- --------------------------------------------------------------------------
Debian Security Advisory DSA 285-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
April 14th, 2003                         Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : lprng
Vulnerability  : insecure temporary file
Problem-Type   : local
Debian-specific: no
CVE Id         : CAN-2003-0136

Karol Lewandowski discovered that psbanner, a printer filter that
creates a PostScript format banner and is part of LPRng, insecurely
creates a temporary file for debugging purpose when it is configured
as filter.  The program does not check whether this file already
exists or is linked to another place writes its current environment
and called arguments to the file unconditionally with the user id
daemon.

For the stable distribution (woody) this problem has been fixed in
version 3.8.10-1.2.

The old stable distribution (potato) is not affected by this problem.

For the unstable distribution (sid) these problems have been fixed in
version 3.8.20-4.

We recommend that you upgrade your lprng package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:      656 5b675ef9bc39b470e3ec8cb1b88150b4
      
      Size/MD5 checksum:    17298 53d5ce171d250135756bf4682a82737d
      
      Size/MD5 checksum:  5125140 3127e3793b94bd4a403a3809b1d8467b

  Architecture independent components:

      
      Size/MD5 checksum:  1709460 2cec616424b93bfe9df97b0b378b0c6b

  Alpha architecture:

      
      Size/MD5 checksum:   543788 2889fb7f5dcca329b03edc9f1489e1e6

  ARM architecture:

      
      Size/MD5 checksum:   511150 becc4d3f2165ae49dfbf518ce488caea

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   467568 b16f01e1ea4a1c458a6e32829a85c7b3

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   631104 b34cf87d77dd353bf702d403e9561718

  HP Precision architecture:

      
      Size/MD5 checksum:   544364 b6e5e6f81c4d291c65b55fbe71ac6747

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   467846 2659f796ef5715191e6ab5919cdddb30

  Big endian MIPS architecture:

      
      Size/MD5 checksum:   480194 93b19b4230658fa889315579da6d4db2

  Little endian MIPS architecture:

      
      Size/MD5 checksum:   477314 9edafa58c5a2bf0f3dcbb1c1a1542a78

  PowerPC architecture:

      
      Size/MD5 checksum:   512804 d0d141a47635f7c4ccf208489d14e6bb

  IBM S/390 architecture:

      
      Size/MD5 checksum:   505336 a897c14ef252fb998395d67c9eeab1cd

  Sun Sparc architecture:

      
      Size/MD5 checksum:   513382 fc6769e619873033d73a3c7d9cb47fb9


  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: lprng insecure temporary file vulnerability

April 14, 2003
psbanner, a printer filter, insecurely creates a temporary file for debugging purpose when it is configured as filter.

Summary

Karol Lewandowski discovered that psbanner, a printer filter that
creates a PostScript format banner and is part of LPRng, insecurely
creates a temporary file for debugging purpose when it is configured
as filter. The program does not check whether this file already
exists or is linked to another place writes its current environment
and called arguments to the file unconditionally with the user id
daemon.

For the stable distribution (woody) this problem has been fixed in
version 3.8.10-1.2.

The old stable distribution (potato) is not affected by this problem.

For the unstable distribution (sid) these problems have been fixed in
version 3.8.20-4.

We recommend that you upgrade your lprng package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody

Source archives:


Size/MD5 checksum: 656 5b675ef9bc39b470e3ec8cb1b88150b4

Size/MD5 checksum: 17298 53d5ce171d250135756bf4682a82737d

Size/MD5 checksum: 5125140 3127e3793b94bd4a403a3809b1d8467b

Architecture independent components:


Size/MD5 checksum: 1709460 2cec616424b93bfe9df97b0b378b0c6b

Alpha architecture:


Size/MD5 checksum: 543788 2889fb7f5dcca329b03edc9f1489e1e6

ARM architecture:


Size/MD5 checksum: 511150 becc4d3f2165ae49dfbf518ce488caea

Intel IA-32 architecture:


Size/MD5 checksum: 467568 b16f01e1ea4a1c458a6e32829a85c7b3

Intel IA-64 architecture:


Size/MD5 checksum: 631104 b34cf87d77dd353bf702d403e9561718

HP Precision architecture:


Size/MD5 checksum: 544364 b6e5e6f81c4d291c65b55fbe71ac6747

Motorola 680x0 architecture:


Size/MD5 checksum: 467846 2659f796ef5715191e6ab5919cdddb30

Big endian MIPS architecture:


Size/MD5 checksum: 480194 93b19b4230658fa889315579da6d4db2

Little endian MIPS architecture:


Size/MD5 checksum: 477314 9edafa58c5a2bf0f3dcbb1c1a1542a78

PowerPC architecture:


Size/MD5 checksum: 512804 d0d141a47635f7c4ccf208489d14e6bb

IBM S/390 architecture:


Size/MD5 checksum: 505336 a897c14ef252fb998395d67c9eeab1cd

Sun Sparc architecture:


Size/MD5 checksum: 513382 fc6769e619873033d73a3c7d9cb47fb9


These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/





Severity
Package : lprng
Vulnerability : insecure temporary file
Problem-Type : local
Debian-specific: no
CVE Id : CAN-2003-0136

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved