Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
89
security advisorymoderateupdateFedora Core 3: 2005-208 Moderate: PAM Authentication Check Update
o Added check in at(1) to verify if atd PAM authentication will succeed; Job submission will be denied if atd PAM authentication fails. o Fixed PAM authentication in atd (bug 150131).. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-208 2005-03-11 ---------------------------------------------------------------------Product : Fedora Core 3 Name : at Version : 3.1.8 Release : 68_FC3 Summary : Job spooling tools. Description : At and batch read commands from standard input or from a specified file. At allows you to specify that a command will be run at a particular time. Batch will execute commands when the system load levels drop to a particular level. Both commands use /bin/sh. You should install the at package if you need a utility for time-oriented job control. Note: If it is a recurring job that will need to be repeated at the same time every day/week, etc. you should use crontab instead. ---------------------------------------------------------------------Update Information: o Added check in at(1) to verify if atd PAM authentication will succeed; Job submission will be denied if atd PAM authentication fails. o Fixed PAM authentication in atd (bug 150131). ---------------------------------------------------------------------* Tue Mar 8 2005 Jason Vas Dias 3.1.8-68 - Put PAM authentication check in 'check_permissions()', so - user can know when using at(1) if PAM permission is denied. * Tue Mar 8 2005 Jason Vas Dias 3.1.8-67 - better fix for bug 150131: change DAEMON_USERNAME and - DAEMON_GROUPNAME to 'root' . * Mon Mar 7 2005 Jason Vas Dias 3.1.8-66 - fix bug 150131: atd should not relinquish root privilege if - doing su(1) equivalent with PAM . * Tue Jan 25 2005 Jason Vas Dias 3.1.8-64 - bugs 5160/146132: add PAM authentication control to atd * Tue Oct 5 2004 Jason Vas Dias 3.1.8-60 - fix bug 131510:no_export env. var. blacklisting should not - remove 'SHELL' when only 'SHELLOPTS' is blacklisted. - at(1) man-page should not say 'commands are run with /bin/sh' - and should explain usage of SHELL environement variable and - details of blacklisted variables. * Tue Sep 28 2004 Rik van Riel 3.1.8-58 - fix typo in man page, bug 112303 - (regenerated at-3.1.8-man-timespec-path.patch with fix) * Tue Aug 3 2004 Jason Vas Dias - fixed bug 125634 - made usage() agree with manpage * Thu Jul 29 2004 Jason Vas Dias - Added POSIX.2 -t option for RFE 127485 * Thu Jul 29 2004 Jason Vas Dias - Had to disable the 'make test' for the build BEFORE - any changes were made (building on FC2 - perl issue?) - test.pl generates these 'errors' for what looks like - valid output to me: - $ ./test.pl 2> &1 | egrep -v '(^ok$)|(time_only)' - 1..3656 - not ok - 'Monday - 1 month': 'Fri Jul 2 18:29:00 2004' =? 'Sat Jul 3 18:29:00 2004' - not ok - 'Monday - 10 months': 'Thu Oct 2 18:29:00 2003' =? 'Fri Oct 3 18:29:00 2003' - not ok - 'next week - 1 month': 'Mon Jul 5 18:29:00 2004' =? 'Tue Jul 6 18:29:00 2004' - not ok - 'next week - 10 months': 'Sun Oct 5 18:29:00 2003' =? 'Mon Oct 6 18:29:00 2003' - will investigate and fix for next release. * Tue Jun 15 2004 Elliot Lee - rebuilt * Wed May 12 2004 Thomas Woerner - 3.1.8-54 - fixed pie patch: at is pie, now - added build requires for libselinux-devel * Tue May 4 2004 Dan Walsh - 3.1.8-53 - Add fileentrypoint check * Thu Apr 15 2004 Dan Walsh - 3.1.8-52 - Fix SELinux patch * Mon Feb 23 2004 Tim Waugh - Use ':' instead of '.' as separator for chown. * Fri Feb 13 2004 Elliot Lee - 3.1.8-50 - rebuilt * Tue Dec 9 2003 Jens Petersen - 3.1.8-49 - replace at-3.1.8-SHELL-91233.patch by at-3.1.8-SHELL-111386.patch which now executes $SHELL directly in the at shell script after all the variables have been setup with /bin/sh (#91233) [suggested by GöranUddeborg] - this changelog is now in utf-8 * Fri Nov 7 2003 Jens Petersen - 3.1.8-48 - add at-3.1.8-pie.patch to build atd as pie (#108415) [Ulrich Drepper] * Fri Oct 31 2003 Dan Walsh - 3.1.8-47.sel * Fri Jun 20 2003 Jens Petersen - 3.1.8-46 - add at-3.1.8-atrun.8-typo-97697.patch to fix typo in atrun.8 (#97697) - update at.1 description of shell behaviour (#91233) * Tue Jun 17 2003 Jens Petersen - 3.1.8-45 - make the job shell default to SHELL instead of "/bin/sh" (#91233) * Wed Jun 4 2003 Elliot Lee - 3.1.8-44 - rebuilt * Tue Jun 3 2003 Jens Petersen - 3.1.8-43 - Replace redundant at-3.1.7-paths.patch by at-3.1.8-man-timespec-path.patch to fix timespec path * Tue Jun 3 2003 Jens Petersen - 3.1.8-41 - update source to at_3.1.8-11 from debian upstream - update source url - at-debian.patch no longer needed - at-3.1.7-paths.patch: the patch to "at.1.in" no longer needed - replace at-3.1.8-lexer.patch with at-3.1.8-11-lexer-parser.diff - at-3.1.8-dst.patch no longer needed - at-3.1.8-lsbdoc.patch no longer needed - at-3.1.8-o_excl.patch no longer needed - bump release number - at-3.1.8-test.patch: move out test.pl to a separate source file - apply at-3.1.8-test-fix.patch to it and drop patch - at-3.1.8-shell.patch: drop (#22216,#91233) - run "make test" after building - add "--without check" rpmbuild option - fix autoconf comment to point to right patch - use _sysconfdir, _sbindir, _bindir, and _localstatedir * Wed Jan 22 2003 Tim Powers 3.1.8-33 - rebuilt * Wed Nov 27 2002 Tim Powers 3.1.8-32 - remove unpackaged files from the buildroot * Thu Jul 25 2002 Bill Huang - Fixed delaying job execution and missing starting jobs..(bug#69595) (Thanks Bujor D Silaghi for his patch.) * Fri Jul 19 2002 Bill Huang - Fixed cleaning atq and multiple atd daemon.(bug#67414) (Thanks Bujor D Silaghi for his patch.) * Fri Jul 19 2002 Bill Huang - Fixed error message output in atd.c * FriJun 21 2002 Tim Powers - automated rebuild * Mon May 27 2002 Bill Huang - Rebuild for Milan * Thu May 23 2002 Tim Powers - automated rebuild * Fri Feb 1 2002 Bernhard Rosenkraenzer 3.1.8-25 - Require smtpdaemon rather than sendmail - postfix works just as well. * Thu Jan 31 2002 Bill Nottingham 3.1.8-24 - rebuild in new env. * Thu Jan 17 2002 Trond Eivind Glomsrød 3.1.8-23 - s/Copyright/License/ * Mon Jan 14 2002 Adrian Havill 3.1.8-21 - fix man page (#51253) - fix env prop problem (#49491) - .SEQ should not be executable (#52626) - beefed up file creation perms against symlink exploits (O_EXCL) * Thu Aug 2 2001 Crutcher Dunnavant 3.1.8-20 - updated patch update, still bug #46546 * Wed Jul 18 2001 Crutcher Dunnavant - applied enrico.scholz@informatik.tu-chemnitz.de's change to the env patch to - address bug #46546 * Mon Jun 25 2001 Crutcher Dunnavant - changed atd.init to start at 95, stop at 5, closing #15915 - applied mailto:wp@supermedia.pl's environment patch * Sun Jun 24 2001 Elliot Lee - Bump release + rebuild. * Wed Apr 4 2001 Crutcher Dunnavant - much love to David Kilzer - who nailed UTC, Leap year, DST, and some other edge cases down - he also wrote a test harness in perl - bug #28448 * Fri Feb 2 2001 Trond Eivind Glomsrød - i18nize initscript * Tue Dec 12 2000 Bill Nottingham - fix documentation of which shell commands will be run with (#22216) * Wed Aug 23 2000 Crutcher Dunnavant - Well, we will likely never really close the UTC issues, - because of 1) fractional timezones, and 2) daylight savigns time. - but there is a slight tweak to the handling of dst in the UTC patch. * Wed Aug 23 2000 Crutcher Dunnavant - fixed bug #15685 - which had at miscaluclating UTC times. * Sat Jul 15 2000 Bill Nottingham - move initscript back * Wed Jul 12 2000 Prospector - automatic rebuild * Thu Jul 6 2000 Bill Nottingham - prereq /etc/init.d *Sat Jul 1 2000 Nalin Dahyabhai - fix syntax error in init script * Tue Jun 27 2000 Preston Brown - don't prereq, only require initscripts * Mon Jun 26 2000 Preston Brown - move init script - add condrestart directive - fix post/preun/postun scripts - prereq initscripts > = 5.20 * Sat Jun 17 2000 Bill Nottingham - fix verify of /var/spool/at/.SEQ (#12262) * Mon Jun 12 2000 Nalin Dahyabhai - fix status checking and syntax error in init script * Fri Jun 9 2000 Bill Nottingham - fix for long usernames (#11321) - add some bugfixes from debian * Mon May 8 2000 Bernhard Rosenkraenzer - 3.1.8 * Wed Mar 1 2000 Bill Nottingham - fix a couple of more typos, null-terminate some strings * Thu Feb 10 2000 Bill Nottingham - fix many-years-old typo in atd.c * Thu Feb 3 2000 Bill Nottingham - handle compressed man pages * Mon Aug 16 1999 Bill Nottingham - initscript munging, build as non-root user * Sun Jun 13 1999 Jeff Johnson - correct perms for /var/spool/at after defattr. * Mon May 24 1999 Jeff Johnson - reset SIGCHLD before exec (#3016). * Sun Mar 21 1999 Cristian Gafton - auto rebuild in the new build environment (release 8) * Thu Mar 18 1999 Cristian Gafton - fix handling the 12:00 time * Wed Jan 13 1999 Bill Nottingham - configure fix for arm * Wed Jan 6 1999 Cristian Gafton - build for glibc 2.1 * Tue May 5 1998 Prospector System - translations modified for de, fr, tr * Wed Apr 22 1998 Michael K. Johnson - enhanced initscript * Sun Nov 9 1997 Michael K. Johnson - learned to spell * Wed Oct 22 1997 Michael K. Johnson - updated to at version 3.1.7 - updated lock and sequence file handling with %ghost - Use chkconfig and atd, now conflicts with old crontabs packages * Thu Jun 19 1997 Erik Troan - built against glibc ---------------------------------------------------------------------This update can be downloaded from: 6298f4951df74da90f772aea459eac49 SRPMS/at-3.1.8-68_FC3.src.rpm c22b420912cd79ddec719b0fedc9ba87 x86_64/at-3.1.8-68_FC3.x86_64.rpm 90d0fe3286862af9bcf222040083077e x86_64/debug/at-debuginfo-3.1.8-68_FC3.x86_64.rpm 024298e264411999e41bc47a268f2a7d i386/at-3.1.8-68_FC3.i386.rpm 2ebb87cb03de380e44f0d10ea69e223b i386/debug/at-debuginfo-3.1.8-68_FC3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Mar 11, 2005
Fedora
98
security advisoryunauthorized accessred hatRed Hat 7.x: RHSA-2002:089-07 Critical Unauthorized Access in LPRng
The LPRng print spooler, as shipped in Red Hat Linux 7.x, accepts allremote print jobs by default.. `` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Relaxed LPRng job submission policy Advisory ID: RHSA-2002:089-07 Issue date: 2002-05-16 Updated on: 2002-06-09 Product: Red Hat Linux Keywords: LPRng Cross references: Obsoletes: RHSA-2001:077 CVE Names: CAN-2002-0378 --------------------------------------------------------------------- 1. Topic: The LPRng print spooler, as shipped in Red Hat Linux 7.x, accepts all remote print jobs by default. 2. Relevant releases/architectures: Red Hat Linux 7.0 - alpha, i386 Red Hat Linux 7.1 - alpha, i386, ia64 Red Hat Linux 7.2 - i386, ia64 Red Hat Linux 7.3 - i386 3. Problem description: With its default configuration, LPRng will accept job submissions from any host, which is not appropriate in a workstation environment. We are grateful to Matthew Caron for pointing out this configuration problem. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0378 to this issue. The updated packages from this advisory change the job submission policy (in /etc/lpd.perms) so that jobs from remote hosts are refused by default. Those running print servers may want to adjust this policy as appropriate, for example to give access to certain hosts or subnets. For details on how to do this see the lpd.perms(5) man page. Since Red Hat Linux 7.1, default installations include ipchains rules blocking remote access to the print spooler IP port; as a result those installations already reject remote job submissions. However, Red Hat Linux 7 machines and any machine upgraded to a later release (as opposed to having been freshly installed) will not have ipchains rules in place by default. IMPORTANT: There are special instructions for installing this update at the end of the"Solution" section below. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. After upgrading, you should check that the new configuration file is activated. To do this, type the following command: grep "X NOT SERVER" /etc/lpd.perms If this commad returns no output, you will need to put the new configuration file in place by typing: mv /etc/lpd.perms.rpmnew /etc/lpd.perms 5. Bug IDs fixed ( for more info): 6. RPMs required: Red Hat Linux 7.0: SRPMS: alpha: i386: Red Hat Linux 7.1: SRPMS: alpha: i386: ia64: Red Hat Linux 7.2: SRPMS: i386: ia64: Red Hat Linux 7.3: SRPMS: i386: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 69f458cca66118c3516a836fe81bea0c 7.0/en/os/SRPMS/LPRng-3.7.4-23.1.src.rpm a48b696acd1d993e0ed0592ec06e14c0 7.0/en/os/alpha/LPRng-3.7.4-23.1.alpha.rpm 5443ead6739e417c77b4ce4af28124cc 7.0/en/os/i386/LPRng-3.7.4-23.1.i386.rpm 69f458cca66118c3516a836fe81bea0c 7.1/en/os/SRPMS/LPRng-3.7.4-23.1.src.rpm a48b696acd1d993e0ed0592ec06e14c0 7.1/en/os/alpha/LPRng-3.7.4-23.1.alpha.rpm 5443ead6739e417c77b4ce4af28124cc7.1/en/os/i386/LPRng-3.7.4-23.1.i386.rpm cbd09b4ebd705011785c4ffdf63bde74 7.1/en/os/ia64/LPRng-3.7.4-23.1.ia64.rpm 33bad25aff0a6ea45564acac4a3843da 7.2/en/os/SRPMS/LPRng-3.7.4-28.1.src.rpm 0940df47e5a6a33c1bdeac9d0d2d29e7 7.2/en/os/i386/LPRng-3.7.4-28.1.i386.rpm 89d7d9f82d2425cc7221665110045260 7.2/en/os/ia64/LPRng-3.7.4-28.1.ia64.rpm 0a63596e6de46f9e32c2dd3b025c68a5 7.3/en/os/SRPMS/LPRng-3.8.9-4.src.rpm a6d4b8b6cb30cddb686c102e27997d6d 7.3/en/os/i386/LPRng-3.8.9-4.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: CVE -CVE-2002-0378 Copyright(c) 2000, 2001, 2002 Red Hat, Inc. _______________________________________________ Red Hat-watch-list mailing list To unsubscribe, visit: ``. Red Hat advisory reveals critical LPRng print spooler vulnerability allowing unauthorized access. Update recommended.. RedHat Linux, LPRng, Print Spooler, Unauthorized Access. . Severity: Critical. LinuxSecurity.com Team
Jun 11, 2002
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!