LPRng has an update 3.2.26 out which fixes some security problems see the
LPRng changelog. This should be considered high priotity.
Weren't these issues addressed by the RedHat security update?
Have any issues been fixed which were not fixed by the update?
I've found the LPRng changelog, and put it in the URL field.
And here, I've pasted the relevant Changelog entries:
Release LPRng 3.6.26 Fri Oct 13 07:38:38 PDT 2000
unsetenv() is not available on some systems. Fallback
to setenv and then putenv() if not present
(Found by: Niklas Edmundsson <firstname.lastname@example.org>)
Release LPRng 3.6.25 Tue Oct 3 09:19:11 PDT 2000
syslog Compromise -
modified syslog to use 'syslog(xx,"%s", msg).
gettext Compromise -
added the following to Initialize():
if( getuid() == 0 || geteuid() == 0 ) unsetenv("NLSPATH");
IN6_ADDR removed, in fact IPV6 stuff removed.
See the various CERT advisories. Sigh...
The RH update fixed the syslog() thing.
It looks like the NLSPATH thing will only be an issue if the printing clients
are suid-root, and
I don't think they are.
Anyway, the glibc update should take care of the NLSPATH issues...?
Yeah, we got the syslog thing, and glibc should have gotten the other thing,
but gonna roll this anyway, got a printting update comming.
(as a side note, I cannot belive how fast this package itterates!, its like
netscape in the old days.)
Does this thing have the notion of UNIX socket support, avoiding the need to