Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Debian Security Advisory: slrn command invocation

Sep 24, 2001, 05:48 (0 Talkback[s])
Date: Mon, 24 Sep 2001 01:52:50 +0200
From: Wichert Akkerman 
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA-078-1] slrn command invocation
- ------------------------------------------------------------------------
Debian Security Advisory DSA-078-1                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
September 24, 2001
- ------------------------------------------------------------------------

Package        : slrn
Problem type   : remote command invocation
Debian-specific: no
Byrial Jensen found a nasty problem in slrn (a threaded news reader).
The notice on slrn-announce describes it as follows:
    When trying to decode binaries, the built-in code executes any shell
    scripts the article might contain, apparently assuming they would be
    some kind of self-extracting archive.
This problem has been fixed in version 0.9.6.2-9potato2 by removing
this feature. 
wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.2 alias potato
- ---------------------------------
  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
  Source archives:
    http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato2.diff.gz
      MD5 checksum: aba6be7efd5c693d9f5466afedcb08e2
    http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato2.dsc
      MD5 checksum: 51a80c1465a7fcc4d74151c4bd4470d1
    http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2.orig.tar.gz
      MD5 checksum: 7ce442af03aeafb88a636183955c270e
  Alpha architecture:
    http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn_0.9.6.2-9potato2_alpha.deb
      MD5 checksum: 735e5ce15e7f87ac06a8cdecb1451a9f
    http://security.debian.org/dists/stable/updates/main/binary-alpha/slrnpull_0.9.6.2-9potato2_alpha.deb
      MD5 checksum: 8b22f916ee5044ae6eaebbd658cffcad
  ARM architecture:
    http://security.debian.org/dists/stable/updates/main/binary-arm/slrn_0.9.6.2-9potato2_arm.deb
      MD5 checksum: 0cefa901be37e4b92796afb425369a10
    http://security.debian.org/dists/stable/updates/main/binary-arm/slrnpull_0.9.6.2-9potato2_arm.deb
      MD5 checksum: e68e5882a1d4feec1ba7fc9a737085d3
  Intel IA-32 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-i386/slrn_0.9.6.2-9potato2_i386.deb
      MD5 checksum: fc35e0d868dad315728c5274ee03a41c
    http://security.debian.org/dists/stable/updates/main/binary-i386/slrnpull_0.9.6.2-9potato2_i386.deb
      MD5 checksum: c3693811c8f794dc0b5bab3f581df0e8
  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-m68k/slrn_0.9.6.2-9potato2_m68k.deb
      MD5 checksum: 004a260f84dc2e45ea144b1899947327
    http://security.debian.org/dists/stable/updates/main/binary-m68k/slrnpull_0.9.6.2-9potato2_m68k.deb
      MD5 checksum: 2721c2b2470b7781dd79e5c0e216cf3f
  PowerPC architecture:
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrn_0.9.6.2-9potato2_powerpc.deb
      MD5 checksum: 9bc55c33a225662952854136da4865aa
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrnpull_0.9.6.2-9potato2_powerpc.deb
      MD5 checksum: d78f8f3460d4abba54a088e5a07179c5
  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn_0.9.6.2-9potato2_sparc.deb
      MD5 checksum: 37c48f0b104b94d5f74c7b9f76a0485d
    http://security.debian.org/dists/stable/updates/main/binary-sparc/slrnpull_0.9.6.2-9potato2_sparc.deb
      MD5 checksum: df2be8b02b16d7a85142365b42a64956
  These packages will be moved into the stable distribution on its next
  revision.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
- -- 
- ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org