The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-security] LSF Update#14: Vulnerability of the lpr program.

To: Sven Rudolph <sr1@os.inf.tu-dresden.de>
Subject: Re: [linux-security] LSF Update#14: Vulnerability of the lpr program.
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
Date: Sun, 24 Nov 1996 17:55:30 -0500
Cc: security@debian.org
Delivered-to: security@debian.org
Importance: low
In-reply-to: Your message of "24 Nov 1996 23:11:15 +0100." <87iv6vm9do.fsf@os.inf.tu-dresden.de>
Priority: non-urgent
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"2aA9H1.0.344.DBDco"@master.debian.org>
Resent-reply-to: debian-private@lists.debian.org
Resent-sender: debian-private-request@lists.debian.org

Your message dated: 24 Nov 1996 23:11:15 +0100
> "Alexander O. Yuriev" <alex@bach.cis.temple.edu> writes:
> 
> > $Id: lpr-vulnerability-0.6-linux,v 1.1 1996/11/22 21:42:46 alex Exp $
> > 
> >                           Linux Security FAQ Update
> >                               lpr Vulnerability
> >                         Thu Nov 21 22:24:12 EST 1996
> >    Copyright (C) 1995,1996 Alexander O. Yuriev (alex@bach.cis.temple.edu)
> >                               CIS Laboratories
> >                              TEMPLE  UNIVERSITY
> >                                    U.S.A.
> 
> An updated update regarding Debian:
> 
> 
> Debian/GNU Linux 1.1 contains the vulnerable lpr utility. It is
> installed as part of the standard installation.
> 
> The corrected Debian packages of lpr are available from the following URLs:
> 
> Debian 1.1 i386 Architecture
> 
>  ftp://ftp.debian.org/debian/rex/binary-i386/net/lpr_5.9-13.deb
> 
> Debian-development (no official release) m68k Architecture
> Debian-development (no official release) sparc Architecture
> Debian-development (no official release) alpha Architecture
> 
>  There are no binary packages of lpr for these architectures
>  available yet. You have to compile them from the sources.
> 
> 
> The source package files for lpr are available from the following URLs:
> 
>  ftp://ftp.debian.org/debian/rex/source/net/lpr_5.9-13.tar.gz
>  ftp://ftp.debian.org/debian/rex/source/net/lpr_5.9-13.diff.gz
> 
> 
> In addition to lpr an alternative printing subsystem called LPRng is
> available for Debian. LPRng is a enhanced printer spooler system, with
> functionality similar to the Berkeley lpr software. Besides having
> more features it avoids typical security holes by not running as
> root. The vulnerability described above doesn't apply to LPRng.
> 
> The Debian packages of LPRng are available from the following URLs:
> 
> Debian 1.1 i386 Architecture
> 
>  ftp://ftp.debian.org/debian/bo/binary-i386/net/lprng_2.4.2-1.deb
> 
> Debian-development (no official release) m68k Architecture
> Debian-development (no official release) sparc Architecture
> Debian-development (no official release) alpha Architecture
> 
>  There are no binary packages of LPRng for these architectures
>  available yet. You have to compile them from the sources.
> 
> 
> The source package files for LPRng are available from the following URLs:
> 
>  ftp://ftp.debian.org/debian/bo/source/net/lprng_2.4.2-1.dsc
>  ftp://ftp.debian.org/debian/bo/source/net/lprng_2.4.2.orig.tar.gz
>  ftp://ftp.debian.org/debian/bo/source/net/lprng_2.4.2-1.diff.gz
> 
> 
> Please verify the MD5 fingerprint of the Debian packages prior to
> installing them.
> 
> 4288f4a14b58f439bd0930d2d4631301  lpr_5.9-13.deb
> ac2f7f38fb410267742c3612ff9d2565  lpr_5.9-13.diff.gz
> e02b657d2dee61e0efa48b8fb0246b1e  lpr_5.9-13.tar.gz
> f35277a64456eb035d14b177b4d2c605  lprng_2.4.2-1.deb
> b791d997d66b67bc1393ffd8281030bc  lprng_2.4.2-1.diff.gz
> c0b60491659d7e074afa58c6329117ad  lprng_2.4.2-1.dsc
> 14b21cd6947e03c517fa50f5ddbb7ef7  lprng_2.4.2.orig.tar.gz
> 

Hi,

	Thanks for the update. I hate to be so anal, but can I get this
message again _signed_? As soon as I verify signature I will send the
update.


Alex


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

References:
- Re: [linux-security] LSF Update#14: Vulnerability of the lpr program.
  - From: Sven Rudolph <sr1@os.inf.tu-dresden.de>

Prev by Date: Re: Invitation
Next by Date: Re: let's dump Qt
Previous by thread: Re: [linux-security] LSF Update#14: Vulnerability of the lpr program.
Next by thread: I'm locked out
Index(es):
- Date
- Thread