Debian: 'slrn' vulnerability

    Date24 Sep 2001
    Posted ByLinuxSecurity Advisories
    Byrial Jensen found a nasty problem in slrn (a threaded news reader).
    Debian Security Advisory DSA-078-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.                         Wichert Akkerman
    September 24, 2001
    Package        : slrn
    Problem type   : remote command invocation
    Debian-specific: no
    Byrial Jensen found a nasty problem in slrn (a threaded news reader).
    The notice on slrn-announce describes it as follows:
        When trying to decode binaries, the built-in code executes any shell
        scripts the article might contain, apparently assuming they would be
        some kind of self-extracting archive.
    This problem has been fixed in version by removing
    this feature.
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    Debian GNU/Linux 2.2 alias potato
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
      Source archives:
          MD5 checksum: aba6be7efd5c693d9f5466afedcb08e2
          MD5 checksum: 51a80c1465a7fcc4d74151c4bd4470d1
          MD5 checksum: 7ce442af03aeafb88a636183955c270e
      Alpha architecture:
          MD5 checksum: 735e5ce15e7f87ac06a8cdecb1451a9f
          MD5 checksum: 8b22f916ee5044ae6eaebbd658cffcad
      ARM architecture:
          MD5 checksum: 0cefa901be37e4b92796afb425369a10
          MD5 checksum: e68e5882a1d4feec1ba7fc9a737085d3
      Intel IA-32 architecture:
          MD5 checksum: fc35e0d868dad315728c5274ee03a41c
          MD5 checksum: c3693811c8f794dc0b5bab3f581df0e8
      Motorola 680x0 architecture:
          MD5 checksum: 004a260f84dc2e45ea144b1899947327
          MD5 checksum: 2721c2b2470b7781dd79e5c0e216cf3f
      PowerPC architecture:
          MD5 checksum: 9bc55c33a225662952854136da4865aa
          MD5 checksum: d78f8f3460d4abba54a088e5a07179c5
      Sun Sparc architecture:
          MD5 checksum: 37c48f0b104b94d5f74c7b9f76a0485d
          MD5 checksum: df2be8b02b16d7a85142365b42a64956
      These packages will be moved into the stable distribution on its next
    For not yet released architectures please refer to the appropriate
    directory$arch/ .
    apt-get: deb stable/updates main
    dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.