Patch-ID# 109321-12 Keywords: security in.lpd core printd jobs setuid initgroups lpr ioctl lpstat Synopsis: SunOS 5.8_x86: LP Patch Date: Aug/23/2004 Install Requirements: See Special Install Instructions Solaris Release: 8_x86 SunOS Release: 5.8_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 109320 Topic: SunOS 5.8_x86: LP Patch Relevant Architectures: i386 BugId's fixed with this patch: 4187773 4188167 4235953 4260829 4263321 4265529 4281487 4302705 4303242 4307689 4309558 4310991 4319723 4324679 4325537 4337699 4342893 4343460 4351942 4367433 4374037 4381196 4383387 4386671 4390810 4411642 4422628 4434247 4446925 4488655 4499302 4501950 4504977 4512799 4529640 4640166 4648825 4697460 4704812 4704824 4705899 4705911 4705947 4705948 4714952 4761753 4761791 4809690 4902916 4930119 4986866 Changes incorporated in this version: 4761791 4930119 4986866 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/security/exec_attr /usr/bin/lp /usr/bin/lpstat /usr/lib/libprint.so.2 /usr/lib/lp/bin/netpr /usr/lib/lp/local/lpadmin /usr/lib/lp/local/lpmove /usr/lib/lp/local/lpstat /usr/lib/lp/lpsched /usr/lib/lp/model/netstandard /usr/lib/lp/postscript/postprint /usr/lib/lp/postscript/postprint.ps /usr/lib/lp/postscript/postreverse /usr/lib/print/bsd-adaptor/bsd_cascade.so.1 /usr/lib/print/bsd-adaptor/bsd_lpsched.so.1 /usr/lib/print/conv_fix /usr/lib/print/in.lpd /usr/sadm/admin/printmgr/lib/libpmgr.so.1 /usr/sbin/lpadmin /usr/sbin/lpmove /usr/ucb/lpc Problem Description: 4761791 default timeout in netpr should be initialized 4930119 Network printer timeout does not reset on fault clearance 4986866 lpmove incorrectly reports usage error for remote print jobs (from 109321-11) 4307689 printd slowly consumes all of swap 4809690 submitted print jobs don't seem to disappear after printing (from 109321-10) BAD PATCH - This revision was bad patched due to missing binary deliverables. (from 109321-09) 4697460 hanging printd should not block all printjobs to remote 4705948 conv_fix: unsafe use of fopen() 4705947 conv_fix: should use strlcat (from 109321-08) 4902916 cancel cmd does not work well with RBAC Printer Management (from 109321-07) 4648825 Printer Management profile in exec_attr file is ineffective 4704812 lpstat: cftime() is deprecated in favor of strftime() 4704824 lpstat: potential buffer overrun 4705899 libprint:nss_write.c uses fopen() to create temp file 4705911 lib/print/job.c: makes unsafe use of access() 4714952 bsd-gw gives "dfAnnnhostname file exists" from a previous job 4761753 filedescriptor "fd" is not closed in job_retrieve() (from 109321-06) 4529640 Euro symbol not printing on postscript printers 4640166 lp:when hold a request during slow-filtering, a request could be canceled (from 109321-05) 4422628 lpstat shows old ouput (host!user) for remote queues 4488655 lp translates backquote in filename to underscore 4499302 lpstat -p doesn't report the printer status correctly. 4501950 Solaris lpd Remote Command Execution Vulnerability 4504977 netpr uses 100% CPU if network printer disappears during printing 4512799 lp dumps core if more than 61 files are specified (from 109321-04) 4309558 lp, lpstat and cancel: Inconsistent request-ID of moved jobs 4342893 lpsched exits with Memory allocation failed error message 4343460 problem handling interface script exit codes 1 to 127 4351942 lpstat consumes ~100% CPU in standalone mode 4367433 netpr stuck in endless loop when network printer is rebooted 4374037 Corrupted xfa files in /var/spool/print. 4381196 *postreverse* SEGV if file size is a multiple of the system pagesize 4383387 LP subsystem is vulnerable to printing any file readable by LP. 4386671 lpstat handles aliases differently in Solaris 7 and Solaris 8. 4390810 lpsched has trouble to handle BS2000 print jobs 4434247 lpmove cannot move jobs with job-id of 0 (zero) 4446925 *in.lpd* contains a remote exploitable overflow (from 109321-03) 4411642 Regression in Bugfix 4303242 (from 109321-02) 4187773 lpmove corrupts request id 4303242 lpmove doesn't allow special character "-" in source 4319723 lpstat -a ignores aliases and secondary queue entries 4324679 lpstat formats output incorrectly when receiving data from Novell client 4325537 customer using sap and loosing print jobs.. 4337699 cancel kills pid 99 (from 109321-01) 4188167 in.lpd core dumps every time when receiving job from a Stratus client 4235953 printd fails to start manually for jobs submitted with "lp -c" 4260829 Solaris printing does not support lpr -C for local printing 4263321 OW hang when running printd 4265529 lpstat order changes when print job is modified. 4281487 lpsched dies without error message 4302705 lp dumps core on client-side request-id collision 4310991 netpr: buffer overflow in netpr_send_message() Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- After Patch installation, the lpsched daemon should be stopped and restarted. As root: /etc/init.d/lp stop /etc/init.d/lp start NOTE: BugID 4153128 (lpsched(1M) sends mail to antiquated "system!user") Following installation of this patch, notification emails sent by the lpsched daemon will be only to users of the form user@hostname and not hostname!user as previously. README -- Last modified date: Monday, August 23, 2004