[LWN Logo]
[Timeline]
Date:         Thu, 5 Oct 2000 01:55:26 +0200
From: Roman Drahtmueller <draht@SUSE.DE>
Subject:      SuSE: lprNG
To: BUGTRAQ@SECURITYFOCUS.COM

-----BEGIN PGP SIGNED MESSAGE-----

Hello,

The lprng packages as shipped with SuSE distributions are not susceptible
to the attacks targeting the format string parsing errors found by Chris
Evans <chris@scary.beasts.org>.

SuSE Linux comes with an lprng package version 3.6.12 in SuSE-6.3,
3.6.13 in 6.4 and back to 3.6.12 in 7.0.

The version of lprng that we ship is a bit older than the bleeding edge,
but it has proven to be reliable and stable which is just as important.
We did not (silently) fix Chris' format string problem - the bug just
happens to not expose a security threat in our version.

The readers of our public security-related mailinglist suse-security (see
http://www.suse.de/en/support/mailinglists/ ) have been notified one week
ago.

Thank you,
Roman Drahtmüller,
SuSE Security.
- --
 -                                                                      -
| Roman Drahtmüller      <draht@suse.de> //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBOdvDOHey5gA9JdPZAQHvkQf+MpJkoemvU3hw584hqiKQZ8uftdIqV3YQ
ywSq20oStlI8sr9Tc74x3lsE03lg0OAahgtxYoECSbcD9ahEr/L4haUB/dN/d4kB
t1j8WH5hRWqtF23EUXhsa6WOFUnEnHGaeGz5JSM+GW0bfeU6XLbvjUC/is7Pm+Tz
RrniwSwF3LlVyehLes+js0iKYE7QUjVDv85dQ/vaMGkHiRvog49m9KxMIIY8Pj1l
Hi+C3NNkFfGNDkAYYRljC4MFs88K+nhefCpzmz14cIMA71n9brlH6D7khG7FsJCv
gEE+h4/BAK7WEosqrW1i4r+uznmJWHBS6kYPuvwWFCR8XPIyw1krFQ==
=sLY3
-----END PGP SIGNATURE-----