Advisories

Mandriva Advisories

Package name	slrn
Date	March 9th, 2001
Advisory ID	MDKSA-2001:028
Affected versions	6.0, 6.1, 7.0, 7.1, 7.2, CS1.0
Synopsis	Updated slrn packages fix buffer overflows

Problem Description

A buffer overflow exists in versions of the slrn news reader prior to
0.9.6.3pl4 as reported by Bill Nottingham. This problem exists in the
wrapping/unwrapping functions and a long header in a message might
overflow a buffer which could result in execution of arbitrary code
encoded in the message.

Updated Packages

Mandrakelinux 6.0

 68f4a5c6b21ba400ade01fd2f3757f2d  6.0/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
fcfe71e53bc18e43a9ea9040994cea98  6.0/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
d1039550f9bf9c182763d42cf5e1fb3f  6.0/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm

Mandrakelinux 6.1

 1ce3e48d3eced83245e330270128a502  6.1/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
cd0253b5c565f71febf5c3cd6042de43  6.1/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
d1039550f9bf9c182763d42cf5e1fb3f  6.1/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm

Mandrakelinux 7.0

 dd3ce4674f8f24c868d12c7c836a446b  7.0/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
fd20752ecb1c5afb88c0061f9d52c6b5  7.0/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
d1039550f9bf9c182763d42cf5e1fb3f  7.0/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm

Mandrakelinux 7.1

 d3df413eed6ef64e3c6c22fdb4f38a94  7.1/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
dec7104c3dd114b383b68f175dc4f89c  7.1/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
d1039550f9bf9c182763d42cf5e1fb3f  7.1/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm

Mandrakelinux 7.2

 066daea1a7142cc2acce05b73364cd7b  7.2/RPMS/slrn-0.9.6.3-10.1mdk.i586.rpm
defa4b8904486fa8c83a7dc377ec3e00  7.2/RPMS/slrn-pull-0.9.6.3-10.1mdk.i586.rpm
0f6e7c6eefcbaae3eddd60b03e05f552  7.2/SRPMS/slrn-0.9.6.3-10.1mdk.src.rpm

Corporate Server 1.0.1

 d3df413eed6ef64e3c6c22fdb4f38a94  1.0.1/RPMS/slrn-0.9.6.3-10.2mdk.i586.rpm
dec7104c3dd114b383b68f175dc4f89c  1.0.1/RPMS/slrn-pull-0.9.6.3-10.2mdk.i586.rpm
d1039550f9bf9c182763d42cf5e1fb3f  1.0.1/SRPMS/slrn-0.9.6.3-10.2mdk.src.rpm

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer