Wolftales wrote:
> Am I running a version that has the fix for the syslog() exploit?
Learn how to read a changelog, it will save you a lot of time and worry,
from /usr/share/doc/lprng/changelog.Debian.gz:
lprng (3.6.12-8) stable; urgency=high
* Apparently the upstream lprng 3.6.15 which the setuid test code was
* taken
from was buggy itself giving lots of false positives!!
This code is from 3.6.24 which does work. Closes: #74942, #74946
-- Craig Small <> Tue, 17 Oct 2000 16:35:43 -0500
lprng (3.6.12-7) stable; urgency=high
* SECURITY FIXES!!
* syslog() overflow bug fixed
* getttext NLSPATH security bug fixed.
* spool_file_perms security bug fixed.
* Added setuid Linux bug work-around.
-- Craig Small <> Sun, 15 Oct 2000 15:42:02 -0500
--
Jamie Heilman http://audible.transient.net/~jamie/
"We must be born with an intuition of mortality. Before we know the words
for it, before we know there are words, out we come bloodied and squalling
with the knowledge that for all the compasses in the world, there's only
one direction, and time is its only measure." -Rosencrantz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
