Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Slackware 11.0: Security Advisory 2006-340-01b Critical GnuPG Threat

slackware
Calendar Grey December 7, 2006
Dist Slackware Esm H88
Slackware users, be informed of a crucial GnuPG update that resolves signing issues and addresses serious CVEs. Update your systems promptly to stay secure

Hello, As many people have pointed out, the last advisory (SSA:2006-340-01) was not signed with the usual Slackware Security Team key (fingerprint 40102233)

Summary

Here are the details from the Slackware 11.0 ChangeLog: patches/packages/gnupg-1.4.6-i486-1_slack11.0.tgz: Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable bug in earlier versions of gnupg. All gnupg users should update to the new packages as soon as possible. For details, see the information concerning CVE-2006-6235 posted on lists.gnupg.org: The CVE entry for this issue may be found here: https://www.cve.org/CVERecord?id=CVE-2006-6235 This update also addresses a more minor security issue possibly exploitable when GnuPG is used in interactive mode. For more information about that issue, see: https://www.cve.org/CVERecord?id=CVE-2006-6169 (* Security fix *)

Topics%20covered

Topics Covered

security advisory security issue gnupg critical software update slackware signing issue

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 9.0:
Updated package for Slackware 9.1:
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware 10.2:
Updated package for Slackware 11.0:

MD5 Signatures

Slackware 9.0 package: bc23c2e8fd1862a3749d7ea9478654e2 gnupg-1.4.6-i386-1_slack9.0.tgz
Slackware 9.1 package: 1ec4938e51b300f332696f76ce5476b5 gnupg-1.4.6-i486-1_slack9.1.tgz
Slackware 10.0 package: 8be8d0094be837dca5274c6ef17d0856 gnupg-1.4.6-i486-1_slack10.0.tgz
Slackware 10.1 package: bdaf8c564a758fb13faecc8f030a8f3c gnupg-1.4.6-i486-1_slack10.1.tgz
Slackware 10.2 package: 1c9e9f1364086ccdb204d50d0ee87df2 gnupg-1.4.6-i486-1_slack10.2.tgz
Slackware 11.0 package: 8f0cd5490e5a12bddc4be418c6806fa3 gnupg-1.4.6-i486-1_slack11.0.tgz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory security issue gnupg critical software update slackware signing issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg gnupg-1.4.6-i486-1_slack11.0.tgz

Related News

Your message here