|
|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] gnupg (SSA:2006-215-01)
Date: Thu, 3 Aug 2006 02:32:09 -0700 (PDT) |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] gnupg (SSA:2006-215-01)
New GnuPG packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2,
and -current to fix security issues which could allow an attacker to
crash gnupg and possibly overwrite memory which could lead to an integer
overflow.
Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.5-i486-1_slack10.2.tgz:
Upgraded to gnupg-1.4.5.
From the gnupg-1.4.5 NEWS file:
* Fixed 2 more possible memory allocation attacks. They are
similar to the problem we fixed with 1.4.4. This bug can easily
be be exploited for a DoS; remote code execution is not entirely
impossible.
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gnupg-1.4.5-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gnupg-1.4.5-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gnupg-1.4.5-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gnupg-1.4.5-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/gnupg-1.4.5-i486-1_slack10.2.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnupg-1.4.5-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 9.0 package:
f4d340a8cfc868c89e06d68b377e04d7 gnupg-1.4.5-i386-1_slack9.0.tgz
Slackware 9.1 package:
38e8e6cb501883f841a2b287de579b22 gnupg-1.4.5-i486-1_slack9.1.tgz
Slackware 10.0 package:
addbc70fb919cd61b81654e7059bf09f gnupg-1.4.5-i486-1_slack10.0.tgz
Slackware 10.1 package:
d143db889c2e3f81feb6d686fbc826ee gnupg-1.4.5-i486-1_slack10.1.tgz
Slackware 10.2 package:
955bfff71f59f53165f2df63f1b177f3 gnupg-1.4.5-i486-1_slack10.2.tgz
Slackware -current package:
dfb4e14c7fce72a8f240f05e75b09e8a gnupg-1.4.5-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg gnupg-1.4.5-i486-1_slack10.2.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFE0cIdakRjwEAQIjMRAomjAJ4+jETFlThHJgeybewZSfVIWSZdSACfTykZ
ofrk/a1Y9DEChzxLyg8nofw=
=lLc5
-----END PGP SIGNATURE-----
|
|
|
