Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Slackware 14.2: 2018-170-01 Critical: Gnupg Denial of Service

slackware
Calendar Grey June 19, 2018
Dist Slackware Esm H88
Recently updated gnupg packages for Slackware have been issued to tackle a significant security vulnerability that impacts various other distributions.
New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/gnupg-1.4.23-i586-1_slack14.2.txz: Upgraded. Sanitize the diagnostic output of the original file name in verbose mode. By using a made up file name in the message it was possible to fake status messages. Using this technique it was for example possible to fake the verification status of a signed mail. For more information, see: https://www.cve.org/CVERecord?id=CVE-2018-12020 (* Security fix *)

Topics%20covered

Topics Covered

security advisory security issue gnupg software update DoS slackware critical severity

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnupg-1.4.23-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnupg-1.4.23-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnupg-1.4.23-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnupg-1.4.23-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnupg-1.4.23-i486-1_slack13.37.txz
Updated package for Slackwar...

Read the Full Advisory

MD5 Signatures

Slackware 13.0 package: e3fd748746eebd7c73a37ee7b9a6fc8d gnupg-1.4.23-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 86b54ca9798d4165e8ebeb896111b6d4 gnupg-1.4.23-x86_64-1_slack13.0.txz
Slackware 13.1 package: c0e29f1d4533c0ca87af087d6499bf06 gnupg-1.4.23-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: d82a4e0e70df7505ee5a1ae43310a02f gnupg-1.4.23-x86_64-1_slack13.1.txz
Slackware 13.37 package: d8ab207d74fefc379e4b1f0a100031c9 gnupg-1.4.23-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 0b118525aa8221af24a016dca610131e gnupg-1.4.23-x86_64-1_slack13.37.txz
Slackware 14.0 package: e3adf42872a9802e493e5b64308a63f8 gnupg-1.4.23-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: e529dd67cf4b3f3d07d182a006a3a4d0 gnupg-1.4.23-x86_64-1_slack14.0.txz
Slackware 14.1 package: 9c357070da7b83d54ec78bcd6153634d gnupg-1.4.23-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 1bb034ddc21cabd485ea11b0a52ddc45 gnupg-1.4.23-x86_64-1_slack14.1.txz
Slackware 14.2 package: e1f3ce5a7792f1d5114016a4422e89d6 gnupg-1.4.23-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 03b9ee586771e16030060a0f19be78e1 gnupg-1.4.23-x86_64-1_slack14.2.txz
Slackware -current package: 5fbae3f3c437309df772713b4d3f6550 n/gnupg-1.4.23-i586-1.txz
Slackware x86_64 -current package: f0d9b825caf815938f60caf3a7839886 n/gnupg-1.4.23-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory security issue gnupg software update DoS slackware critical severity

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg gnupg-1.4.23-i586-1_slack14.2.txz

Related News

Your message here