Repository 32bit  Forum
Repository 64bit  Wiki
Tue Aug 23 19:45:33 UTC 2016
patches/packages/gnupg-1.4.21-i486-1_slack14.1.txz: Upgraded.
  Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
  obtains 580 bytes from the standard RNG can trivially predict the next
  20 bytes of output. (This is according to the NEWS file included in the
  source. According to the annoucement linked below, an attacker who obtains
  4640 bits from the RNG can trivially predict the next 160 bits of output.)
  Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
  For more information, see:
  https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
  (* Security fix *)
patches/packages/libgcrypt-1.5.6-i486-1_slack14.1.txz: Upgraded.
  Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
  obtains 580 bytes from the standard RNG can trivially predict the next
  20 bytes of output. (This is according to the NEWS file included in the
  source. According to the annoucement linked below, an attacker who obtains
  4640 bits from the RNG can trivially predict the next 160 bits of output.)
  Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
  For more information, see:
  https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
  (* Security fix *)
patches/packages/stunnel-5.35-i486-2_slack14.1.txz: Rebuilt.
  Fixed incorrect config file name in generate-stunnel-key.sh.
  Thanks to Ebben Aries.