Bug 19518 - need LPRng 3.2.26
Summary: need LPRng 3.2.26
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: LPRng
Version: 7.0
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: Crutcher Dunnavant
QA Contact: David Lawrence
URL: http://www.astart.com/LPRng/CHANGES
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-10-21 17:40 UTC by Gene Czarcinski
Modified: 2007-03-27 03:36 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2000-10-24 10:42:05 UTC


Attachments (Terms of Use)

Description Gene Czarcinski 2000-10-21 17:40:16 UTC
LPRng has an update 3.2.26 out which fixes some security problems see the
LPRng changelog.  This should be considered high priotity.

Comment 1 Chris Evans 2000-10-21 20:12:53 UTC
Weren't these issues addressed by the RedHat security update?
Have any issues been fixed which were not fixed by the update?
I've found the LPRng changelog, and put it in the URL field.

Comment 2 Chris Evans 2000-10-21 20:19:03 UTC
And here, I've pasted the relevant Changelog entries:
-----
Release LPRng 3.6.26 Fri Oct 13 07:38:38 PDT 2000
 unsetenv() is not available on some systems.  Fallback
   to setenv and then putenv() if not present
 (Found by: Niklas Edmundsson <nikke@ing.umu.se>)

Release LPRng 3.6.25 Tue Oct  3 09:19:11 PDT 2000
 syslog Compromise -
   modified syslog to use 'syslog(xx,"%s", msg).
 gettext Compromise -
   added the following to Initialize():
    if( getuid() == 0 || geteuid() == 0 ) unsetenv("NLSPATH");
 IN6_ADDR removed,  in fact IPV6 stuff removed.

   See the various CERT advisories.  Sigh...
----

The RH update fixed the syslog() thing.
It looks like the NLSPATH thing will only be an issue if the printing clients
are suid-root, and
I don't think they are.
Anyway, the glibc update should take care of the NLSPATH issues...?

Comment 3 Crutcher Dunnavant 2000-10-23 15:49:35 UTC
Yeah, we got the syslog thing, and glibc should have gotten the other thing,
but gonna roll this anyway, got a printting update comming.

(as a side note, I cannot belive how fast this package itterates!, its like
netscape in the old days.)

Comment 4 Chris Evans 2000-10-23 18:41:43 UTC
Does this thing have the notion of UNIX socket support, avoiding the need to
network-listen in
many circumstances?


Note You need to log in before you can comment on or make changes to this bug.