Patch-ID# 107116-16 Keywords: security printd control core lpstat queue buffer lpsched Synopsis: SunOS 5.7_x86: LP Patch Date: Aug/11/2004 Install Requirements: See Special Install Instructions Solaris Release: 7_x86 SunOS Release: 5.7_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 107115 Topic: SunOS 5.7_x86: LP Patch Relevant Architectures: i386 BugId's fixed with this patch: 4033371 4057917 4085677 4093648 4095132 4129917 4131103 4153128 4156106 4165358 4167195 4167443 4179341 4184007 4186811 4187773 4188167 4189161 4200078 4207894 4213872 4215944 4217305 4218904 4220608 4235953 4236024 4236546 4239765 4240238 4251153 4260829 4263321 4263391 4264235 4265529 4273437 4281487 4302705 4303242 4309558 4310991 4314312 4319723 4324679 4325537 4334568 4337699 4343460 4367433 4374037 4381196 4383387 4386671 4390810 4411642 4422628 4434247 4446925 4488655 4499302 4501950 4504977 4512799 4529640 4640166 4697460 4704812 4704824 4705899 4705911 4705947 4705948 4714952 4761753 4761791 4809690 4930119 Changes incorporated in this version: 4761791 4930119 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/cancel /usr/bin/lp /usr/bin/lpset /usr/bin/lpstat /usr/lib/libprint.so.2 /usr/lib/lp/bin/netpr /usr/lib/lp/local/lp /usr/lib/lp/local/lpadmin /usr/lib/lp/local/lpmove /usr/lib/lp/local/lpstat /usr/lib/lp/lpsched /usr/lib/lp/model/netstandard /usr/lib/lp/postscript/postprint /usr/lib/lp/postscript/postprint.ps /usr/lib/lp/postscript/postreverse /usr/lib/print/bsd-adaptor/bsd_cascade.so.1 /usr/lib/print/bsd-adaptor/bsd_lpsched.so.1 /usr/lib/print/conv_fix /usr/lib/print/in.lpd /usr/sbin/lpadmin /usr/sbin/lpmove /usr/ucb/lpc Problem Description: 4761791 default timeout in netpr should be initialized 4930119 Network printer timeout does not reset on fault clearance (from 107116-15) 4809690 submitted print jobs don't seem to disappear after printing (from 107116-14) 4697460 hanging printd should not block all printjobs to remote 4705948 conv_fix: unsafe use of fopen() 4705947 conv_fix: should use strlcat (from 107116-13) 4704812 lpstat: cftime() is deprecated in favor of strftime() 4704824 lpstat: potential buffer overrun 4705899 libprint:nss_write.c uses fopen() to create temp file 4705911 lib/print/job.c: makes unsafe use of access() 4714952 bsd-gw gives "dfAnnnhostname file exists" from a previous job 4761753 filedescriptor "fd" is not closed in job_retrieve() (from 107116-12) 4236546 lpq dumps core with stack corruption (from 107116-11) 4529640 Euro symbol not printing on postscript printers 4640166 lp:when hold a request during slow-filtering, a request could be canceled (from 107116-10) 4422628 lpstat shows old output (host!user) for remote queues 4488655 lp translates backquote in filename to underscore 4499302 lpstat -p doesn't report the printer status correctly. 4501950 Solaris lpd Remote Command Execution Vulnerability 4504977 netpr uses 100% CPU if network printer disappears during printing 4512799 lp dumps core if more than 61 files are specified (from 107116-09) This patch revision was generated to address a patch packaging issue. (from 107116-08) 4309558 lp, lpstat and cancel: Inconsistent request-ID of moved jobs 4343460 problem handling interface script exit codes 1 to 127 4367433 netpr stuck in endless loop when network printer is rebooted 4374037 Corrupted xfa files in /var/spool/print. 4381196 *postreverse* SEGV if file size is a multiple of the system pagesize 4383387 LP subsystem is vulnerable to printing any file readable by LP. 4386671 lpstat handles aliases differently in Solaris 7 and Solaris 8. 4390810 lpsched has trouble to handle BS2000 print jobs 4434247 lpmove cannot move jobs with job-id of 0 (zero) 4446925 *in.lpd* contains a remote exploitable overflow (from 107116-07) 4411642 Regression in Bugfix 4303242 (from 107116-06) 4153128 lpsched(1M) sends mail to antiquated "system!user" Note: Following installation of this patch, notification emails sent by the lpsched daemon will be only to users of the form user@hostname and not hostname!user as previously. 4187773 lpmove corrupts request id 4303242 lpmove doesn't allow special character "-" in source 4319723 lpstat -a ignores aliases and secondary queue entries 4324679 lpstat formats output incorrectly when receiving data from Novell client 4325537 cust using sap and loosing print jobs.. 4337699 cancel kills pid 99 (from 107116-05) 4334568 security: dangerous dlopen in libprint (from 107116-04) 4188167 in.lpd core dumps every time when receiving job from a Stratus client 4235953 printd fails to start manually for jobs submitted with "lp -c" 4236024 After installing patch 106235-03, "lp -H" option is ignored 4239765 in.lpd segfaults performing strcmp() in job_list_append() 4251153 netpr kills a queued print job when the tcp socket is closed prematurely 4260829 Solaris printing does not support lpr -C for local printing 4263321 OW hang when running printd 4263391 printjobs disappear when network printer is powered off 4264235 "lp -c" did not warn users when /var is full 4265529 lpstat order changes when print job is modified. 4273437 netpr core dumps and printing fails when job id grows past 9999 4281487 lpsched dies without error message 4302705 lp dumps core on client-side request-id collision 4310991 netpr: buffer overflow in netpr_send_message() 4314312 libprint has buffer overflows and other security problems in Solaris 2.6 and 7 (from 107116-03) 4220608 lpsched dies on Solaris 7 4218904 lpstat -t shows duplicate queue information for remote queues 4217305 lost print jobs are not reliably requeued. 4215944 "O" field in print control file truncates at 65 characters 4213872 /usr/ucb/lpr no longer copies datafile with 106235-02 4207894 lp -t generates an additional space title parameter 4200078 cannot print files unless they are readable by lp after 106235-02 install 4189161 in.lpd in cascade server is messing up control files 4186811 Printing of forms to a class does not work 4184007 super user executes lpstat with -t under at two seconds interval causes core 4167195 in.lpd in solaris 2.6 coredumps, if print request comes from sdlp s/w ver 1.17 4131103 S2.6 doesn't allow use of special characters ':', '=', and ' ' in printer names 4240238 lpset can't add values with = in them 4093648 Users should be able to su to lp then run specific lp commands. 4057917 netpr: sends illegal BSD control file to BSD remote printer 4033371 lp: jobs submitted to a class are STATICALLY queued to printers (from 107116-02) 4167443 Unable to configure SUN to HP or Unisys printing 4165358 in.lpd cascading uses wrong queuename 4156106 cancelling a job while printer is paper out or offline hangs xtp pad printer. 4129917 *lpstat* buffer overflow 4095132 lpstat -t is very slow 4085677 'lpstat -o' displays jobs of other queues (from 107116-01) 4179341 printd fails if 'N' entry is missing in control file Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- After Patch installation, the lpsched daemon should be stopped and restarted. As root: /etc/init.d/lp stop /etc/init.d/lp start NOTE 1: BugID 4153128 (lpsched(1M) sends mail to antiquated "system!user") Following installation of this patch, notification emails sent by the lpsched daemon will be only to users of the form user@hostname and not hostname!user as previously. NOTE 2: Please also install 108325-01 (or its newer revision) if you use printer names and descriptions with special characters. README -- Last modified date: Wednesday, August 11, 2004