COMMAND

    lpr/lpd

SYSTEMS AFFECTED

    RedHat 4.x, 5.x, 6.x

PROBLEM

    Following  is  based  on  Red  Hat  Security  Advisory.  There are
    potential problems with  file access checking  in the lpr  and lpd
    programs.  These could allow users to potentially print files they
    do not have access to. Also, there are bugs in remote printing  in
    the lpd that shipped with Red Hat Linux 6.1.

    Tymm Twillman found  this originally.   There are two  problems in
    the lpr and lpd programs.  By exploiting a race between the access
    check and the actual file  opening, it is potentially possible  to
    have lpr read a  file as root that  the user does not  have access
    to.  Also, the lpd program would blindly open queue files as root;
    by use of the '-s' flag to lpr, it was possible to have lpd  print
    files that the user could not access.

SOLUTION

    RPMs required:

      Red Hat Linux 4.x:
        ftp://ftp.redhat.com/pub/redhat/updates/4.2/i386/lpr-0.43-0.4.2.i386.rpm
        ftp://ftp.redhat.com/pub/redhat/updates/4.2/alpha/lpr-0.43-0.4.2.alpha.rpm
        ftp://ftp.redhat.com/pub/redhat/updates/4.2/sparc/lpr-0.43-0.4.2.sparc.rpm
        ftp://ftp.redhat.com/pub/redhat/updates/4.2/SRPMS/lpr-0.43-0.4.2.src.rpm

      Red Hat Linux 5.x:
        ftp://ftp.redhat.com/pub/redhat/updates/5.2/i386/lpr-0.43-0.5.2.i386.rpm
        ftp://ftp.redhat.com/pub/redhat/updates/5.2/alpha/lpr-0.43-0.5.2.alpha.rpm
        ftp://ftp.redhat.com/pub/redhat/updates/5.2/sparc/lpr-0.43-0.5.2.sparc.rpm
        ftp://ftp.redhat.com/pub/redhat/updates/5.2/SRPMS/lpr-0.43-0.5.2.src.rpm

      Red Hat Linux 6.x:
        ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/lpr-0.43-2.i386.rpm
        ftp://ftp.redhat.com/pub/redhat/updates/6.0/alpha/lpr-0.43-2.alpha.rpm
        ftp://ftp.redhat.com/pub/redhat/updates/6.0/sparc/lpr-0.43-2.sparc.rpm
        ftp://ftp.redhat.com/pub/redhat/updates/6.1/SRPMS/lpr-0.43-2.src.rpm

    Also, various  bugs in  remote printing  that were  present in the
    lpd released with Red Hat Linux 6.1 have been fixed.

    Debian GNU/Linux 2.1 alias slink

        http://security.debian.org/dists/stable/updates/source/lpr_0.46-1-0slink1.diff.gz
        http://security.debian.org/dists/stable/updates/source/lpr_0.46-1-0slink1.dsc
        http://security.debian.org/dists/stable/updates/source/lpr_0.46-1.orig.tar.gz

        http://security.debian.org/dists/stable/updates/binary-alpha/lpr_0.46-1-0slink1_alpha.deb

        http://security.debian.org/dists/stable/updates/binary-i386/lpr_0.46-1-0slink1_i386.deb

        http://security.debian.org/dists/stable/updates/binary-m68k/lpr_0.46-1-0slink1_m68k.deb

        http://security.debian.org/dists/stable/updates/binary-sparc/lpr_0.46-1-0slink1_sparc.deb