-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnupg / libgcrypt (SSA:2013-215-01) New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error packages are also available for Slackware 13.1 and older as the supplied version wasn't new enough to compile the fixed version of libgcrypt. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/gnupg-1.4.14-i486-1_slack14.0.txz: Upgraded. Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. For more information, see: http://eprint.iacr.org/2013/448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242 (* Security fix *) patches/packages/libgcrypt-1.5.3-i486-1_slack14.0.txz: Upgraded. Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. For more information, see: http://eprint.iacr.org/2013/448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packagess/gnupg-1.4.14-i486-1_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packagess/libgcrypt-1.5.3-i486-1_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packagess/libgpg-error-1.11-i486-1_slack12.1.tgz Updated packages for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packagess/gnupg-1.4.14-i486-1_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packagess/libgcrypt-1.5.3-i486-1_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packagess/libgpg-error-1.11-i486-1_slack12.2.tgz Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packagess/gnupg-1.4.14-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packagess/libgcrypt-1.5.3-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packagess/libgpg-error-1.11-i486-1_slack13.0.txz Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packagess/gnupg-1.4.14-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packagess/libgcrypt-1.5.3-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packagess/libgpg-error-1.11-x86_64-1_slack13.0.txz Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packagess/gnupg-1.4.14-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packagess/libgcrypt-1.5.3-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packagess/libgpg-error-1.11-i486-1_slack13.1.txz Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packagess/gnupg-1.4.14-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packagess/libgcrypt-1.5.3-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packagess/libgpg-error-1.11-x86_64-1_slack13.1.txz Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packagess/gnupg-1.4.14-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packagess/libgcrypt-1.5.3-i486-1_slack13.37.txz Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packagess/gnupg-1.4.14-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packagess/libgcrypt-1.5.3-x86_64-1_slack13.37.txz Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packagess/gnupg-1.4.14-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packagess/libgcrypt-1.5.3-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packagess/gnupg-1.4.14-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packagess/libgcrypt-1.5.3-x86_64-1_slack14.0.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnupg-1.4.14-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/libgcrypt-1.5.3-i486-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnupg-1.4.14-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/libgcrypt-1.5.3-x86_64-1.txz MD5 signatures: +-------------+ Slackware 12.1 packages: edfa6b7fd6406ed4abd81a1a9cd968a6 gnupg-1.4.14-i486-1_slack12.1.tgz 6d50ecae51b1bb5e4901a93441c8d979 libgcrypt-1.5.3-i486-1_slack12.1.tgz 012330680b03d757be4425c9ae536933 libgpg-error-1.11-i486-1_slack12.1.tgz Slackware 12.2 packages: 64b7f7356246b46764079910885e91ea gnupg-1.4.14-i486-1_slack12.2.tgz 0bf6ae65411c96d9bd8893cc1b41040a libgcrypt-1.5.3-i486-1_slack12.2.tgz e3669f73f15b88576cbb219ad2ca39a3 libgpg-error-1.11-i486-1_slack12.2.tgz Slackware 13.0 packages: 93e89b3a685ce45179a4708158de6d63 gnupg-1.4.14-i486-1_slack13.0.txz c7f1d20e76c639d2e412254909130dd7 libgcrypt-1.5.3-i486-1_slack13.0.txz 4f75e8be0543bfb9aa8067a2e4632b3f libgpg-error-1.11-i486-1_slack13.0.txz Slackware x86_64 13.0 packages: b1725df1cb6183c22a385e41d68099ed gnupg-1.4.14-x86_64-1_slack13.0.txz 4b1ae976b6b855de8c320cdeba870b67 libgcrypt-1.5.3-x86_64-1_slack13.0.txz 4c3f64870f18afdc2054cf5e47a5cbb4 libgpg-error-1.11-x86_64-1_slack13.0.txz Slackware 13.1 packages: b2f19bf31eab2d1e0ab32004f62baa20 gnupg-1.4.14-i486-1_slack13.1.txz aec46a60340156b66d4aacf1cae150d7 libgcrypt-1.5.3-i486-1_slack13.1.txz 6f939d0733758181bbd18863144d089c libgpg-error-1.11-i486-1_slack13.1.txz Slackware x86_64 13.1 packages: ee43d4a0a3c84add3c7b0ee616bb97bb gnupg-1.4.14-x86_64-1_slack13.1.txz 11621b833256b6e69f9f925572e2b652 libgcrypt-1.5.3-x86_64-1_slack13.1.txz 835e0e7e05d6f70888927cdc8f7ba4c4 libgpg-error-1.11-x86_64-1_slack13.1.txz Slackware 13.37 packages: 341734a954fcaaff59de62cb8fad8ba2 gnupg-1.4.14-i486-1_slack13.37.txz fb40f68f56ee0ae72c4b7ded47d39049 libgcrypt-1.5.3-i486-1_slack13.37.txz Slackware x86_64 13.37 packages: e437855c2593ea655c8a1999622f07d4 gnupg-1.4.14-x86_64-1_slack13.37.txz 89b4e2fef96511e5cba56ab37d6b06d4 libgcrypt-1.5.3-x86_64-1_slack13.37.txz Slackware 14.0 packages: fa77aa1d0fd98071a59e2879477d9687 gnupg-1.4.14-i486-1_slack14.0.txz 0f1b846d23f0d876a5f044e116d07f6d libgcrypt-1.5.3-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: 7046e1c0d35427659633d746b2c350af gnupg-1.4.14-x86_64-1_slack14.0.txz 6381a6cfbe00c5450e0d92518bf41202 libgcrypt-1.5.3-x86_64-1_slack14.0.txz Slackware -current packages: 2bebcc3164c45d8a68d24f5c807b15a2 n/gnupg-1.4.14-i486-1.txz 67e7f7d3c3215c3da7860ed882cf9ce3 n/libgcrypt-1.5.3-i486-1.txz Slackware x86_64 -current packages: a3423fe0d47ad239db726f83acfe1b0b n/gnupg-1.4.14-x86_64-1.txz 0751449407fd5b87c6936f53ec154a79 n/libgcrypt-1.5.3-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg gnupg-1.4.14-i486-1_slack14.0.txz libgcrypt-1.5.3-i486-1_slack14.0.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iEYEARECAAYFAlH9cJMACgkQakRjwEAQIjMx2gCffL116ouqvw4B3y/gxf4chPyy QbIAni3WPHjkgLSfpGT/MBqabHEhB992 =tJw3 -----END PGP SIGNATURE-----