[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Lprng version question

Wolftales wrote:

> Am I running a version that has the fix for the syslog() exploit?

Learn how to read a changelog, it will save you a lot of time and worry,
from /usr/share/doc/lprng/changelog.Debian.gz:

lprng (3.6.12-8) stable; urgency=high
  * Apparently the upstream lprng 3.6.15 which the setuid test code was
  * taken
    from was buggy itself giving lots of false positives!!
    This code is from 3.6.24 which does work. Closes: #74942, #74946

 -- Craig Small <> Tue, 17 Oct 2000 16:35:43 -0500

lprng (3.6.12-7) stable; urgency=high
  * syslog() overflow bug fixed
  * getttext NLSPATH security bug fixed.
  * spool_file_perms security bug fixed.
  * Added setuid Linux bug work-around.

 -- Craig Small <> Sun, 15 Oct 2000 15:42:02 -0500

Jamie Heilman                   http://audible.transient.net/~jamie/
"We must be born with an intuition of mortality.  Before we know the words
 for it, before we know there are words, out we come bloodied and squalling
 with the knowledge that for all the compasses in the world, there's only
 one direction, and time is its only measure."		-Rosencrantz

Reply to: