Updated LPRng packages fix psbanner vulnerability

Updated LPRng packages for Red Hat Linux on IBM iSeries and pSeries systems
resolve a temporary file vulnerability and an insecure default.

LPRng is a print spooler.

LPRng includes a program, psbanner, that can be used to produce Postscript
banner pages to separate print jobs. A vulnerability has been found in
psbanner, which creates a temporary file with a known filename in an
insecure manner. An attacker could create a symbolic link and cause
arbitrary files to be written as the 'lp' user. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0136
to this issue.

Note: psbanner is not used by the default Red Hat Linux LPRng configuration.

With its default configuration, LPRng accepts job submissions from any
host, which is not appropriate in a workstation environment. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2002-0378 to this issue.

The updated packages from this advisory change the job submission
policy (in /etc/lpd.perms) so that jobs from remote hosts are refused
by default and contain a patch so that psbanner does not create
the temporary file.

Those sites running print servers may want to adjust this policy as
appropriate; for example, to give access to certain hosts or subnets.
Refer to the lpd.perms(5) man page for details.

Note: Default installations of Red Hat Linux 7.1 include ipchains rules
blocking remote access to the print spooler IP port; as a result default
installations already reject remote job submissions.

IMPORTANT: There are special instructions for installing this update at
the end of the "Solution" section.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

After upgrading, you should check that the new configuration file is
activated. To do this, type the following command:

grep "X NOT SERVER" /etc/lpd.perms

If this command returns no output, you must put the new configuration file
in place by typing:

mv /etc/lpd.perms.rpmnew /etc/lpd.perms

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0136
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=188366