Re: Lprng version question

To: Wolftales@full-moon.com
Cc: debian-security@lists.debian.org
Subject: Re: Lprng version question
From: Jamie Heilman <jamie@audible.transient.net>
Date: Wed, 2 May 2001 01:46:53 -0700
Message-id: <20010502014653.C29883@audible.transient.net>
In-reply-to: <3AEF9A70.3E163F85@wolftales.org>; from wolftale@mail.wolftales.org on Tue, May 01, 2001 at 10:26:08PM -0700
References: <3AEF9A70.3E163F85@wolftales.org>

Wolftales wrote:

> Am I running a version that has the fix for the syslog() exploit?

Learn how to read a changelog, it will save you a lot of time and worry,
from /usr/share/doc/lprng/changelog.Debian.gz:

lprng (3.6.12-8) stable; urgency=high
  * Apparently the upstream lprng 3.6.15 which the setuid test code was
  * taken
    from was buggy itself giving lots of false positives!!
    This code is from 3.6.24 which does work. Closes: #74942, #74946

 -- Craig Small <> Tue, 17 Oct 2000 16:35:43 -0500

lprng (3.6.12-7) stable; urgency=high
  * SECURITY FIXES!!
  * syslog() overflow bug fixed
  * getttext NLSPATH security bug fixed.
  * spool_file_perms security bug fixed.
  * Added setuid Linux bug work-around.

 -- Craig Small <> Sun, 15 Oct 2000 15:42:02 -0500

-- 
Jamie Heilman                   http://audible.transient.net/~jamie/
"We must be born with an intuition of mortality.  Before we know the words
 for it, before we know there are words, out we come bloodied and squalling
 with the knowledge that for all the compasses in the world, there's only
 one direction, and time is its only measure."		-Rosencrantz

Reply to:

References:
- Lprng version question
  - From: Wolftales <wolftale@mail.wolftales.org>

Prev by Date: Re: Got root?
Next by Date: SSH-1.5-OpenSSH-1.2.3 of debian 2.2 is secure?
Previous by thread: Lprng version question
Next by thread: SSH-1.5-OpenSSH-1.2.3 of debian 2.2 is secure?
Index(es):
- Date
- Thread