Re: [suse-security] SuSE Security Announcement - lprold-update
John Pinder <jpinder@gte.net> wrote:
I just downloaded the lprold.rpm package for SuSE 6.1, and just used:
gpg --print-md MD5 lprold-3.0.48-4.i386.rpm
I got the following checksum:
lprold-3.0.48-4.i386.rpm: 63 40 BD 65 17 29 C5 35 CC 2A E2 FF 0E 08 0A 47
This does not seem to match that given in the announcement. Am I doing something wrong? Maybe a gpg problem?
Or did I do this correctly, and the package just does not have the correct checksum? Has anybody else checked this package and got the correct checksum?
You are right. I just downloaded this package from ftp.suse.com and using md5sum I got the same checksum as you. For the update packages for SuSE 6.2 and 6.3 (from our local mirror) I got the following checksums: af82f4fea307acb584e38a0696ad247b .../update/6.2/n1/lprold-3.0.48-4.i386.rpm 3404fb4e939203c8b8145e7880035869 .../update/6.3/n1/lprold-3.0.48-4.i386.rpm These differ from those in the announcement, too. After the first announcement there was a second one in which SuSE apologized for wrong checksums in the first one -- but the "corrected" checksums were the same as in the original announcement. The problem seems to be that the checksums in the announcements are those of an older version. The current version we downloaded from the servers is lprold-3.0.48-4, while the file names in the announcements show lprold-3.0.48-0 (-0 instead of -4). Eilert -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik eilert@informatik.uni-bremen.de - eilert@tzi.org - eilert@linuxfreak.com http://www.informatik.uni-bremen.de/~eilert/
hm.... i got the same problem (wrong md5sums) with the bind and bindutils rpms, but the announcement did not mention 6.3 sums anyway, so i thought that's ok. can we get an official statement? and maybe an updated list of sums for the current download packages? thanks in advance. regards, michael balzer hostmaster@bbcomp.de hostmaster@hagen-online.de
-----Ursprüngliche Nachricht----- Von: eilert@Informatik.Uni-Bremen.DE [mailto:eilert@Informatik.Uni-Bremen.DE] Gesendet: Freitag, 28. Januar 2000 07:47 An: suse-security@suse.com Betreff: Re: [suse-security] SuSE Security Announcement - lprold-update
John Pinder <jpinder@gte.net> wrote:
I just downloaded the lprold.rpm package for SuSE 6.1, and just used:
gpg --print-md MD5 lprold-3.0.48-4.i386.rpm
I got the following checksum:
lprold-3.0.48-4.i386.rpm: 63 40 BD 65 17 29 C5 35 CC 2A E2 FF 0E 08 0A 47
This does not seem to match that given in the announcement. Am I doing something wrong? Maybe a gpg problem?
Or did I do this correctly, and the package just does not have the correct checksum? Has anybody else checked this package and got the correct checksum?
You are right. I just downloaded this package from ftp.suse.com and using md5sum I got the same checksum as you. For the update packages for SuSE 6.2 and 6.3 (from our local mirror) I got the following checksums:
af82f4fea307acb584e38a0696ad247b .../update/6.2/n1/lprold-3.0.48-4.i386.rpm 3404fb4e939203c8b8145e7880035869 .../update/6.3/n1/lprold-3.0.48-4.i386.rpm
These differ from those in the announcement, too. After the first announcement there was a second one in which SuSE apologized for wrong checksums in the first one -- but the "corrected" checksums were the same as in the original announcement.
The problem seems to be that the checksums in the announcements are those of an older version. The current version we downloaded from the servers is lprold-3.0.48-4, while the file names in the announcements show lprold-3.0.48-0 (-0 instead of -4).
Eilert -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik eilert@informatik.uni-bremen.de - eilert@tzi.org - eilert@linuxfreak.com http://www.informatik.uni-bremen.de/~eilert/
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi, On Fri, 28 Jan 2000, Michael Balzer wrote:
i got the same problem (wrong md5sums) with the bind and bindutils rpms, but the announcement did not mention 6.3 sums anyway, so i thought that's ok.
can we get an official statement? and maybe an updated list of sums for the current download packages? thanks in advance.
Sorry for the confusion. Here's an updated list (taken from our local server that mirrors the files to ftp.suse.com): 3404fb4e939203c8b8145e7880035869 6.3/n1/lprold-3.0.48-4.i386.rpm 71a71419383e568965c0db423c533138 6.3/n1/bindutil-8.2.2-8.i386.rpm 116b41f6b471c64c7f03972bd34904a1 6.3/n1/bind8-8.2.2-8.i386.rpm af82f4fea307acb584e38a0696ad247b 6.2/n1/lprold-3.0.48-4.i386.rpm Bye, LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer 90443 Nuernberg, Germany
participants (3)
-
Eilert Brinkmann -
Lenz Grimmer -
Michael Balzer