Conectiva Linux Security Announcement - slrn

Mar 19, 2001, 22:38 (0 Talkback[s])

Date: Wed, 14 Mar 2001 15:58:55 -0300
From: secure@CONECTIVA.COM.BR
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: [CLA-2001:383] Conectiva Linux Security Announcement - slrn

---

CONECTIVA LINUX SECURITY ANNOUNCEMENT

---

PACKAGE   : slrn
SUMMARY   : Remote buffer overflow in slrn
DATE      : 2001-03-14 15:58:00
ID        : CLA-2001:383
RELEVANT
RELEASES  : 4.0, 4.0es, 4.1, 4.2, 5.0, prg graficos, ecommerce, 5.1, 6.0

---

DESCRIPTION
"slrn" is a text-mode news client. Previous versions have a buffer overflow vulnerability that could be exploited remotely via a carefully crafted news message.

SOLUTION
All slrn users should upgrade.

DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/slrn-pull-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/slrn-0.9.6.3-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/slrn-0.9.6.3-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/slrn-pull-0.9.6.3-1cl.i386.rpm

ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):

rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

---

All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

---

All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en