Security Information / 2001 / Security Information -- DSA-040-1 slrn

Debian Security Advisory

DSA-040-1 slrn -- buffer overflow

Date Reported:

09 Mar 2001

Affected Packages:

slrn

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 2493.
In Mitre's CVE dictionary: CVE-2001-0441.

More information:

Bill Nottingham reported a problem in the wrapping/unwrapping functions of the slrn newsreader. A long header in a message might overflow a buffer, which could result in executing arbitrary code encoded in the message.

The default configuration does not have wrapping enable, but it can easily be enabled either by changing the configuration or pressing W while viewing a message.

This has been fixed in version 0.9.6.2-9potato1 and we recommand that you upgrade your slrn package immediately.

Fixed in:

Debian 2.2 (potato)

Source:

http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato1.diff.gz

http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato1.dsc

http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2.orig.tar.gz

alpha:

http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn_0.9.6.2-9potato1_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/slrnpull_0.9.6.2-9potato1_alpha.deb

arm:

http://security.debian.org/dists/stable/updates/main/binary-arm/slrn_0.9.6.2-9potato1_arm.deb

http://security.debian.org/dists/stable/updates/main/binary-arm/slrnpull_0.9.6.2-9potato1_arm.deb

i386:

http://security.debian.org/dists/stable/updates/main/binary-i386/slrn_0.9.6.2-9potato1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/slrnpull_0.9.6.2-9potato1_i386.deb

m68k:

http://security.debian.org/dists/stable/updates/main/binary-m68k/slrn_0.9.6.2-9potato1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/slrnpull_0.9.6.2-9potato1_m68k.deb

powerpc:

http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrn_0.9.6.2-9potato1_powerpc.deb

http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrnpull_0.9.6.2-9potato1_powerpc.deb

sparc:

http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn_0.9.6.2-9potato1_sparc.deb

http://security.debian.org/dists/stable/updates/main/binary-sparc/slrnpull_0.9.6.2-9potato1_sparc.deb