Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Slackware: 2018-159-01 Critical: GnuPG2 Security Issue Fixed

slackware
Calendar Grey June 8, 2018
Dist Slackware Esm H88
Recent updates to the gnupg2 packages address a significant security vulnerability affecting various Slackware releases. Ensure you update without delay to maintain system integrity.
New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and - -current to fix a security issue

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/gnupg2-2.0.31-i586-1_slack14.2.txz: Upgraded. Sanitize the diagnostic output of the original file name in verbose mode. By using a made up file name in the message it was possible to fake status messages. Using this technique it was for example possible to fake the verification status of a signed mail. For more information, see: https://www.cve.org/CVERecord?id=CVE-2018-12020 (* Security fix *)

Topics%20covered

Topics Covered

security advisory security issue critical package update software upgrade Slackware gnupg2

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnupg2-2.0.31-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnupg2-2.0.31-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnupg2-2.0.31-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnupg2-2.0.31-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gnupg2-2.0.31-i486-1_slack14.1.txz
Updated package for ...

Read the Full Advisory

MD5 Signatures

Slackware 13.37 package: 65c32255acff00361bd24e5353554c80 gnupg2-2.0.31-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 7d03704928494b4c6b12d98c26de0a46 gnupg2-2.0.31-x86_64-1_slack13.37.txz
Slackware 14.0 package: d9f38f11df078182129e0059d49cf547 gnupg2-2.0.31-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: c32f666c0248264020f2a90e3510b1c2 gnupg2-2.0.31-x86_64-1_slack14.0.txz
Slackware 14.1 package: 54a17edf49c1fa17cb9be1c0213d37f9 gnupg2-2.0.31-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: fd5fd7da3a7cddc25a9b8beff8ed4bfc gnupg2-2.0.31-x86_64-1_slack14.1.txz
Slackware 14.2 package: 23ef6d14bbaf7c4d33dae51086a6396a gnupg2-2.0.31-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 12491aecdc47b0064974465969162a40 gnupg2-2.0.31-x86_64-1_slack14.2.txz
Slackware -current package: 5822b4be4db3c8512f44d843655fd363 n/gnupg2-2.2.8-i586-1.txz
Slackware x86_64 -current package: 379d6ef97f9d801bd112ceaef2ce0706 n/gnupg2-2.2.8-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory security issue critical package update software upgrade Slackware gnupg2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg gnupg2-2.0.31-i586-1_slack14.2.txz

Related News

Your message here