On Fri, Dec 07, 2001 at 01:20:43PM +0200, Juha Jäykkä wrote:
> Most false positives are easily dismissed by knowing your setup which
> nessus does not. There are a couple of concering cases, though: This
> case of lprng: nessus only says it detects an lprng daemon, but NOT
> that it
On Fri, Dec 07, 2001 at 01:20:43PM +0200, Juha Jäykkä wrote:
> Most false positives are easily dismissed by knowing your setup which
> nessus does not. There are a couple of concering cases, though: This
> case of lprng: nessus only says it detects an lprng daemon, but NOT
> that it
Nessus claims all versions of lprng prior to 3.6.24 has some unnamed
flaw which allows exploiting the daemon's priviledges.
As a debian lprng runs as daemon, it is not as dangerous as nessus
claims (root compromise), at least directly. How ever, I cannot find
any references t
Nessus claims all versions of lprng prior to 3.6.24 has some unnamed
flaw which allows exploiting the daemon's priviledges.
As a debian lprng runs as daemon, it is not as dangerous as nessus
claims (root compromise), at least directly. How ever, I cannot find
any references t
On Sun, 25 Nov 2001, Craig Small wrote:
> with me. 3.8.0 had some good but not essential fixes in it (for most
> people anyway). I just don't know how to do it.
Well, if you want to keep the version numbering, epochs are the only sane
way :(
--
"One disk to rule them all, One disk to find th
On Sun, 25 Nov 2001, Craig Small wrote:
> with me. 3.8.0 had some good but not essential fixes in it (for most
> people anyway). I just don't know how to do it.
Well, if you want to keep the version numbering, epochs are the only sane
way :(
--
"One disk to rule them all, One disk to find t
OK we've had upstream report that noone should use lprng 3.8.0 because
it has a security bug in it but there is no more information. This
message went out 16 November and still no more details (except it is
setuid related) and no fix in sight yet. He said that a new release
will be ASAP.
OK we've had upstream report that noone should use lprng 3.8.0 because
it has a security bug in it but there is no more information. This
message went out 16 November and still no more details (except it is
setuid related) and no fix in sight yet. He said that a new release
will be ASAP.
as I can tell, that would produce the kind of output I
have.
"Kelley, Tim (CBS-New Orleans)" <[EMAIL PROTECTED]> wrote:
|> looks like a buffer overflow attempt to me ... look at your
|> security
I'm sure it is. There is a buffer-overflow advisory against
lprng. Local and
as I can tell, that would produce the kind of output I
have.
"Kelley, Tim (CBS-New Orleans)" <[EMAIL PROTECTED]> wrote:
|> looks like a buffer overflow attempt to me ... look at your
|> security
I'm sure it is. There is a buffer-overflow advisory against
lprng. Lo
Wolftales wrote:
> Am I running a version that has the fix for the syslog() exploit?
Learn how to read a changelog, it will save you a lot of time and worry,
from /usr/share/doc/lprng/changelog.Debian.gz:
lprng (3.6.12-8) stable; urgency=high
* Apparently the upstream lprng 3.6.15 which
Wolftales wrote:
> Am I running a version that has the fix for the syslog() exploit?
Learn how to read a changelog, it will save you a lot of time and worry,
from /usr/share/doc/lprng/changelog.Debian.gz:
lprng (3.6.12-8) stable; urgency=high
* Apparently the upstream lprng 3.6.15 which
Hello,
I currently have lprng 3.6.12-8 installed on my system. The version
installed is the one apt-get and dselect import via the source.list.
According to a message sent to this list,
debian-security@lists.debian.org, by the package maintainer I was left
with the impression Debian 2.2r2 is ok
Hello,
I currently have lprng 3.6.12-8 installed on my system. The version
installed is the one apt-get and dselect import via the source.list.
According to a message sent to this list,
[EMAIL PROTECTED], by the package maintainer I was left
with the impression Debian 2.2r2 is ok. However, the
I am the maintainer of the LPRng package for the Debian GNU/Linux
distribution. I have noticed in your advisory that Debian does not have
an entry in the Vendor Inofrmation appendix and would like to correct
that. I apologise for the very late notice.
In our stable distribution, LPRng versions
I am the maintainer of the LPRng package for the Debian GNU/Linux
distribution. I have noticed in your advisory that Debian does not have
an entry in the Vendor Inofrmation appendix and would like to correct
that. I apologise for the very late notice.
In our stable distribution, LPRng versions
ould indeed be placed
in security.debian.org
> > > I know there's a debian package of lprng, but I don't know if the patch
> > > you're talking about is applied to this package, I guess you should check
> > > the changelog to find out.
>
> At the mome
ould indeed be placed
in security.debian.org
> > > I know there's a debian package of lprng, but I don't know if the patch
> > > you're talking about is applied to this package, I guess you should check
> > > the changelog to find out.
>
> At the mome
> Hey,
> What u mean debian-specific patch?
I only want to mean a patch including the patch.diff file, or an
official debian package (.deb file)
> > I know there's a debian package of lprng, but I don't know if the patch
> > you're talking about is applied to
> Hey,
> What u mean debian-specific patch?
I only want to mean a patch including the patch.diff file, or an
official debian package (.deb file)
> > I know there's a debian package of lprng, but I don't know if the patch
> > you're talking about is app
Hey,
What u mean debian-specific patch?
On Wednesday 10 January 2001 07:44, Ron Rademaker wrote:
> I know there's a debian package of lprng, but I don't know if the patch
> you're talking about is applied to this package, I guess you should check
> the changelog to fin
Hey,
What u mean debian-specific patch?
On Wednesday 10 January 2001 07:44, Ron Rademaker wrote:
> I know there's a debian package of lprng, but I don't know if the patch
> you're talking about is applied to this package, I guess you should check
> the changelog to fin
I know there's a debian package of lprng, but I don't know if the patch
you're talking about is applied to this package, I guess you should check
the changelog to find out.
Ron Rademaker
On Wed, 10 Jan 2001, V. Achiaga wrote:
>
>
> Does anyone know where can I find a d
Does anyone know where can I find a debian-specific patch for the
lprng package?
Thanks in advance.
Why? Just read the following...
> Subject: CERT Advisory CA-2000-22
>
>
> -BEGIN PGP SIGNED MESSAGE-
>
> CERT Advisory CA-2000-22 Input Validation Problems in LPRn
I know there's a debian package of lprng, but I don't know if the patch
you're talking about is applied to this package, I guess you should check
the changelog to find out.
Ron Rademaker
On Wed, 10 Jan 2001, V. Achiaga wrote:
>
>
> Does anyone know where can I find
Does anyone know where can I find a debian-specific patch for the
lprng package?
Thanks in advance.
Why? Just read the following...
> Subject: CERT Advisory CA-2000-22
>
>
> -BEGIN PGP SIGNED MESSAGE-
>
> CERT Advisory CA-2000-22 Input Validation Problems in LPRn
slow on telling people we are.
- Craig
Debian LPRng maintainer
- Forwarded message from Matt Power <[EMAIL PROTECTED]> -
Delivered-To: [EMAIL PROTECTED]
Date: Wed, 22 Nov 2000 16:51:30 -0500
From: Matt Power <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], lprng@lprng.com
S
slow on telling people we are.
- Craig
Debian LPRng maintainer
- Forwarded message from Matt Power <[EMAIL PROTECTED]> -
Delivered-To: [EMAIL PROTECTED]
Date: Wed, 22 Nov 2000 16:51:30 -0500
From: Matt Power <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
S
28 matches
Mail list logo
