Slackware-13.1 ChangeLog (2016-08-23)

Tue Aug 23 19:45:33 UTC 2016

  • patches/packages/gnupg-1.4.21-i486-1_slack13.1.txz
    Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
    obtains 580 bytes from the standard RNG can trivially predict the next
    20 bytes of output. (This is according to the NEWS file included in the
    source. According to the annoucement linked below, an attacker who obtains
    4640 bits from the RNG can trivially predict the next 160 bits of output.)
    Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
    For more information, see:
    https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
    (* Security fix *)
  • patches/packages/libgcrypt-1.5.6-i486-1_slack13.1.txz
    Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
    obtains 580 bytes from the standard RNG can trivially predict the next
    20 bytes of output. (This is according to the NEWS file included in the
    source. According to the annoucement linked below, an attacker who obtains
    4640 bits from the RNG can trivially predict the next 160 bits of output.)
    Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
    For more information, see:
    https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
    (* Security fix *)
  • patches/packages/stunnel-5.35-i486-2_slack13.1.txz
    Fixed incorrect config file name in generate-stunnel-key.sh.
    Thanks to Ebben Aries.
  • news/2016/08/23/slackware-13.1-changelog.txt
  • Last modified: 11 months ago
  • by Giuseppe Di Terlizzi