linux, säkerhet

5556465 2000-10-06  02:10  /58 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <13126>
Ärende: Conectiva Linux Security Announcement - lpr
------------------------------------------------------------
From: secure@CONECTIVA.COM.BR
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <200010052102.SAA17491@distro.conectiva.com.br>

-----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
-----------------------------------------------------------------------

PACKAGE   : lpr
SUMMARY   : Possible local root exploit
DATE      : 2000-10-05 18:01:00
RELEVANT
RELEASES  : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1

----------------------------------------------------------------------

DESCRIPTION
 There is a format bug in lpd in a syslog() call that could be used to
 obtain root access. The exploit would have to successfully inject
 format strings in a hostname to cause damage.


SOLUTION
 All users should upgrade to the updated packages.

 We would like to thank Chris Evans for spotting this problem
 elsewhere and bringing it up to the attention of the linux vendors.


DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/i386/lpr-0.50-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/lpr-0.50-6cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/lpr-0.50-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/lpr-0.50-6cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/lpr-0.50-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/lpr-0.50-6cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/lpr-0.50-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/lpr-0.50-6cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/lpr-0.50-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/lpr-0.50-6cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/lpr-0.50-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/lpr-0.50-6cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/lpr-0.50-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/lpr-0.50-6cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/lpr-0.50-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/lpr-0.50-6cl.src.rpm


----------------------------------------------------------------------

All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato

----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br
(5556465) ------------------------------------------(Ombruten)