Bug 19518 - need LPRng 3.2.26
need LPRng 3.2.26
Product: Red Hat Linux
Classification: Retired
Component: LPRng (Show other bugs)
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Crutcher Dunnavant
David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 2000-10-21 13:40 EDT by Gene Czarcinski
Modified: 2007-03-26 23:36 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-10-24 06:42:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Gene Czarcinski 2000-10-21 13:40:16 EDT
LPRng has an update 3.2.26 out which fixes some security problems see the
LPRng changelog.  This should be considered high priotity.
Comment 1 Chris Evans 2000-10-21 16:12:53 EDT
Weren't these issues addressed by the RedHat security update?
Have any issues been fixed which were not fixed by the update?
I've found the LPRng changelog, and put it in the URL field.
Comment 2 Chris Evans 2000-10-21 16:19:03 EDT
And here, I've pasted the relevant Changelog entries:
Release LPRng 3.6.26 Fri Oct 13 07:38:38 PDT 2000
 unsetenv() is not available on some systems.  Fallback
   to setenv and then putenv() if not present
 (Found by: Niklas Edmundsson <nikke@ing.umu.se>)

Release LPRng 3.6.25 Tue Oct  3 09:19:11 PDT 2000
 syslog Compromise -
   modified syslog to use 'syslog(xx,"%s", msg).
 gettext Compromise -
   added the following to Initialize():
    if( getuid() == 0 || geteuid() == 0 ) unsetenv("NLSPATH");
 IN6_ADDR removed,  in fact IPV6 stuff removed.

   See the various CERT advisories.  Sigh...

The RH update fixed the syslog() thing.
It looks like the NLSPATH thing will only be an issue if the printing clients
are suid-root, and
I don't think they are.
Anyway, the glibc update should take care of the NLSPATH issues...?
Comment 3 Crutcher Dunnavant 2000-10-23 11:49:35 EDT
Yeah, we got the syslog thing, and glibc should have gotten the other thing,
but gonna roll this anyway, got a printting update comming.

(as a side note, I cannot belive how fast this package itterates!, its like
netscape in the old days.)
Comment 4 Chris Evans 2000-10-23 14:41:43 EDT
Does this thing have the notion of UNIX socket support, avoiding the need to
network-listen in
many circumstances?

Note You need to log in before you can comment on or make changes to this bug.