Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps N-Z :: slrn.htm

Slrn - long headers in messages might overrun a buffer and cause execution of attacker's code



Vulnerability

    slrn

Affected

    slrn

Description

    Following is based on a Debian Security Advisory DSA-040-1.   Bill
    Nottingham reported a problem in the wrapping/unwrapping functions
    of the slrn newsreader. A long header in a message might  overflow
    a  buffer  and  which  could  result into executing arbitraty code
    encoded in the message.

    The default configuration  does not have  wrapping enable, but  it
    can  easily  be  enabled  either  by changing the configuration or
    pressing W while viewing a message.

Solution

    For Debian:

        http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato1.diff.gz
        http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato1.dsc
        http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2.orig.tar.gz
        http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn_0.9.6.2-9potato1_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-alpha/slrnpull_0.9.6.2-9potato1_alpha.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/slrn_0.9.6.2-9potato1_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-arm/slrnpull_0.9.6.2-9potato1_arm.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/slrn_0.9.6.2-9potato1_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-i386/slrnpull_0.9.6.2-9potato1_i386.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/slrn_0.9.6.2-9potato1_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-m68k/slrnpull_0.9.6.2-9potato1_m68k.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrn_0.9.6.2-9potato1_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrnpull_0.9.6.2-9potato1_powerpc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn_0.9.6.2-9potato1_sparc.deb
        http://security.debian.org/dists/stable/updates/main/binary-sparc/slrnpull_0.9.6.2-9potato1_sparc.deb

    For Linux-Mandrake:

        Linux-Mandrake 6.0: 6.0/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
                            6.0/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
                            6.0/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm
        Linux-Mandrake 6.1: 6.1/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
                            6.1/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
                            6.1/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm
        Linux-Mandrake 7.0: 7.0/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
                            7.0/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
                            7.0/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm
        Linux-Mandrake 7.1: 7.1/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
                            7.1/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
                            7.1/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm
        Linux-Mandrake 7.2: 7.2/RPMS/slrn-0.9.6.3-10.1mdk.i586.rpm
                            7.2/RPMS/slrn-pull-0.9.6.3-10.1mdk.i586.rpm
                            7.2/SRPMS/slrn-0.9.6.3-10.1mdk.src.rpm
    Corporate Server 1.0.1: 1.0.1/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
                            1.0.1/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
                            1.0.1/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm

    For RedHat:

        ftp://updates.redhat.com/6.2/SRPMS/slrn-0.9.6.4-0.6.src.rpm
        ftp://updates.redhat.com/6.2/alpha/slrn-0.9.6.4-0.6.alpha.rpm
        ftp://updates.redhat.com/6.2/alpha/slrn-pull-0.9.6.4-0.6.alpha.rpm
        ftp://updates.redhat.com/6.2/i386/slrn-0.9.6.4-0.6.i386.rpm
        ftp://updates.redhat.com/6.2/i386/slrn-pull-0.9.6.4-0.6.i386.rpm
        ftp://updates.redhat.com/6.2/sparc/slrn-0.9.6.4-0.6.sparc.rpm
        ftp://updates.redhat.com/6.2/sparc/slrn-pull-0.9.6.4-0.6.sparc.rpm
        ftp://updates.redhat.com/7.0/SRPMS/slrn-0.9.6.4-0.7.src.rpm
        ftp://updates.redhat.com/7.0/alpha/slrn-0.9.6.4-0.7.alpha.rpm
        ftp://updates.redhat.com/7.0/alpha/slrn-pull-0.9.6.4-0.7.alpha.rpm
        ftp://updates.redhat.com/7.0/i386/slrn-0.9.6.4-0.7.i386.rpm
        ftp://updates.redhat.com/7.0/i386/slrn-pull-0.9.6.4-0.7.i386.rpm

    For Immunix OS:

        http://immunix.org/ImmunixOS/6.2/updates/RPMS/slrn-0.9.6.4-0.6_StackGuard.i386.rpm
        http://immunix.org/ImmunixOS/6.2/updates/RPMS/slrn-pull-0.9.6.4-0.6_StackGuard.i386.rpm
        http://immunix.org/ImmunixOS/6.2/updates/SRPMS/slrn-0.9.6.4-0.6_StackGuard.src.rpm
        http://immunix.org/ImmunixOS/7.0/updates/RPMS/slrn-0.9.6.4-0.7_imnx.i386.rpm
        http://immunix.org/ImmunixOS/7.0/updates/RPMS/slrn-pull-0.9.6.4-0.7_imnx.i386.rpm
        http://immunix.org/ImmunixOS/7.0/updates/SRPMS/slrn-0.9.6.4-0.7_imnx.src.rpm

    For Conectiva Linux:

        ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/slrn-0.9.6.3-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/slrn-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/slrn-0.9.6.3-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/slrn-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.0es/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/slrn-0.9.6.3-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/slrn-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.1/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/slrn-0.9.6.3-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/slrn-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/4.2/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/slrn-0.9.6.3-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/slrn-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/slrn-0.9.6.3-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/slrn-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/slrn-0.9.6.3-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/slrn-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/slrn-pull-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/slrn-0.9.6.3-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/slrn-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/slrn-0.9.6.3-1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/slrn-0.9.6.3-1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/slrn-pull-0.9.6.3-1cl.i386.rpm


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH