Yellow Dog Linux Security Advisory: YDU-20030602-5
security
yellowdog-updates@lists.terrasoftsolutions.com
Tue, 03 Jun 2003 18:47:50 -0600
Yellow Dog Linux Security Announcement
--------------------------------------
Package: LPRng
Issue Date: Jun 02,2003
Priority: medium
Advisory ID: YDU-20030602-5
1. Topic:
Updated LPRng packages are available.
2. Problem:
"LPRng is a print spooler. LPRng includes a program, psbanner, that can be
used to produce Postscript banner pages to separate print jobs.
A vulnerability has been found in psbanner, which creates a temporary file
with a known filename in an insecure manner. An attacker could create a
symbolic link and cause arbitrary files to be written as the 'lp' user.
Users that have configured LPRng to use psbanner should install these
updated packages, which contain a patch so that psbanner does not create
the temporary file."
(From Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install LPRng
b) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
Yellow Dog Linux 3.0
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
ppc/LPRng-3.8.19-3.1.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
[Yellow Dog Linux 3.0]
ae0b1cd31023ce2b42654e2dbca10013 SRPMS/LPRng-3.8.19-3.1.src.rpm
97991a6beef564b6720b5d63d7b70a3d ppc/LPRng-3.8.19-3.1.ppc.rpm
If you wish to verify that each package has not been corrupted or
tampered with,
examine the md5sum with the following command: md5sum <filename>
5. Misc.
Terra Soft has setup a moderated mailing list where these security,
bugfix, and package
enhancement announcements will be posted. See
http://lists.terrasoftsolutions.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml