slrn executes shell code. The slrn news reader
has an interesting problem: evidently slrn will execute any shell code it
finds within an article, on the theory that the article is a
self-extracting archive. This may have been desirable behavior in 1982,
but it presents certain difficulties in modern times. Users of slrn should
apply the update. This vulnerability was first reported in the September 27 LWN security
page.
This week's updates:
Previous updates: