Debian: 'slrn' vulnerability

    Date24 Sep 2001
    CategoryDebian
    2540
    Posted ByLinuxSecurity Advisories
    Byrial Jensen found a nasty problem in slrn (a threaded news reader).
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-078-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                         Wichert Akkerman
    September 24, 2001
    ------------------------------------------------------------------------
    
    
    Package        : slrn
    Problem type   : remote command invocation
    Debian-specific: no
    
    Byrial Jensen found a nasty problem in slrn (a threaded news reader).
    The notice on slrn-announce describes it as follows:
    
        When trying to decode binaries, the built-in code executes any shell
        scripts the article might contain, apparently assuming they would be
        some kind of self-extracting archive.
    
    This problem has been fixed in version 0.9.6.2-9potato2 by removing
    this feature.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
    
      Source archives:
         http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato2.diff.gz
          MD5 checksum: aba6be7efd5c693d9f5466afedcb08e2
         http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato2.dsc
          MD5 checksum: 51a80c1465a7fcc4d74151c4bd4470d1
         http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2.orig.tar.gz
          MD5 checksum: 7ce442af03aeafb88a636183955c270e
    
      Alpha architecture:
         http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn_0.9.6.2-9potato2_alpha.deb
          MD5 checksum: 735e5ce15e7f87ac06a8cdecb1451a9f
         http://security.debian.org/dists/stable/updates/main/binary-alpha/slrnpull_0.9.6.2-9potato2_alpha.deb
          MD5 checksum: 8b22f916ee5044ae6eaebbd658cffcad
    
      ARM architecture:
         http://security.debian.org/dists/stable/updates/main/binary-arm/slrn_0.9.6.2-9potato2_arm.deb
          MD5 checksum: 0cefa901be37e4b92796afb425369a10
         http://security.debian.org/dists/stable/updates/main/binary-arm/slrnpull_0.9.6.2-9potato2_arm.deb
          MD5 checksum: e68e5882a1d4feec1ba7fc9a737085d3
    
      Intel IA-32 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-i386/slrn_0.9.6.2-9potato2_i386.deb
          MD5 checksum: fc35e0d868dad315728c5274ee03a41c
         http://security.debian.org/dists/stable/updates/main/binary-i386/slrnpull_0.9.6.2-9potato2_i386.deb
          MD5 checksum: c3693811c8f794dc0b5bab3f581df0e8
    
      Motorola 680x0 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-m68k/slrn_0.9.6.2-9potato2_m68k.deb
          MD5 checksum: 004a260f84dc2e45ea144b1899947327
         http://security.debian.org/dists/stable/updates/main/binary-m68k/slrnpull_0.9.6.2-9potato2_m68k.deb
          MD5 checksum: 2721c2b2470b7781dd79e5c0e216cf3f
    
      PowerPC architecture:
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrn_0.9.6.2-9potato2_powerpc.deb
          MD5 checksum: 9bc55c33a225662952854136da4865aa
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrnpull_0.9.6.2-9potato2_powerpc.deb
          MD5 checksum: d78f8f3460d4abba54a088e5a07179c5
    
      Sun Sparc architecture:
         http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn_0.9.6.2-9potato2_sparc.deb
          MD5 checksum: 37c48f0b104b94d5f74c7b9f76a0485d
         http://security.debian.org/dists/stable/updates/main/binary-sparc/slrnpull_0.9.6.2-9potato2_sparc.deb
          MD5 checksum: df2be8b02b16d7a85142365b42a64956
    
      These packages will be moved into the stable distribution on its next
      revision.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    --
    ----------------------------------------------------------------------------
    apt-get: deb  http://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.