Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 754
Alerts This Week
Warning Icon 1 754

RedHat 6.1: RHSA-2000:002-01 Critical: lpr Authentication Flaw

red hat
Calendar Grey March 7, 2000
Dist Redhat Esm H88
Update lpr packages on RedHat to enhance security and mitigate vulnerabilities. Follow the secure setup steps for integrity.
Authentication and configuration vulnerabilities that could lead to a root compromise exist.

Solution



For each RPM for your particular architecture, run:


rpm -Uvh filename


where filename is the name of the RPM.


Then, restart lpd:
/etc/rc.d/init.d/lpd restart








9. Verification:


MD5 sum Package Name

78f2220331189e723eab944b53d0710e i386/lpr-0.48-1.i386.rpm 3fcb89eb1a76741a505d3eeeddfa3674 alpha/lpr-0.48-1.alpha.rpm 441cfee04428ca215d98d9ce3d20bc4d sparc/lpr-0.48-1.sparc.rpm 55c6a740b03569919ec08992257cad96 SRPMS/lpr-0.48-1.src.rpm



These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
About

You can verify each package with the following command: rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename

Note that you need RPM >= 3.0 to check GnuPG keys.









Summary

References

Thanks to dildog@l0pht.com for finding this bug.

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Topic

Relevant Releases Architectures

Red Hat Linux 6.1, all architectures

5. Obsoleted by:

None

6. Conflicts with:

None

7. RPMs required:

Intel:

lpr-0.48-1.i386.rpm

Alpha:

lpr-0.48-1.alpha.rpm

SPARC:

lpr-0.48-1.sparc.rpm

Source:

lpr-0.48-1.src.rpm

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.