-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnupg (SSA:2016-236-01) New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/gnupg-1.4.21-i586-1_slack14.2.txz: Upgraded. Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who obtains 580 bytes from the standard RNG can trivially predict the next 20 bytes of output. (This is according to the NEWS file included in the source. According to the annoucement linked below, an attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output.) Problem detected by Felix Doerre and Vladimir Klebanov, KIT. For more information, see: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnupg-1.4.21-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnupg-1.4.21-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnupg-1.4.21-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnupg-1.4.21-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnupg-1.4.21-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnupg-1.4.21-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnupg-1.4.21-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnupg-1.4.21-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gnupg-1.4.21-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gnupg-1.4.21-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gnupg-1.4.21-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gnupg-1.4.21-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnupg-1.4.21-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnupg-1.4.21-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: ad17f87851028e4d5cb29676a6fea7f6 gnupg-1.4.21-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 650dde6cc6bcdc6c13da90e6d5ac5f5a gnupg-1.4.21-x86_64-1_slack13.0.txz Slackware 13.1 package: cb0755d93986a8df059ff531236f5adc gnupg-1.4.21-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 8459f1510a4fe319a42e6f87d7a05600 gnupg-1.4.21-x86_64-1_slack13.1.txz Slackware 13.37 package: ad785789eb17bd355ac9befa05c03905 gnupg-1.4.21-i486-1_slack13.37.txz Slackware x86_64 13.37 package: acc63f9119344496925efd85a911f38c gnupg-1.4.21-x86_64-1_slack13.37.txz Slackware 14.0 package: e7820ceca9a28c2c56929fd464384417 gnupg-1.4.21-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 765c22a321312e0b6a02ed4218e1d2b5 gnupg-1.4.21-x86_64-1_slack14.0.txz Slackware 14.1 package: 1c0220324a41709919f77c942e7e8b17 gnupg-1.4.21-i486-1_slack14.1.txz Slackware x86_64 14.1 package: b08ee4540ec6552176c322c36c5da3e9 gnupg-1.4.21-x86_64-1_slack14.1.txz Slackware 14.2 package: 5bdc1c890fd2f1bdb63bbd9e47ff5d4f gnupg-1.4.21-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 7088d02a89172c997b799d34f9b84f7c gnupg-1.4.21-x86_64-1_slack14.2.txz Slackware -current package: 2808c06200971813a071efae1fb5f03a n/gnupg-1.4.21-i586-1.txz Slackware x86_64 -current package: db3de668806143ab7a3b05b3af16a91e n/gnupg-1.4.21-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg gnupg-1.4.21-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@xxxxxxxxxxxxx +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@xxxxxxxxxxxxx with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAle8tkkACgkQakRjwEAQIjPNwACfW8eK+qHqEO1SLPCORZRaKlHs +4YAn0Qjx44XUW45Ms54hw7BuixDa175 =vBAT -----END PGP SIGNATURE-----