Yellow Dog Linux Security Advisory: YDU-20030602-5

security yellowdog-updates@lists.terrasoftsolutions.com
Tue, 03 Jun 2003 18:47:50 -0600 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	LPRng
Issue Date:	Jun 02,2003
Priority:	medium
Advisory ID: 	YDU-20030602-5


1. 	Topic:

	Updated LPRng packages are available.


2. 	Problem:
	
	"LPRng is a print spooler. LPRng includes a program, psbanner, that can be
	used to produce Postscript banner pages to separate print jobs.

	A vulnerability has been found in psbanner, which creates a temporary file
	with a known filename in an insecure manner. An attacker could create a
	symbolic link and cause arbitrary files to be written as the 'lp' user.

	Users that have configured LPRng to use psbanner should install these
	updated packages, which contain a patch so that psbanner does not create
	the temporary file."
	
	(From Red Hat Advisory)

3. 	Solution:

    	a) Updating via apt...
    	We suggest that you use the apt-get program to keep your
    	system up-to-date. The following command(s) will retrieve
    	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install LPRng

    	b) Updating manually...
	Download the updates below and then run the following rpm command.
    	(Please use a mirror site)

		rpm -Fvh [filenames]
		Yellow Dog Linux 3.0
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/LPRng-3.8.19-3.1.ppc.rpm

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
ae0b1cd31023ce2b42654e2dbca10013  SRPMS/LPRng-3.8.19-3.1.src.rpm
97991a6beef564b6720b5d63d7b70a3d  ppc/LPRng-3.8.19-3.1.ppc.rpm

If you wish to verify that each package has not been corrupted or 
tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, 
bugfix, and package
enhancement announcements will be posted. See 
http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml