Support / Sécurité / Annonces de sécurité / Corporate Server 1.0.1 / MDKSA-2001:028

Nom du paquet: slrn
Date: 2001-03-09
Advisory ID: MDKSA-2001:028
Affected versions: CS1.0 i586 , 6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586 , 7.2 i586

Problem description

A buffer overflow exists in versions of the slrn news reader prior to 0.9.6.3pl4 as reported by Bill Nottingham. This problem exists in the wrapping/unwrapping functions and a long header in a message might overflow a buffer which could result in execution of arbitrary code encoded in the message.

Updated packages

CS1.0 i586

 d3df413eed6ef64e3c6c22fdb4f38a94  1.0.1/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
dec7104c3dd114b383b68f175dc4f89c  1.0.1/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
d1039550f9bf9c182763d42cf5e1fb3f  1.0.1/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm

6.1 i586

 1ce3e48d3eced83245e330270128a502  6.1/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
cd0253b5c565f71febf5c3cd6042de43  6.1/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
d1039550f9bf9c182763d42cf5e1fb3f  6.1/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm

6.0 i586

 68f4a5c6b21ba400ade01fd2f3757f2d  6.0/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
fcfe71e53bc18e43a9ea9040994cea98  6.0/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
d1039550f9bf9c182763d42cf5e1fb3f  6.0/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm

7.0 i586

 dd3ce4674f8f24c868d12c7c836a446b  7.0/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
fd20752ecb1c5afb88c0061f9d52c6b5  7.0/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
d1039550f9bf9c182763d42cf5e1fb3f  7.0/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm

7.1 i586

 d3df413eed6ef64e3c6c22fdb4f38a94  7.1/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
dec7104c3dd114b383b68f175dc4f89c  7.1/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
d1039550f9bf9c182763d42cf5e1fb3f  7.1/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm

7.2 i586

 066daea1a7142cc2acce05b73364cd7b  7.2/RPMS/slrn-0.9.6.3-10.1mdk.i586.rpm
defa4b8904486fa8c83a7dc377ec3e00  7.2/RPMS/slrn-pull-0.9.6.3-10.1mdk.i586.rpm
0f6e7c6eefcbaae3eddd60b03e05f552  7.2/SRPMS/slrn-0.9.6.3-10.1mdk.src.rpm