-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  gnupg / libgcrypt (SSA:2013-215-01)

New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0,
13.1, 13.37, 14.0, and -current to fix a security issue.  New libgpg-error
packages are also available for Slackware 13.1 and older as the supplied
version wasn't new enough to compile the fixed version of libgcrypt.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.14-i486-1_slack14.0.txz:  Upgraded.
  Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
  secret keys.
  For more information, see:
    https://eprint.iacr.org/2013/448
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
  (* Security fix *)
patches/packages/libgcrypt-1.5.3-i486-1_slack14.0.txz:  Upgraded.
  Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
  secret keys.
  For more information, see:
    https://eprint.iacr.org/2013/448
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated packages for Slackware 12.1:

Updated packages for Slackware 12.2:

Updated packages for Slackware 13.0:

Updated packages for Slackware x86_64 13.0:

Updated packages for Slackware 13.1:

Updated packages for Slackware x86_64 13.1:

Updated packages for Slackware 13.37:

Updated packages for Slackware x86_64 13.37:

Updated packages for Slackware 14.0:

Updated packages for Slackware x86_64 14.0:

Updated packages for Slackware -current:

Updated packages for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 12.1 packages:
edfa6b7fd6406ed4abd81a1a9cd968a6  gnupg-1.4.14-i486-1_slack12.1.tgz
6d50ecae51b1bb5e4901a93441c8d979  libgcrypt-1.5.3-i486-1_slack12.1.tgz
012330680b03d757be4425c9ae536933  libgpg-error-1.11-i486-1_slack12.1.tgz

Slackware 12.2 packages:
64b7f7356246b46764079910885e91ea  gnupg-1.4.14-i486-1_slack12.2.tgz
0bf6ae65411c96d9bd8893cc1b41040a  libgcrypt-1.5.3-i486-1_slack12.2.tgz
e3669f73f15b88576cbb219ad2ca39a3  libgpg-error-1.11-i486-1_slack12.2.tgz

Slackware 13.0 packages:
93e89b3a685ce45179a4708158de6d63  gnupg-1.4.14-i486-1_slack13.0.txz
c7f1d20e76c639d2e412254909130dd7  libgcrypt-1.5.3-i486-1_slack13.0.txz
4f75e8be0543bfb9aa8067a2e4632b3f  libgpg-error-1.11-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:
b1725df1cb6183c22a385e41d68099ed  gnupg-1.4.14-x86_64-1_slack13.0.txz
4b1ae976b6b855de8c320cdeba870b67  libgcrypt-1.5.3-x86_64-1_slack13.0.txz
4c3f64870f18afdc2054cf5e47a5cbb4  libgpg-error-1.11-x86_64-1_slack13.0.txz

Slackware 13.1 packages:
b2f19bf31eab2d1e0ab32004f62baa20  gnupg-1.4.14-i486-1_slack13.1.txz
aec46a60340156b66d4aacf1cae150d7  libgcrypt-1.5.3-i486-1_slack13.1.txz
6f939d0733758181bbd18863144d089c  libgpg-error-1.11-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:
ee43d4a0a3c84add3c7b0ee616bb97bb  gnupg-1.4.14-x86_64-1_slack13.1.txz
11621b833256b6e69f9f925572e2b652  libgcrypt-1.5.3-x86_64-1_slack13.1.txz
835e0e7e05d6f70888927cdc8f7ba4c4  libgpg-error-1.11-x86_64-1_slack13.1.txz

Slackware 13.37 packages:
341734a954fcaaff59de62cb8fad8ba2  gnupg-1.4.14-i486-1_slack13.37.txz
fb40f68f56ee0ae72c4b7ded47d39049  libgcrypt-1.5.3-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages:
e437855c2593ea655c8a1999622f07d4  gnupg-1.4.14-x86_64-1_slack13.37.txz
89b4e2fef96511e5cba56ab37d6b06d4  libgcrypt-1.5.3-x86_64-1_slack13.37.txz

Slackware 14.0 packages:
fa77aa1d0fd98071a59e2879477d9687  gnupg-1.4.14-i486-1_slack14.0.txz
0f1b846d23f0d876a5f044e116d07f6d  libgcrypt-1.5.3-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
7046e1c0d35427659633d746b2c350af  gnupg-1.4.14-x86_64-1_slack14.0.txz
6381a6cfbe00c5450e0d92518bf41202  libgcrypt-1.5.3-x86_64-1_slack14.0.txz

Slackware -current packages:
2bebcc3164c45d8a68d24f5c807b15a2  n/gnupg-1.4.14-i486-1.txz
67e7f7d3c3215c3da7860ed882cf9ce3  n/libgcrypt-1.5.3-i486-1.txz

Slackware x86_64 -current packages:
a3423fe0d47ad239db726f83acfe1b0b  n/gnupg-1.4.14-x86_64-1.txz
0751449407fd5b87c6936f53ec154a79  n/libgcrypt-1.5.3-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg gnupg-1.4.14-i486-1_slack14.0.txz libgcrypt-1.5.3-i486-1_slack14.0.txz


+-----+

Slackware: 2013-215-01: gnupg / libgcrypt Security Update

August 3, 2013
New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.0 ChangeLog: patches/packages/gnupg-1.4.14-i486-1_slack14.0.txz: Upgraded. Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. For more information, see: https://eprint.iacr.org/2013/448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242 (* Security fix *) patches/packages/libgcrypt-1.5.3-i486-1_slack14.0.txz: Upgraded. Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. For more information, see: https://eprint.iacr.org/2013/448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 12.1:
Updated packages for Slackware 12.2:
Updated packages for Slackware 13.0:
Updated packages for Slackware x86_64 13.0:
Updated packages for Slackware 13.1:
Updated packages for Slackware x86_64 13.1:
Updated packages for Slackware 13.37:
Updated packages for Slackware x86_64 13.37:
Updated packages for Slackware 14.0:
Updated packages for Slackware x86_64 14.0:
Updated packages for Slackware -current:
Updated packages for Slackware x86_64 -current:

MD5 Signatures

Slackware 12.1 packages: edfa6b7fd6406ed4abd81a1a9cd968a6 gnupg-1.4.14-i486-1_slack12.1.tgz 6d50ecae51b1bb5e4901a93441c8d979 libgcrypt-1.5.3-i486-1_slack12.1.tgz 012330680b03d757be4425c9ae536933 libgpg-error-1.11-i486-1_slack12.1.tgz
Slackware 12.2 packages: 64b7f7356246b46764079910885e91ea gnupg-1.4.14-i486-1_slack12.2.tgz 0bf6ae65411c96d9bd8893cc1b41040a libgcrypt-1.5.3-i486-1_slack12.2.tgz e3669f73f15b88576cbb219ad2ca39a3 libgpg-error-1.11-i486-1_slack12.2.tgz
Slackware 13.0 packages: 93e89b3a685ce45179a4708158de6d63 gnupg-1.4.14-i486-1_slack13.0.txz c7f1d20e76c639d2e412254909130dd7 libgcrypt-1.5.3-i486-1_slack13.0.txz 4f75e8be0543bfb9aa8067a2e4632b3f libgpg-error-1.11-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: b1725df1cb6183c22a385e41d68099ed gnupg-1.4.14-x86_64-1_slack13.0.txz 4b1ae976b6b855de8c320cdeba870b67 libgcrypt-1.5.3-x86_64-1_slack13.0.txz 4c3f64870f18afdc2054cf5e47a5cbb4 libgpg-error-1.11-x86_64-1_slack13.0.txz
Slackware 13.1 packages: b2f19bf31eab2d1e0ab32004f62baa20 gnupg-1.4.14-i486-1_slack13.1.txz aec46a60340156b66d4aacf1cae150d7 libgcrypt-1.5.3-i486-1_slack13.1.txz 6f939d0733758181bbd18863144d089c libgpg-error-1.11-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: ee43d4a0a3c84add3c7b0ee616bb97bb gnupg-1.4.14-x86_64-1_slack13.1.txz 11621b833256b6e69f9f925572e2b652 libgcrypt-1.5.3-x86_64-1_slack13.1.txz 835e0e7e05d6f70888927cdc8f7ba4c4 libgpg-error-1.11-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 341734a954fcaaff59de62cb8fad8ba2 gnupg-1.4.14-i486-1_slack13.37.txz fb40f68f56ee0ae72c4b7ded47d39049 libgcrypt-1.5.3-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: e437855c2593ea655c8a1999622f07d4 gnupg-1.4.14-x86_64-1_slack13.37.txz 89b4e2fef96511e5cba56ab37d6b06d4 libgcrypt-1.5.3-x86_64-1_slack13.37.txz
Slackware 14.0 packages: fa77aa1d0fd98071a59e2879477d9687 gnupg-1.4.14-i486-1_slack14.0.txz 0f1b846d23f0d876a5f044e116d07f6d libgcrypt-1.5.3-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 7046e1c0d35427659633d746b2c350af gnupg-1.4.14-x86_64-1_slack14.0.txz 6381a6cfbe00c5450e0d92518bf41202 libgcrypt-1.5.3-x86_64-1_slack14.0.txz
Slackware -current packages: 2bebcc3164c45d8a68d24f5c807b15a2 n/gnupg-1.4.14-i486-1.txz 67e7f7d3c3215c3da7860ed882cf9ce3 n/libgcrypt-1.5.3-i486-1.txz
Slackware x86_64 -current packages: a3423fe0d47ad239db726f83acfe1b0b n/gnupg-1.4.14-x86_64-1.txz 0751449407fd5b87c6936f53ec154a79 n/libgcrypt-1.5.3-x86_64-1.txz

Severity
[slackware-security] gnupg / libgcrypt (SSA:2013-215-01)
New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error packages are also available for Slackware 13.1 and older as the supplied version wasn't new enough to compile the fixed version of libgcrypt.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg gnupg-1.4.14-i486-1_slack14.0.txz libgcrypt-1.5.3-i486-1_slack14.0.txz

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved