Debian: DSA-078-2 Urgent: Slrn Insecure Command Execution Vulnerability
debian
September 24, 2001
Byrial Jensen found a nasty problem in slrn (a threaded news reader).
Topics Covered
Summary
Package : slrn
Problem type : remote command invocation
Debian-specific: no
Byrial Jensen found a nasty problem in slrn (a threaded news reader).
The notice on slrn-announce describes it as follows:
When trying to decode binaries, the built-in code executes any shell
scripts the article might contain, apparently assuming they would be
some kind of self-extracting archive.
This problem has been fixed in version 0.9.6.2-9potato2 by removing
this feature.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
MD5 checksum: aba6be7efd5c693d9f5466afedcb08e2
MD5 checksum: 51a80c1465a7fcc4d74151c4bd4470d1
MD5 checksum: 7ce442af03aeafb88a636183955c270e
Alpha architecture:
MD5 checksum: 735e5ce15e7f87ac06a8cdecb1451a9f
MD5 checksum...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!