Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat Linux: RHSA-2000:066-03 Critical: Lpr Format String Flaw

red hat
Calendar Grey October 4, 2000
Dist Redhat Esm H88
Critical Red Hat advisory on lpr's format string flaw; fix instructions included for multiple architectures.
lpr has a format string security bug

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Additionally, after upgrading, you will want to restart your "lpd" service by executing the following as root:

/etc/rc.d/init.d/lpd restart

If you do not need printing at all on your system, we recommend you remove the lpr print system:

/etc/rc.d/init.d/lpd stop rpm -e lpr

5. Bug IDs fixed ( for more info):

16032 - LPRng lpd/BSD lpd generate stat errors in LPRng->BSD queue interactions. 11740 - Race condition in locking for LPD 16725 - BSD lpr 0.50-5 Errata Tracking Bug


6. RPMs required:

Red Hat Linux 5.2:

alpha:


sparc:


i386:


sources:


Red Hat Linux 6.2:

alpha:


sparc:


i386:


sources:


7. Verification:

MD5 sum Package Name 8320299c73f4fb86ba0ff8738eb363b5 5.2/SRPMS/lpr-0.50-7.src.rpm ed03f53623add36f3b6da694c49c89c2 5.2/alpha/lpr-0.50-7.alpha.rpm bf72425f9ddb0f8d9e2643fbea360f23 5.2/i386/lpr-0.50-7.i386.rpm cc2da623757572ed07ab4d88c57422ae 5.2/sparc/lpr-0.50-7.sparc.rpm f6082e546a94575ab4c147bc9440bdd1 6.2/SRPMS/lpr-0.50-7.src.rpm eaade33acd33346611b7171c2dd7ea03 6.2/alpha/lpr-0.50-7.alpha.rpm 542a70425ac1b75fb78880fc08f01986 6.2/i386/lpr-0.50-7.i386.rpm 81a48e5d2d91d54d4ea8a4f9c89d5a41 6.2/sparc/lpr-0.50-7.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:


You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

References

Thanks go to Chris Evans <chris@scary.beasts.org> for spotting this in the OpenBSD lpr CVS commit logs, and verifying the problem existed for Linux as well. Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2000:066-03
Issue date: 2000-09-25
Updated on: 2000-10-04
Product: Red Hat Linux
Keywords: lpr security lpd LPRng
Cross references: N/A

Topic

Relevant Releases Architectures

Red Hat Linux 5.0 - i386, alpha

Red Hat Linux 5.1 - i386, alpha, sparc

Red Hat Linux 5.2 - i386, alpha, sparc

Red Hat Linux 6.0 - i386, alpha, sparc

Red Hat Linux 6.1 - i386, alpha, sparc

Red Hat Linux 6.2 - i386, alpha, sparc

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here