New versions of lpr released
Summary
The version of lpr that was distributed with Debian GNU/Linux 2.1
suffers from a couple of problems:
* there was a race in lpr that could be exploited by users to print files they
can not normally read
* lpd did not check permissions of queue-files. As a result by using the -s
flag it could be tricked into printing files a user can otherwise not read
This has been fixed in version 0.46-1-0slink1. We recommend you upgrade
your lpr package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.
Source archives:
-1-0slink1.diff.gz
MD5 checksum: 892fe5abc2394acff065155fdfcadcaa
-1-
0slink1.dsc
MD5 checksum: 672509df5c5c611c26e80ba76bb11bf4
-
1.orig.tar.gz
MD5 checksum: 6e4b198d7d5db3c6da743de95207bf61
Alpha architecture:
alpha/lpr_0.46-1-0slink1_alpha.deb
MD5 checksum: 0e9b8a97efa676ca850fe45d9eed190b
Intel ia32 architecture:
i386/lpr_0.46-1-0slink1_i386.deb
MD5 checksum: 694600a076aee86b99780c5e915fb901
Motorola 680x0 architecture:
m68k/lpr_0.46-1-0slink1_m68k.deb
MD5 checksum: c8104518df9b17043dfd60cd91c7acf8
Sun Sparc architecture:
sparc/lpr_0.46-1-0slink1_sparc.deb
MD5 checksum: b02923c9f1ae9ffdbd830f88ef0feeea
These files will be moved into
soon.
For not yet released architectures please refer to the appropriate
directory .
- --
For apt-get: deb Debian -- Security Information stable
updates
For dpkg-ftp: dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBOBsNMKjZR/ntlUftAQHjDAL5AbhXns3b2BRSO2YkIHseE1VVOhbVeW+M
wAWJwWm6fcCO387aD8k2RyPBzDPQjjhiFC/P7vdCG8GTPRZ8aYYZBodXMXPuKRqF
/ZW1OTIb518y2oO6zkRaShGGbeJBrZ+I
=n8P2
-----END PGP SIGNATURE-----
