6225817 2001-03-15 16:55 -0800 /76 rader/ Greg KH <greg@WIREX.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-03-16 03:27 av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: greg@WIREX.COM
Mottagare: Bugtraq (import) <15941>
Ärende: Immunix OS Security update for slrn
------------------------------------------------------------
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: slrn
Affected products: Immunix OS 6.2, 7.0-beta, and 7.0
Bugs Fixed: immunix/1507
Date: March 15, 2001
Advisory ID: IMNX-2001-70-007-01
Author: Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------
Description:
A buffer overflow in the slrn news reader has been reported by Bill
Nottingham. This buffer is created on the heap, so it is not
protected from overflows by the StackGuard compiler (more information
detailing the overflows that StackGuard does protect against can be
found at http://immunix.org/stackguard.html )
This overflow can occur by creating a very long header in a news
message. Some messages that can cause the slrn news reader to
crash have been detected in the wild, but no exploits are currently
known at this time.
Immunix 7.0 does not install the slrn packages by default but
provides them in the extras/unsupported directory so they do not
need to be upgraded unless they have been installed manually by the
system administrator.
Packages have been created and released that fix these problems.
Package names and locations:
Precompiled binary packages for Immunix 6.2 are available at:
http://immunix.org/ImmunixOS/6.2/updates/RPMS/slrn-0.9.6.4-0.6_StackGuard.i386.rpm
http://immunix.org/ImmunixOS/6.2/updates/RPMS/slrn-pull-0.9.6.4-0.6_StackGuard.i386.rpm
Source package for Immunix 6.2 is available at:
http://immunix.org/ImmunixOS/6.2/updates/SRPMS/slrn-0.9.6.4-0.6_StackGuard.src.rpm
Precompiled binary packages for Immunix 7.0-beta and 7.0 are available at:
http://immunix.org/ImmunixOS/7.0/updates/RPMS/slrn-0.9.6.4-0.7_imnx.i386.rpm
http://immunix.org/ImmunixOS/7.0/updates/RPMS/slrn-pull-0.9.6.4-0.7_imnx.i386.rpm
Source package for Immunix 7.0-beta and 7.0 is available at:
http://immunix.org/ImmunixOS/7.0/updates/SRPMS/slrn-0.9.6.4-0.7_imnx.src.rpm
md5sums of the packages:
9de87e7b609fbf0ee9a37f836f4478c3 slrn-0.9.6.4-0.6_StackGuard.i386.rpm
2c044b58bb4caf5d818ad58f88aed3ff slrn-pull-0.9.6.4-0.6_StackGuard.i386.rpm
cff02c2823f0c15c05a48df6f75e5dd2 slrn-0.9.6.4-0.6_StackGuard.src.rpm
64c9fc7900e383474dacbd7712e4d7a4 slrn-0.9.6.4-0.7_imnx.i386.rpm
a69e9f06a50c159bb621273f96fb2eb8 slrn-pull-0.9.6.4-0.7_imnx.i386.rpm
5eae976ba1e75fc8c7521355eb9166db slrn-0.9.6.4-0.7_imnx.src.rpm
Online version of all Immunix 6.2 updates and advisories:
http://immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and advisories:
http://immunix.org/ImmunixOS/7.0-beta/updates/
Online version of all Immunix 7.0 updates and advisories:
http://immunix.org/ImmunixOS/7.0/updates/
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
(6225817) --------------------------------(Ombruten)
Bilaga (application/pgp-signature) i text 6225818
6225818 2001-03-15 16:55 -0800 /10 rader/ Greg KH <greg@WIREX.COM>
Importerad: 2001-03-16 03:27 av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: greg@WIREX.COM
Mottagare: Bugtraq (import) <15942>
Bilaga (text/plain) till text 6225817
Ärende: Bilaga till: Immunix OS Security update for slrn
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6sWSZAl5ylTeuKpURAv1+AJoCqI/P0+9rv056LayKF5/5MQaE6gCgmHOW
j1tv0XwMDwwA2DodtdE00kM=
=nfOh
-----END PGP SIGNATURE-----
(6225818) ------------------------------------------