Debian Security Advisory
DSA-040-1 slrn -- buffer overflow
- Date Reported:
- 09 Mar 2001
- Affected Packages:
- slrn
- Vulnerable:
- Yes
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 2493.
In Mitre's CVE dictionary: CVE-2001-0441. - More information:
- Bill Nottingham reported a problem in the
wrapping/unwrapping functions of the slrn newsreader. A long header in a
message might overflow a buffer, which could result in executing arbitrary
code encoded in the message.
The default configuration does not have wrapping enable, but it can easily be enabled either by changing the configuration or pressing W while viewing a message.
This has been fixed in version 0.9.6.2-9potato1 and we recommand that you upgrade your slrn package immediately.
- Fixed in:
-
Debian 2.2 (potato)
- Source:
-
http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato1.diff.gz
-
http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato1.dsc
-
http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2.orig.tar.gz
- alpha:
-
http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn_0.9.6.2-9potato1_alpha.deb
-
http://security.debian.org/dists/stable/updates/main/binary-alpha/slrnpull_0.9.6.2-9potato1_alpha.deb
- arm:
-
http://security.debian.org/dists/stable/updates/main/binary-arm/slrn_0.9.6.2-9potato1_arm.deb
-
http://security.debian.org/dists/stable/updates/main/binary-arm/slrnpull_0.9.6.2-9potato1_arm.deb
- i386:
-
http://security.debian.org/dists/stable/updates/main/binary-i386/slrn_0.9.6.2-9potato1_i386.deb
-
http://security.debian.org/dists/stable/updates/main/binary-i386/slrnpull_0.9.6.2-9potato1_i386.deb
- m68k:
-
http://security.debian.org/dists/stable/updates/main/binary-m68k/slrn_0.9.6.2-9potato1_m68k.deb
-
http://security.debian.org/dists/stable/updates/main/binary-m68k/slrnpull_0.9.6.2-9potato1_m68k.deb
- powerpc:
-
http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrn_0.9.6.2-9potato1_powerpc.deb
-
http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrnpull_0.9.6.2-9potato1_powerpc.deb
- sparc:
-
http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn_0.9.6.2-9potato1_sparc.deb
-
http://security.debian.org/dists/stable/updates/main/binary-sparc/slrnpull_0.9.6.2-9potato1_sparc.deb