gnupg / libgcrypt (SSA:2013-215-01)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] gnupg / libgcrypt (SSA:2013-215-01)
Date: Sat, 3 Aug 2013 15:26:17 -0700 (PDT)





-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnupg / libgcrypt (SSA:2013-215-01)

New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0,
13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error
packages are also available for Slackware 13.1 and older as the supplied
version wasn't new enough to compile the fixed version of libgcrypt.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.14-i486-1_slack14.0.txz: Upgraded.
Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
secret keys.
For more information, see:
http://eprint.iacr.org/2013/448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
(* Security fix *)
patches/packages/libgcrypt-1.5.3-i486-1_slack14.0.txz: Upgraded.
Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
secret keys.
For more information, see:
http://eprint.iacr.org/2013/448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/gnupg-1.4.14-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libgcrypt-1.5.3-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libgpg-error-1.11-i486-1_slack12.1.tgz

Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/gnupg-1.4.14-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libgcrypt-1.5.3-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libgpg-error-1.11-i486-1_slack12.2.tgz

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnupg-1.4.14-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libgcrypt-1.5.3-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libgpg-error-1.11-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnupg-1.4.14-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libgcrypt-1.5.3-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libgpg-error-1.11-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnupg-1.4.14-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libgcrypt-1.5.3-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libgpg-error-1.11-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnupg-1.4.14-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libgcrypt-1.5.3-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libgpg-error-1.11-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnupg-1.4.14-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libgcrypt-1.5.3-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnupg-1.4.14-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libgcrypt-1.5.3-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnupg-1.4.14-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libgcrypt-1.5.3-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnupg-1.4.14-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libgcrypt-1.5.3-x86_64-1_slack14.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnupg-1.4.14-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/libgcrypt-1.5.3-i486-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnupg-1.4.14-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/libgcrypt-1.5.3-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 12.1 packages:
edfa6b7fd6406ed4abd81a1a9cd968a6 gnupg-1.4.14-i486-1_slack12.1.tgz
6d50ecae51b1bb5e4901a93441c8d979 libgcrypt-1.5.3-i486-1_slack12.1.tgz
012330680b03d757be4425c9ae536933 libgpg-error-1.11-i486-1_slack12.1.tgz

Slackware 12.2 packages:
64b7f7356246b46764079910885e91ea gnupg-1.4.14-i486-1_slack12.2.tgz
0bf6ae65411c96d9bd8893cc1b41040a libgcrypt-1.5.3-i486-1_slack12.2.tgz
e3669f73f15b88576cbb219ad2ca39a3 libgpg-error-1.11-i486-1_slack12.2.tgz

Slackware 13.0 packages:
93e89b3a685ce45179a4708158de6d63 gnupg-1.4.14-i486-1_slack13.0.txz
c7f1d20e76c639d2e412254909130dd7 libgcrypt-1.5.3-i486-1_slack13.0.txz
4f75e8be0543bfb9aa8067a2e4632b3f libgpg-error-1.11-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages:
b1725df1cb6183c22a385e41d68099ed gnupg-1.4.14-x86_64-1_slack13.0.txz
4b1ae976b6b855de8c320cdeba870b67 libgcrypt-1.5.3-x86_64-1_slack13.0.txz
4c3f64870f18afdc2054cf5e47a5cbb4 libgpg-error-1.11-x86_64-1_slack13.0.txz

Slackware 13.1 packages:
b2f19bf31eab2d1e0ab32004f62baa20 gnupg-1.4.14-i486-1_slack13.1.txz
aec46a60340156b66d4aacf1cae150d7 libgcrypt-1.5.3-i486-1_slack13.1.txz
6f939d0733758181bbd18863144d089c libgpg-error-1.11-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages:
ee43d4a0a3c84add3c7b0ee616bb97bb gnupg-1.4.14-x86_64-1_slack13.1.txz
11621b833256b6e69f9f925572e2b652 libgcrypt-1.5.3-x86_64-1_slack13.1.txz
835e0e7e05d6f70888927cdc8f7ba4c4 libgpg-error-1.11-x86_64-1_slack13.1.txz

Slackware 13.37 packages:
341734a954fcaaff59de62cb8fad8ba2 gnupg-1.4.14-i486-1_slack13.37.txz
fb40f68f56ee0ae72c4b7ded47d39049 libgcrypt-1.5.3-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages:
e437855c2593ea655c8a1999622f07d4 gnupg-1.4.14-x86_64-1_slack13.37.txz
89b4e2fef96511e5cba56ab37d6b06d4 libgcrypt-1.5.3-x86_64-1_slack13.37.txz

Slackware 14.0 packages:
fa77aa1d0fd98071a59e2879477d9687 gnupg-1.4.14-i486-1_slack14.0.txz
0f1b846d23f0d876a5f044e116d07f6d libgcrypt-1.5.3-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages:
7046e1c0d35427659633d746b2c350af gnupg-1.4.14-x86_64-1_slack14.0.txz
6381a6cfbe00c5450e0d92518bf41202 libgcrypt-1.5.3-x86_64-1_slack14.0.txz

Slackware -current packages:
2bebcc3164c45d8a68d24f5c807b15a2 n/gnupg-1.4.14-i486-1.txz
67e7f7d3c3215c3da7860ed882cf9ce3 n/libgcrypt-1.5.3-i486-1.txz

Slackware x86_64 -current packages:
a3423fe0d47ad239db726f83acfe1b0b n/gnupg-1.4.14-x86_64-1.txz
0751449407fd5b87c6936f53ec154a79 n/libgcrypt-1.5.3-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:

# upgradepkg gnupg-1.4.14-i486-1_slack14.0.txz libgcrypt-1.5.3-i486-1_slack14.0.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iEYEARECAAYFAlH9jLIACgkQakRjwEAQIjP87wCeN2b3K9PUzMgZil84eG+jOkmV
BbkAnA9jI9cOubgwizpLDzBGjXT2SCX6
=GK7h
-----END PGP SIGNATURE-----