Date: Thu, 15 Mar 2001 16:55:53 -0800
From: Greg KH [email protected]
To: [email protected]
Subject: Immunix OS Security update for slrn
Immunix OS Security Advisory
Packages updated: slrn
Affected products: Immunix OS 6.2, 7.0-beta, and 7.0
Bugs Fixed: immunix/1507
Date: March 15, 2001
Advisory ID: IMNX-2001-70-007-01
Author: Greg Kroah-Hartman
Description:
A buffer overflow in the slrn news reader has been reported by Bill
Nottingham. This buffer is created on the heap, so it is not
protected from overflows by the StackGuard compiler (more
information detailing the overflows that StackGuard does protect
against can be found at http://immunix.org/stackguard.html
)
This overflow can occur by creating a very long header in a news
message. Some messages that can cause the slrn news reader to crash
have been detected in the wild, but no exploits are currently known
at this time.
Immunix 7.0 does not install the slrn packages by default but
provides them in the extras/unsupported directory so they do not
need to be upgraded unless they have been installed manually by the
system administrator.
Packages have been created and released that fix these
problems.
Package names and locations:
Precompiled binary packages for Immunix 6.2 are available
at:
http://immunix.org/ImmunixOS/6.2/updates/RPMS/slrn-0.9.6.4-0.6_StackGuard.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/RPMS/slrn-pull-0.9.6.4-0.6_StackGuard.i386.rpm
Source package for Immunix 6.2 is available at:
http://immunix.org/ImmunixOS/6.2/updates/SRPMS/slrn-0.9.6.4-0.6_StackGuard.src.rpm
Precompiled binary packages for Immunix 7.0-beta and 7.0 are
available at:
http://immunix.org/ImmunixOS/7.0/updates/RPMS/slrn-0.9.6.4-0.7_imnx.i386.rpm
http://immunix.org/ImmunixOS/7.0/updates/RPMS/slrn-pull-0.9.6.4-0.7_imnx.i386.rpm
Source package for Immunix 7.0-beta and 7.0 is available at:
http://immunix.org/ImmunixOS/7.0/updates/SRPMS/slrn-0.9.6.4-0.7_imnx.src.rpm
md5sums of the packages: 9de87e7b609fbf0ee9a37f836f4478c3 slrn-0.9.6.4-0.6_StackGuard.i386.rpm 2c044b58bb4caf5d818ad58f88aed3ff slrn-pull-0.9.6.4-0.6_StackGuard.i386.rpm cff02c2823f0c15c05a48df6f75e5dd2 slrn-0.9.6.4-0.6_StackGuard.src.rpm 64c9fc7900e383474dacbd7712e4d7a4 slrn-0.9.6.4-0.7_imnx.i386.rpm a69e9f06a50c159bb621273f96fb2eb8 slrn-pull-0.9.6.4-0.7_imnx.i386.rpm 5eae976ba1e75fc8c7521355eb9166db slrn-0.9.6.4-0.7_imnx.src.rpm
Online version of all Immunix 6.2 updates and advisories:
http://immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and
advisories:
http://immunix.org/ImmunixOS/7.0-beta/updates/
Online version of all Immunix 7.0 updates and advisories:
http://immunix.org/ImmunixOS/7.0/updates/
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above
are slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html