gnupg (SSA:2016-236-01)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] gnupg (SSA:2016-236-01)
Date: Tue, 23 Aug 2016 13:58:51 -0700 (PDT)





-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnupg (SSA:2016-236-01)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.21-i586-1_slack14.2.txz: Upgraded.
Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
obtains 580 bytes from the standard RNG can trivially predict the next
20 bytes of output. (This is according to the NEWS file included in the
source. According to the annoucement linked below, an attacker who obtains
4640 bits from the RNG can trivially predict the next 160 bits of output.)
Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
For more information, see:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnupg-1.4.21-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnupg-1.4.21-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnupg-1.4.21-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnupg-1.4.21-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnupg-1.4.21-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnupg-1.4.21-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnupg-1.4.21-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnupg-1.4.21-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gnupg-1.4.21-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gnupg-1.4.21-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gnupg-1.4.21-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gnupg-1.4.21-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnupg-1.4.21-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnupg-1.4.21-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
ad17f87851028e4d5cb29676a6fea7f6 gnupg-1.4.21-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
650dde6cc6bcdc6c13da90e6d5ac5f5a gnupg-1.4.21-x86_64-1_slack13.0.txz

Slackware 13.1 package:
cb0755d93986a8df059ff531236f5adc gnupg-1.4.21-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
8459f1510a4fe319a42e6f87d7a05600 gnupg-1.4.21-x86_64-1_slack13.1.txz

Slackware 13.37 package:
ad785789eb17bd355ac9befa05c03905 gnupg-1.4.21-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
acc63f9119344496925efd85a911f38c gnupg-1.4.21-x86_64-1_slack13.37.txz

Slackware 14.0 package:
e7820ceca9a28c2c56929fd464384417 gnupg-1.4.21-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
765c22a321312e0b6a02ed4218e1d2b5 gnupg-1.4.21-x86_64-1_slack14.0.txz

Slackware 14.1 package:
1c0220324a41709919f77c942e7e8b17 gnupg-1.4.21-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
b08ee4540ec6552176c322c36c5da3e9 gnupg-1.4.21-x86_64-1_slack14.1.txz

Slackware 14.2 package:
5bdc1c890fd2f1bdb63bbd9e47ff5d4f gnupg-1.4.21-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
7088d02a89172c997b799d34f9b84f7c gnupg-1.4.21-x86_64-1_slack14.2.txz

Slackware -current package:
2808c06200971813a071efae1fb5f03a n/gnupg-1.4.21-i586-1.txz

Slackware x86_64 -current package:
db3de668806143ab7a3b05b3af16a91e n/gnupg-1.4.21-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg gnupg-1.4.21-i586-1_slack14.2.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAle8tkkACgkQakRjwEAQIjPNwACfW8eK+qHqEO1SLPCORZRaKlHs
+4YAn0Qjx44XUW45Ms54hw7BuixDa175
=vBAT
-----END PGP SIGNATURE-----