Stay Secure with the Latest Linux Advisories

security advisorycritical issuepackage update

Debian GNU/Linux 2.1: Critical Advisory for Lpr Exploits

The version of lpr that was distributed with Debian GNU/Linux 2.1 suffers from a couple of problems: * there was a race in lpr that could be exploited by users to print files they can not normally read * lpd did not check permissions of queue-files. As a result by using the -s flag it could be tricked into printing files a user can otherwise not read . -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Wichert Akkerman October 30, 1999 - ------------------------------------------------------------------------ The version of lpr that was distributed with Debian GNU/Linux 2.1 suffers from a couple of problems: * there was a race in lpr that could be exploited by users to print files they can not normally read * lpd did not check permissions of queue-files. As a result by using the -s flag it could be tricked into printing files a user can otherwise not read This has been fixed in version 0.46-1-0slink1. We recommend you upgrade your lpr package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.1 alias slink - -------------------------------- This version of Debian was released only for Intel, the Motorola 680x0, the alpha and the Sun sparc architecture. Source archives: -1-0slink1.diff.gz MD5 checksum: 892fe5abc2394acff065155fdfcadcaa -1- 0slink1.dsc MD5 checksum: 672509df5c5c611c26e80ba76bb11bf4 - 1.orig.tar.gz MD5 checksum: 6e4b198d7d5db3c6da743de95207bf61 Alpha architecture: alpha/lpr_0.46-1-0slink1_alpha.deb MD5 checksum: 0e9b8a97efa676ca850fe45d9eed190b Intel ia32 architecture: i386/lpr_0.46-1-0slink1_i386.deb MD5 checksum: 694600a076aee86b99780c5e915fb901 Motorola 680x0 architecture: m68k/lpr_0.46-1-0slink1_m68k.deb MD5 checksum:c8104518df9b17043dfd60cd91c7acf8 Sun Sparc architecture: sparc/lpr_0.46-1-0slink1_sparc.deb MD5 checksum: b02923c9f1ae9ffdbd830f88ef0feeea These files will be moved into soon. For not yet released architectures please refer to the appropriate directory . - -- - ---------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable updates For dpkg-ftp: dists/stable/updates Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBOBsNMKjZR/ntlUftAQHjDAL5AbhXns3b2BRSO2YkIHseE1VVOhbVeW+M wAWJwWm6fcCO387aD8k2RyPBzDPQjjhiFC/P7vdCG8GTPRZ8aYYZBodXMXPuKRqF /ZW1OTIb518y2oO6zkRaShGGbeJBrZ+I =n8P2 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------. version, distributed, debian, gnu/linux, suffers, couple, problems. . Severity: Critical. LinuxSecurity.com Team

Dec 13, 1999 •Critical Debian