hm.... i got the same problem (wrong md5sums) with the bind and bindutils rpms, but the announcement did not mention 6.3 sums anyway, so i thought that's ok. can we get an official statement? and maybe an updated list of sums for the current download packages? thanks in advance. regards, michael balzer hostmaster@bbcomp.de hostmaster@hagen-online.de

-----Ursprüngliche Nachricht----- Von: eilert@Informatik.Uni-Bremen.DE [mailto:eilert@Informatik.Uni-Bremen.DE] Gesendet: Freitag, 28. Januar 2000 07:47 An: suse-security@suse.com Betreff: Re: [suse-security] SuSE Security Announcement - lprold-update

John Pinder <jpinder@gte.net> wrote:

...

I just downloaded the lprold.rpm package for SuSE 6.1, and just used:

gpg --print-md MD5 lprold-3.0.48-4.i386.rpm

I got the following checksum:

lprold-3.0.48-4.i386.rpm: 63 40 BD 65 17 29 C5 35 CC 2A E2 FF 0E 08 0A 47

This does not seem to match that given in the announcement. Am I doing something wrong? Maybe a gpg problem?

Or did I do this correctly, and the package just does not have the correct checksum? Has anybody else checked this package and got the correct checksum?

You are right. I just downloaded this package from ftp.suse.com and using md5sum I got the same checksum as you. For the update packages for SuSE 6.2 and 6.3 (from our local mirror) I got the following checksums:

af82f4fea307acb584e38a0696ad247b .../update/6.2/n1/lprold-3.0.48-4.i386.rpm 3404fb4e939203c8b8145e7880035869 .../update/6.3/n1/lprold-3.0.48-4.i386.rpm

These differ from those in the announcement, too. After the first announcement there was a second one in which SuSE apologized for wrong checksums in the first one -- but the "corrected" checksums were the same as in the original announcement.

The problem seems to be that the checksums in the announcements are those of an older version. The current version we downloaded from the servers is lprold-3.0.48-4, while the file names in the announcements show lprold-3.0.48-0 (-0 instead of -4).

Eilert -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik eilert@informatik.uni-bremen.de - eilert@tzi.org - eilert@linuxfreak.com http://www.informatik.uni-bremen.de/~eilert/

--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com