Home > Security > Advisories


Mandriva Advisories

Package name slrn
Date March 9th, 2001
Advisory ID MDKSA-2001:028
Affected versions 6.0, 6.1, 7.0, 7.1, 7.2, CS1.0
Synopsis Updated slrn packages fix buffer overflows

Problem Description

A buffer overflow exists in versions of the slrn news reader prior to as reported by Bill Nottingham. This problem exists in the
wrapping/unwrapping functions and a long header in a message might
overflow a buffer which could result in execution of arbitrary code
encoded in the message.

Updated Packages

Mandrakelinux 6.0

 68f4a5c6b21ba400ade01fd2f3757f2d  6.0/RPMS/slrn-
fcfe71e53bc18e43a9ea9040994cea98  6.0/RPMS/slrn-pull-
d1039550f9bf9c182763d42cf5e1fb3f  6.0/SRPMS/slrn-

Mandrakelinux 6.1

 1ce3e48d3eced83245e330270128a502  6.1/RPMS/slrn-
cd0253b5c565f71febf5c3cd6042de43  6.1/RPMS/slrn-pull-
d1039550f9bf9c182763d42cf5e1fb3f  6.1/SRPMS/slrn-

Mandrakelinux 7.0

 dd3ce4674f8f24c868d12c7c836a446b  7.0/RPMS/slrn-
fd20752ecb1c5afb88c0061f9d52c6b5  7.0/RPMS/slrn-pull-
d1039550f9bf9c182763d42cf5e1fb3f  7.0/SRPMS/slrn-

Mandrakelinux 7.1

 d3df413eed6ef64e3c6c22fdb4f38a94  7.1/RPMS/slrn-
dec7104c3dd114b383b68f175dc4f89c  7.1/RPMS/slrn-pull-
d1039550f9bf9c182763d42cf5e1fb3f  7.1/SRPMS/slrn-

Mandrakelinux 7.2

 066daea1a7142cc2acce05b73364cd7b  7.2/RPMS/slrn-
defa4b8904486fa8c83a7dc377ec3e00  7.2/RPMS/slrn-pull-
0f6e7c6eefcbaae3eddd60b03e05f552  7.2/SRPMS/slrn-

Corporate Server 1.0.1

 d3df413eed6ef64e3c6c22fdb4f38a94  1.0.1/RPMS/slrn-
dec7104c3dd114b383b68f175dc4f89c  1.0.1/RPMS/slrn-pull-
d1039550f9bf9c182763d42cf5e1fb3f  1.0.1/SRPMS/slrn-


To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.