Linux Today: Linux News On Internet Time.

Immunix OS Security Advisory: slrn

Mar 16, 2001, 08:08 (0 Talkback[s])
(Other stories by Greg Kroah-Hartman)

Date: Thu, 15 Mar 2001 16:55:53 -0800
From: Greg KH greg@WIREX.COM
Subject: Immunix OS Security update for slrn

        Immunix OS Security Advisory

Packages updated:       slrn
Affected products:      Immunix OS 6.2, 7.0-beta, and 7.0
Bugs Fixed:             immunix/1507
Date:                   March 15, 2001
Advisory ID:            IMNX-2001-70-007-01
Author:                 Greg Kroah-Hartman 

A buffer overflow in the slrn news reader has been reported by Bill Nottingham. This buffer is created on the heap, so it is not protected from overflows by the StackGuard compiler (more information detailing the overflows that StackGuard does protect against can be found at http://immunix.org/stackguard.html )

This overflow can occur by creating a very long header in a news message. Some messages that can cause the slrn news reader to crash have been detected in the wild, but no exploits are currently known at this time.

Immunix 7.0 does not install the slrn packages by default but provides them in the extras/unsupported directory so they do not need to be upgraded unless they have been installed manually by the system administrator.

Packages have been created and released that fix these problems.

Package names and locations:

Precompiled binary packages for Immunix 6.2 are available at:

Source package for Immunix 6.2 is available at:

Precompiled binary packages for Immunix 7.0-beta and 7.0 are available at:

Source package for Immunix 7.0-beta and 7.0 is available at:

md5sums of the packages:
9de87e7b609fbf0ee9a37f836f4478c3 slrn-
2c044b58bb4caf5d818ad58f88aed3ff slrn-pull-
cff02c2823f0c15c05a48df6f75e5dd2 slrn-
64c9fc7900e383474dacbd7712e4d7a4 slrn-
a69e9f06a50c159bb621273f96fb2eb8 slrn-pull-
5eae976ba1e75fc8c7521355eb9166db slrn-
Online version of all Immunix 6.2 updates and advisories:

Online version of all Immunix 7.0-beta updates and advisories:

Online version of all Immunix 7.0 updates and advisories:

Ibiblio is graciously mirroring our updates, so if the links above are slow, please try:
or one of the many mirrors available at: