Tuesday, October 15, 2013

Slackware Security Advisories

Patrick has released so many security advisories today along with the announcement of Slackware 14.1 RC 1. I will post a separate post about the RC1 changes, and this post is all about security updates only. There are 5 security advisories released today and they are:
  • libgpg-errors: Needed to support newer GnuPG2 that is backported to previous Slackware releases. Applicable to Slackware 13.37 and newer
  • GnuPG2: Fixed possible infinite recursion in the compressed packet parser [CVE-2013-4402] and Protect against rogue keyservers sending secret keys. Applicable to Slackware 13.37 and newer
  • gnutls: This update prevents a side-channel attack which may allow remote attackers to conduct distinguishing attacks and plaintext recovery attacks using statistical analysis of timing data for crafted packets. Applicable to Slackware 12.1, 12.2, 13.0, 13.1, and 13.37.
  • GnuPG: Fixed possible infinite recursion in the compressed packet   parser. [CVE-2013-4402] and Protect against rogue keyservers sending secret keys.Applicable to Slackware 12.1 and newer.
  • xorg-server: Patched a use-after-free bug that can cause an X server crash or memory corruption. Applicable to Slackware 12.1 and newer.