5e4901a93441c8d979  libgcrypt-1.5.3-i486-1_slack12.1.tgz
012330680b03d757be4425c9ae536933  libgpg-error-1.11-i486-1_slack12.1.tgz

Slackware 12.2 packages:
64b7f7356246b46764079910885e91ea  gnupg-1.4.14-i486-1_slack12.2.tgz
0bf6ae65411c96d9bd8893cc1b41040a  libgcrypt-1.5.3-i486-1_slack12.2.tgz
e3669f73f15b88576cbb219ad2ca39a3  libgpg-error-1.11-i486-1_slack12.2.tgz

Slackware 13.0 packages:
93e89b3a685ce45179a4708158de6d63  gnupg-1.4.14-i486-1_slack13.0.txz
c7f1d20e76c639d2e412254909130dd7  libgcrypt-1.5.3-i486-1_slack13.0.txz
4f75e8be0543bfb9aa8067a2e4632b3f  libgpg-error-1.11-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:
b1725df1cb6183c22a385e41d68099ed  gnupg-1.4.14-x86_64-1_slack13.0.txz
4b1ae976b6b855de8c320cdeba870b67  libgcrypt-1.5.3-x86_64-1_slack13.0.txz
4c3f64870f18afdc2054cf5e47a5cbb4  libgpg-error-1.11-x86_64-1_slack13.0.txz

Slackware 13.1 packages:
b2f19bf31eab2d1e0ab32004f62baa20  gnupg-1.4.14-i486-1_slack13.1.txz
aec46a60340156b66d4aacf1cae150d7  libgcrypt-1.5.3-i486-1_slack13.1.txz
6f939d0733758181bbd18863144d089c  libgpg-error-1.11-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:
ee43d4a0a3c84add3c7b0ee616bb97bb  gnupg-1.4.14-x86_64-1_slack13.1.txz
11621b833256b6e69f9f925572e2b652  libgcrypt-1.5.3-x86_64-1_slack13.1.txz
835e0e7e05d6f70888927cdc8f7ba4c4  libgpg-error-1.11-x86_64-1_slack13.1.txz

Slackware 13.37 packages:
341734a954fcaaff59de62cb8fad8ba2  gnupg-1.4.14-i486-1_slack13.37.txz
fb40f68f56ee0ae72c4b7ded47d39049  libgcrypt-1.5.3-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages:
e437855c2593ea655c8a1999622f07d4  gnupg-1.4.14-x86_64-1_slack13.37.txz
89b4e2fef96511e5cba56ab37d6b06d4  libgcrypt-1.5.3-x86_64-1_slack13.37.txz

Slackware 14.0 packages:
fa77aa1d0fd98071a59e2879477d9687  gnupg-1.4.14-i486-1_slack14.0.txz
0f1b846d23f0d876a5f044e116d07f6d  libgcrypt-1.5.3-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
7046e1c0d35427659633d746b2c350af  gnupg-1.4.14-x86_64-1_slack14.0.txz
6381a6cfbe00c5450e0d92518bf41202  libgcrypt-1.5.3-x86_64-1_slack14.0.txz

Slackware -current packages:
2bebcc3164c45d8a68d24f5c807b15a2  n/gnupg-1.4.14-i486-1.txz
67e7f7d3c3215c3da7860ed882cf9ce3  n/libgcrypt-1.5.3-i486-1.txz

Slackware x86_64 -current packages:
a3423fe0d47ad239db726f83acfe1b0b  n/gnupg-1.4.14-x86_64-1.txz
0751449407fd5b87c6936f53ec154a79  n/libgcrypt-1.5.3-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg gnupg-1.4.14-i486-1_slack14.0.txz libgcrypt-1.5.3-i486-1_slack14.0.txz


+-----+

Slackware: 2013-215-01: gnupg / libgcrypt Security Update

August 3, 2013
New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.0 ChangeLog: patches/packages/gnupg-1.4.14-i486-1_slack14.0.txz: Upgraded. Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. For more information, see: https://eprint.iacr.org/2013/448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242 (* Security fix *) patches/packages/libgcrypt-1.5.3-i486-1_slack14.0.txz: Upgraded. Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. For more information, see: https://eprint.iacr.org/2013/448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 12.1:
Updated packages for Slackware 12.2:
Updated packages for Slackware 13.0:
Updated packages for Slackware x86_64 13.0:
Updated packages for Slackware 13.1:
Updated packages for Slackware x86_64 13.1:
Updated packages for Slackware 13.37:
Updated packages for Slackware x86_64 13.37:
Updated packages for Slackware 14.0:
Updated packages for Slackware x86_64 14.0:
Updated packages for Slackware -current:
Updated packages for Slackware x86_64 -current:

MD5 Signatures

Slackware 12.1 packages: edfa6b7fd6406ed4abd81a1a9cd968a6 gnupg-1.4.14-i486-1_slack12.1.tgz 6d50ecae51b1bb5e4901a93441c8d979 libgcrypt-1.5.3-i486-1_slack12.1.tgz 012330680b03d757be4425c9ae536933 libgpg-error-1.11-i486-1_slack12.1.tgz
Slackware 12.2 packages: 64b7f7356246b46764079910885e91ea gnupg-1.4.14-i486-1_slack12.2.tgz 0bf6ae65411c96d9bd8893cc1b41040a libgcrypt-1.5.3-i486-1_slack12.2.tgz e3669f73f15b88576cbb219ad2ca39a3 libgpg-error-1.11-i486-1_slack12.2.tgz
Slackware 13.0 packages: 93e89b3a685ce45179a4708158de6d63 gnupg-1.4.14-i486-1_slack13.0.txz c7f1d20e76c639d2e412254909130dd7 libgcrypt-1.5.3-i486-1_slack13.0.txz 4f75e8be0543bfb9aa8067a2e4632b3f libgpg-error-1.11-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: b1725df1cb6183c22a385e41d68099ed gnupg-1.4.14-x86_64-1_slack13.0.txz 4b1ae976b6b855de8c320cdeba870b67 libgcrypt-1.5.3-x86_64-1_slack13.0.txz 4c3f64870f18afdc2054cf5e47a5cbb4 libgpg-error-1.11-x86_64-1_slack13.0.txz
Slackware 13.1 packages: b2f19bf31eab2d1e0ab32004f62baa20 gnupg-1.4.14-i486-1_slack13.1.txz aec46a60340156b66d4aacf1cae150d7 libgcrypt-1.5.3-i486-1_slack13.1.txz 6f939d0733758181bbd18863144d089c libgpg-error-1.11-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: ee43d4a0a3c84add3c7b0ee616bb97bb gnupg-1.4.14-x86_64-1_slack13.1.txz 11621b833256b6e69f9f925572e2b652 libgcrypt-1.5.3-x86_64-1_slack13.1.txz 835e0e7e05d6f70888927cdc8f7ba4c4 libgpg-error-1.11-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 341734a954fcaaff59de62cb8fad8ba2 gnupg-1.4.14-i486-1_slack13.37.txz fb40f68f56ee0ae72c4b7ded47d39049 libgcrypt-1.5.3-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: e437855c2593ea655c8a1999622f07d4 gnupg-1.4.14-x86_64-1_slack13.37.txz 89b4e2fef96511e5cba56ab37d6b06d4 libgcrypt-1.5.3-x86_64-1_slack13.37.txz
Slackware 14.0 packages: fa77aa1d0fd98071a59e2879477d9687 gnupg-1.4.14-i486-1_slack14.0.txz 0f1b846d23f0d876a5f044e116d07f6d libgcrypt-1.5.3-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 7046e1c0d35427659633d746b2c350af gnupg-1.4.14-x86_64-1_slack14.0.txz 6381a6cfbe00c5450e0d92518bf41202 libgcrypt-1.5.3-x86_64-1_slack14.0.txz
Slackware -current packages: 2bebcc3164c45d8a68d24f5c807b15a2 n/gnupg-1.4.14-i486-1.txz 67e7f7d3c3215c3da7860ed882cf9ce3 n/libgcrypt-1.5.3-i486-1.txz
Slackware x86_64 -current packages: a3423fe0d47ad239db726f83acfe1b0b n/gnupg-1.4.14-x86_64-1.txz 0751449407fd5b87c6936f53ec154a79 n/libgcrypt-1.5.3-x86_64-1.txz

Severity
[slackware-security] gnupg / libgcrypt (SSA:2013-215-01)
New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error packages are also available for Slackware 13.1 and older as the supplied version wasn't new enough to compile the fixed version of libgcrypt.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg gnupg-1.4.14-i486-1_slack14.0.txz libgcrypt-1.5.3-i486-1_slack14.0.txz

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved