{"id": "DEBIAN:A6FF38FABE948EE0D7C338D1C00C3291:10C39", "bulletinFamily": "unix", "title": "[SECURITY] New version of lpr released", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory security@debian.org\nhttp://www.debian.org/security/ Wichert Akkerman\nJanuary 9, 2000\n- ------------------------------------------------------------------------\n\n\nPackage: lpr\nVulnerability type: remote exploit\nDebian-specific: no\n\nThe version of lpr that was distributed with Debian GNU/Linux 2.1\nand the updated version released in 2.1r4 have a two security\nproblems:\n\n* the client hostname wasn't verified properly, so if someone is able to\n control the DNS entry for their IP he could fool lpr into granting\n access.\n* it was possible to specify extra options to sendmail which could be\n used to specify another configuration file. This can be used to\n gain root access.\n\nBoth problems have been fixed in 0.48-0.slink1 . We recommend you upgrade\nyour lpr package immediately.\n\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nDebian GNU/Linux 2.1 alias slink\n- --------------------------------\n\n This version of Debian was released only for Intel ia32, the Motorola\n 680x0, the alpha and the Sun sparc architecture.\n\n Source archives:\n http://security.debian.org/dists/stable/updates/source/lpr_0.48-0.slink1.diff.gz\n MD5 checksum: aca07389fc8f536df0d01d6469058a83\n http://security.debian.org/dists/stable/updates/source/lpr_0.48-0.slink1.dsc\n MD5 checksum: 8854564310b6eb52cf00d06bfdf298d6\n http://security.debian.org/dists/stable/updates/source/lpr_0.48.orig.tar.gz\n MD5 checksum: 7b67555568e1c2d03aedbe66098a52a5\n\n Alpha architecture:\n http://security.debian.org/dists/stable/updates/binary-alpha/lpr_0.48-0.slink1_alpha.deb\n MD5 checksum: 891a7a518265c292e4d6183d27b1d284\n\n Intel ia32 architecture:\n http://security.debian.org/dists/stable/updates/binary-i386/lpr_0.48-0.slink1_i386.deb\n MD5 checksum: 386d1e35a9cab64cd960385a46dab6a1\n\n Motorola 680x0 architecture:\n http://security.debian.org/dists/stable/updates/binary-m68k/lpr_0.48-0.slink1_m68k.deb\n MD5 checksum: a6e05782ce4394cff1c48c7ddc50835f\n\n Sun Sparc architecture:\n http://security.debian.org/dists/stable/updates/binary-sparc/lpr_0.48-0.slink1_sparc.deb\n MD5 checksum: f14d908138bfee39cf7cd665df44e35d\n\n These files will be moved into\n ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.\n\n\nFor not yet released architectures please refer to the appropriate\ndirectory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .\n\n- -- \n- ----------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable updates\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates\nMailing list: debian-security-announce@lists.debian.org\n\n", "published": "2000-01-09T00:00:00", "modified": "2000-01-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2000/msg00001.html", "reporter": "Debian", "references": [], "cvelist": [], "type": "debian", "lastseen": "2018-10-16T22:13:53", "edition": 1, "viewCount": 0, "enchantments": {"score": {"value": 1.7, "vector": "NONE", "modified": "2018-10-16T22:13:53", "rev": 2}, "dependencies": {"references": [], "modified": "2018-10-16T22:13:53", "rev": 2}, "vulnersScore": 1.7}, "affectedPackage": []}

{}