5550917 2000-10-05 08:21 /48 rader/ Brevbäraren (som är implementerad i) Python Mottagare: Bugtraq (import) <13115> Ärende: SuSE: lprNG ------------------------------------------------------------ From: Roman Drahtmueller <draht@SUSE.DE> To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <Pine.LNX.4.21.0010050058210.4052-100000@dent.suse.de> -----BEGIN PGP SIGNED MESSAGE----- Hello, The lprng packages as shipped with SuSE distributions are not susceptible to the attacks targeting the format string parsing errors found by Chris Evans <chris@scary.beasts.org>. SuSE Linux comes with an lprng package version 3.6.12 in SuSE-6.3, 3.6.13 in 6.4 and back to 3.6.12 in 7.0. The version of lprng that we ship is a bit older than the bleeding edge, but it has proven to be reliable and stable which is just as important. We did not (silently) fix Chris' format string problem - the bug just happens to not expose a security threat in our version. The readers of our public security-related mailinglist suse-security (see http://www.suse.de/en/support/mailinglists/ ) have been notified one week ago. Thank you, Roman Drahtmüller, SuSE Security. - -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOdvDOHey5gA9JdPZAQHvkQf+MpJkoemvU3hw584hqiKQZ8uftdIqV3YQ ywSq20oStlI8sr9Tc74x3lsE03lg0OAahgtxYoECSbcD9ahEr/L4haUB/dN/d4kB t1j8WH5hRWqtF23EUXhsa6WOFUnEnHGaeGz5JSM+GW0bfeU6XLbvjUC/is7Pm+Tz RrniwSwF3LlVyehLes+js0iKYE7QUjVDv85dQ/vaMGkHiRvog49m9KxMIIY8Pj1l Hi+C3NNkFfGNDkAYYRljC4MFs88K+nhefCpzmz14cIMA71n9brlH6D7khG7FsJCv gEE+h4/BAK7WEosqrW1i4r+uznmJWHBS6kYPuvwWFCR8XPIyw1krFQ== =sLY3 -----END PGP SIGNATURE----- (5550917) ------------------------------------------(Ombruten)