This is an old revision of the document!
Slackwarearm-14.1 ChangeLog (2016-08-24)
Wed Aug 24 02:03:04 UTC 2016
################################################################################
# PLANNED EOL (END OF LIFE) FOR SLACKWARE ARM v14.1 #
# #
# Effective 1st September 2016, security patches and fixes will no longer #
# be provided for Slackware ARM v14.1. #
# #
# If you are still running this version, you should plan to upgrade to the #
# the latest stable release (soon to be Slackware 14.2). #
# Alternately, you may make arrangements to handle your own security patches. #
################################################################################
Packages
Upgraded
- patches/packages/gnupg-1.4.21-arm-1_slack14.1.txz
Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
obtains 580 bytes from the standard RNG can trivially predict the next
20 bytes of output. (This is according to the NEWS file included in the
source. According to the annoucement linked below, an attacker who obtains
4640 bits from the RNG can trivially predict the next 160 bits of output.)
Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
For more information, see:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
(* Security fix *) - patches/packages/libgcrypt-1.5.6-arm-1_slack14.1.txz
Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
obtains 580 bytes from the standard RNG can trivially predict the next
20 bytes of output. (This is according to the NEWS file included in the
source. According to the annoucement linked below, an attacker who obtains
4640 bits from the RNG can trivially predict the next 160 bits of output.)
Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
For more information, see:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
(* Security fix *)
Rebuilt
- patches/packages/stunnel-5.35-arm-2_slack14.1.txz
Fixed incorrect config file name in generate-stunnel-key.sh.
Thanks to Ebben Aries.