SECURITY: (linux-alert) LSF Update#14: Vulnerability of the lpr program.
Date: Sat, 26 Nov 1996 Linux Security FAQ Update — lpr Vulnerability
A vulnerability exists in the lpr program version 0.06. If installed suid to root, the lpr program allows local users to gain access to a super-user account.
Local users can gain root privileges. The exploits that exercise this vulnerability were made available.
lpr utility from the lpr 0.06 suffers from the buffer overrun problem. Installing lpr as a suid-to-root is needed to allow print spooling.
This LSF Update is based on the information originally posted to linux-security mailing list.
For additional information and distribution corrections:
Linux Security WWW: http://bach.cis.temple.edu/linux/linux-security linux-security & linux-alert mailing list archives: ftp://linux.nrao.edu/pub/linux/security/list-archive
LINUXEXPO ’97 TECHNICAL CONFERENCE
Durham, N.C. December 31,1996– It was announced today that the third annual LinuxExpo Technical Conference will be held at the N.C. Biotechnology Center in Research Triangle Park, NC on April 4-5, 1997. The conference will consist of fourteen elite developers who will give technical talks on various topics all related to the development of Linux. This year the event is expected to draw 1,000 attendees who will be coming not only for the conference, but to visit the estimated 30 Linux companies and organizations that will be selling their own Linux products and giving demonstrations. The event will also include a Linux User’s Group meeting, an install fair, and a job fair for all of the computer programming hopefuls. LinuxExpo ’97 will be complete with refreshments and entertainment from the Class Action Jugglers.
For addtional information: Anna Selvia, email@example.com
LinuxExpo ’97 Technical Conference, www.linuxexpo.org 3201 Yorktown Ave. Suite 113
Durham, NC 27713
WWW: Linux Archive Search Site
Date: Thu, 21 Nov 1996
Tired of searching sunsite or tsx-11 for some program you heard about on irc? Well, the Linux Archive Search (LAS) is here. It is a search engine that searches an updated database of the files contained on sunsite.unc.edu, tsx-11.mit.edu, ftp.funet.fi, and ftp.redhat.com. You can now quickly find out where the files are hiding! The LAS is living at http://torgo.ml.org/las (It may take a second to respond, its on a slow link). So give it a whirl, who knows, you may use it a lot!
For additional information:
Jeff Trout, firstname.lastname@example.org The Internet Access Company, Inc.
Netherlands – Linux Book On-line
Date: Thu, 05 Dec 1996
The very first book to appear in Holland on the Linux operating system has gone on-line and can be found at:
And of course from every (paper) copy sold, one dollar is sent to the Free Software Foundation. For additional information: Hans Paijmans, KUB-University, Tilburg, the Netherlands
email@example.com , http://purl.oclc.org/NET/PAAI/
New O’Reilly Linux WWW Site
Date: 26 Nov 1996
Check out the new O’Reilly & Associates, Inc. Linux web site at http://www.ora.com/info/linux/
- Free excerpt from Linux Multimedia Guide
- Interview with Olaf Kirch
- Recommended links to the best Linux web sites.
- Links to our Unix & Linux book pages
For additional information:
O’Reilly & Associates, Inc., firstname.lastname@example.org
The « Unix III – Linux » show will air on the Jones Computer Network (JCN) and the Mind Extension University Channel (MEU) the week of January 20, 1997.
The scheduled times are:
- Mon. 11:30 PM – 12:00 AM
- Wed. 9:30 PM – 10:00 PM
- Thu. 11:30 PM – 12:00 AM
- Fri. 9:30 PM – 10:00 PM
- Sun. 9:30 PM – 10:00 PM
This show will also air on the NBC Superchannel (CNBC) January 25, 1997.
It is best to call your local cable operator to find the appropriate channel.
Tom Schauer, Production Assoc. PCTV