New gnutls packages are available for Slackware 14.2 and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/gnutls-3.6.5-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: Bleichenbacher-like side channel leakage in PKCS#1 1.5 verification and padding oracle verification. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16868 (* Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
New nettle packages are available for Slackware 14.2 and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ This update fixes a security issue: A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16869 (* Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.