1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
2 Low
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
0.003 Low
EPSS
Percentile
66.0%
New libgcrypt packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
patches/packages/libgcrypt-1.5.5-i486-1_slack14.1.txz: Upgraded.
Mitigate chosen cipher text attacks on ECDH with Weierstrass curves.
Use ciphertext blinding for Elgamal decryption.
For more information, see:
http://www.cs.tau.ac.IL/~tromer/ecdh/
https://vulners.com/cve/CVE-2015-7511
https://vulners.com/cve/CVE-2015-3591
(* Security fix *)
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libgcrypt-1.5.5-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libgcrypt-1.5.5-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libgcrypt-1.5.5-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libgcrypt-1.5.5-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libgcrypt-1.5.5-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libgcrypt-1.5.5-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libgcrypt-1.5.5-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libgcrypt-1.5.5-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libgcrypt-1.5.5-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libgcrypt-1.5.5-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/libgcrypt-1.6.5-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/libgcrypt-1.6.5-x86_64-1.txz
MD5 signatures:
Slackware 13.0 package:
ee3c5323fa919cab4d2320e55af631f0 libgcrypt-1.5.5-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
979a5918264781ecd1f9243f66409e20 libgcrypt-1.5.5-x86_64-1_slack13.0.txz
Slackware 13.1 package:
7fd7b00cc75620cf7700532240dd75de libgcrypt-1.5.5-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
5ac468107f7975050ceb0d508fb5e68a libgcrypt-1.5.5-x86_64-1_slack13.1.txz
Slackware 13.37 package:
8a6b50ba89c28ab4949f4a38efe3debb libgcrypt-1.5.5-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
bde7d812f1780786c577f1df0257f312 libgcrypt-1.5.5-x86_64-1_slack13.37.txz
Slackware 14.0 package:
e6bcce67129fe08ffde7aa63d300b9b5 libgcrypt-1.5.5-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
0bf6b0b75a3f9101f37b74d3d9b83cab libgcrypt-1.5.5-x86_64-1_slack14.0.txz
Slackware 14.1 package:
76c5ad1857cefd4c9b056bd78ee9f256 libgcrypt-1.5.5-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
636607a48bd342760289913bb7f34b54 libgcrypt-1.5.5-x86_64-1_slack14.1.txz
Slackware -current package:
6f9a32f64d09f9a6609fae3646779da7 n/libgcrypt-1.6.5-i586-1.txz
Slackware x86_64 -current package:
2dda7d79b8e4c6e567ba7f5f52b2513c n/libgcrypt-1.6.5-x86_64-1.txz
Installation instructions:
Upgrade the package as root:
> upgradepkg libgcrypt-1.5.5-i486-1_slack14.1.txz
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
2 Low
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
0.003 Low
EPSS
Percentile
66.0%