Bug 19518

Summary: need LPRng 3.2.26
Product: [Retired] Red Hat Linux Reporter: Gene Czarcinski <gczarcinski>
Component: LPRngAssignee: Crutcher Dunnavant <crutcher>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: high    
Version: 7.0CC: chris, dr
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: http://www.astart.com/LPRng/CHANGES
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-10-24 10:42:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gene Czarcinski 2000-10-21 17:40:16 UTC 
LPRng has an update 3.2.26 out which fixes some security problems see the
LPRng changelog.  This should be considered high priotity.
Comment 1 Chris Evans 2000-10-21 20:12:53 UTC 
Weren't these issues addressed by the RedHat security update?
Have any issues been fixed which were not fixed by the update?
I've found the LPRng changelog, and put it in the URL field.
Comment 2 Chris Evans 2000-10-21 20:19:03 UTC 
And here, I've pasted the relevant Changelog entries:
-----
Release LPRng 3.6.26 Fri Oct 13 07:38:38 PDT 2000
 unsetenv() is not available on some systems.  Fallback
   to setenv and then putenv() if not present
 (Found by: Niklas Edmundsson <nikke.se>)

Release LPRng 3.6.25 Tue Oct  3 09:19:11 PDT 2000
 syslog Compromise -
   modified syslog to use 'syslog(xx,"%s", msg).
 gettext Compromise -
   added the following to Initialize():
    if( getuid() == 0 || geteuid() == 0 ) unsetenv("NLSPATH");
 IN6_ADDR removed,  in fact IPV6 stuff removed.

   See the various CERT advisories.  Sigh...
----

The RH update fixed the syslog() thing.
It looks like the NLSPATH thing will only be an issue if the printing clients
are suid-root, and
I don't think they are.
Anyway, the glibc update should take care of the NLSPATH issues...?
Comment 3 Crutcher Dunnavant 2000-10-23 15:49:35 UTC 
Yeah, we got the syslog thing, and glibc should have gotten the other thing,
but gonna roll this anyway, got a printting update comming.

(as a side note, I cannot belive how fast this package itterates!, its like
netscape in the old days.)
Comment 4 Chris Evans 2000-10-23 18:41:43 UTC 
Does this thing have the notion of UNIX socket support, avoiding the need to
network-listen in
many circumstances?