COMMAND
slrn
SYSTEMS AFFECTED
slrn
PROBLEM
Following is based on a Debian Security Advisory DSA-040-1. Bill
Nottingham reported a problem in the wrapping/unwrapping functions
of the slrn newsreader. A long header in a message might overflow
a buffer and which could result into executing arbitraty code
encoded in the message.
The default configuration does not have wrapping enable, but it
can easily be enabled either by changing the configuration or
pressing W while viewing a message.
SOLUTION
For Debian:
http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato1.dsc
http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2.orig.tar.gz
http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn_0.9.6.2-9potato1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/slrnpull_0.9.6.2-9potato1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/slrn_0.9.6.2-9potato1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/slrnpull_0.9.6.2-9potato1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/slrn_0.9.6.2-9potato1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/slrnpull_0.9.6.2-9potato1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/slrn_0.9.6.2-9potato1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/slrnpull_0.9.6.2-9potato1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrn_0.9.6.2-9potato1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrnpull_0.9.6.2-9potato1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn_0.9.6.2-9potato1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/slrnpull_0.9.6.2-9potato1_sparc.deb
For Linux-Mandrake:
Linux-Mandrake 6.0: 6.0/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
6.0/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
6.0/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm
Linux-Mandrake 6.1: 6.1/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
6.1/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
6.1/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm
Linux-Mandrake 7.0: 7.0/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
7.0/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
7.0/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm
Linux-Mandrake 7.1: 7.1/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
7.1/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
7.1/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm
Linux-Mandrake 7.2: 7.2/RPMS/slrn-0.9.6.3-10.1mdk.i586.rpm
7.2/RPMS/slrn-pull-0.9.6.3-10.1mdk.i586.rpm
7.2/SRPMS/slrn-0.9.6.3-10.1mdk.src.rpm
Corporate Server 1.0.1: 1.0.1/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
1.0.1/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
1.0.1/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm
For RedHat:
ftp://updates.redhat.com/6.2/SRPMS/slrn-0.9.6.4-0.6.src.rpm
ftp://updates.redhat.com/6.2/alpha/slrn-0.9.6.4-0.6.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/slrn-pull-0.9.6.4-0.6.alpha.rpm
ftp://updates.redhat.com/6.2/i386/slrn-0.9.6.4-0.6.i386.rpm
ftp://updates.redhat.com/6.2/i386/slrn-pull-0.9.6.4-0.6.i386.rpm
ftp://updates.redhat.com/6.2/sparc/slrn-0.9.6.4-0.6.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/slrn-pull-0.9.6.4-0.6.sparc.rpm
ftp://updates.redhat.com/7.0/SRPMS/slrn-0.9.6.4-0.7.src.rpm
ftp://updates.redhat.com/7.0/alpha/slrn-0.9.6.4-0.7.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/slrn-pull-0.9.6.4-0.7.alpha.rpm
ftp://updates.redhat.com/7.0/i386/slrn-0.9.6.4-0.7.i386.rpm
ftp://updates.redhat.com/7.0/i386/slrn-pull-0.9.6.4-0.7.i386.rpm
For Immunix OS:
http://immunix.org/ImmunixOS/6.2/updates/RPMS/slrn-0.9.6.4-0.6_StackGuard.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/RPMS/slrn-pull-0.9.6.4-0.6_StackGuard.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/SRPMS/slrn-0.9.6.4-0.6_StackGuard.src.rpm
http://immunix.org/ImmunixOS/7.0/updates/RPMS/slrn-0.9.6.4-0.7_imnx.i386.rpm
http://immunix.org/ImmunixOS/7.0/updates/RPMS/slrn-pull-0.9.6.4-0.7_imnx.i386.rpm
http://immunix.org/ImmunixOS/7.0/updates/SRPMS/slrn-0.9.6.4-0.7_imnx.src.rpm
For Conectiva Linux:
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/slrn-pull-0.9.6.3-1cl.i386.rpm