-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                        ESB-2008.0873 -- [Solaris]
                Multiple Printing Regressions in Solaris 10
                             22 December 2008

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Solaris 10
Publisher:            Sun Microsystems
Operating System:     Solaris
Impact:               Denial of Service
                      Provide Misleading Information
Access:               Existing Account

Original Bulletin:    
  http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-241426-1

Comment: Please note this alert contains two (2) parts

Revision History:     December  22 2008: Sun has added a Part II to this alert
                      December  22 2008: Sun has now released the patches to 
                                         resolve this issue
                      September 12 2008: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

   Solution Type: Sun Alert
   Solution  241426 :   Multiple Printing Regressions in Solaris 10
   Kernel Patches 127127-11 and 127128-11          
   Bug ID: 6715450, 6718897, 6724904, 6729885, 6735837, 6694850, 6698648,
   6698649, 6698650, 6704910, 6180823, 6667354, 6689188, 6699182, 6708442,
   6707986

   Product
   Solaris 10 Operating System
   OpenSolaris

   Date of Workaround Release: 29-Aug-2008

   Date of Resolved Release: 12-Dec-2008

   SA Document Body
   Multiple Printing Regressions in Solaris 10 Kernel Patches 127127-11 and 
   127128-11

   1. Impact

   Solaris 10 kernel patches 127127-11 (SPARC platform) or
   127128-11 (x86 platform) introduce multiple printing regressions as
   listed below:

   6715450 - 'lp -P m-' no longer prints pages for range 'm' until end of
   file.

   6718897 - lpstat(1) output is missing information for Connection,
   Printer types, PPD, Character sets and Default Page Size.

   6724904 - lpr(1B) -r and -s options are now mutually exclusive and
   attempting to use the options together generates a usage error.

   6699182 - cancel(1) no longer works as expected when trying to cancel
   the following:

   all jobs owned by user on a specific queue
   all jobs owned by user on all queues
   all jobs on a specific queue
   first job on a specific queue

   6729885 - When at least one print server is unreachable or not
   accepting connections, submission of print jobs may cause 'lpd-port
   to hang, causing all print jobs to affected and unaffected print
   servers to be impacted.

   6735837 - printmgr(1M) no longer displays the description for printers
   in the printer administration overview window.

   6694850 - Issues with the list_remove() function in libpapi(3LIB)
   causes lists to be freed more than once resulting in a segmentation
   fault.

   6698648 - 'lp -P <start>-<end>' no longer prints pages in the given
   range; instead, all pages of a given document will be printed.

   6698649 - After resuming a held print job using 'lp -H resume',
   calling lp(1) -H hold will fail to place the job on hold.

   6698650 - Priority order of 'lp -q' has been reversed.  'lp -q 0'
   should assign a print request the highest priority and 'lp -q 39'
   should assign the request the lowest priority. Patch
   127127/127128-11 reverses this order causing 39 to be the highest
   priority and 0 to be the lowest.

   6704910 - Options set for print requests, set via 'lp -o <option
   name>' are no longer being honored by the printing system.

   6180823 - When banner printing is disabled for a printer using
   lpadmin(1M), printmgr(1M) incorrectly displays "Always print banner"
   regardless of the entry in the print database.

   6708442 - Location of printing PPD files have changed causing
   printmgr(1M) to display a blank error message whenever the "New
   Attached Printer" window is closed.

   6667354 - The changed location of printing PPD files causes
   printmgr(1M) to display an error when any modification or addition is
   actioned

   6689188 - printmgr(1M) shows incorrect information for a given
   printer. The fields affected are:

   File Contents
   Fault Notification
   Printer types

   The printing system performs correctly as specified by the print
   database, but the printmgr(1M) display does not reflect the correct
   values.

   6707986 - Using lpset(1M) to add a print queue to an LDAP repository
   causes print requests targeting the new queue to fail. lpset(1M) does
   not add printer-uri data in a format that is compatible with the
   libpapi(3LIB) support for printer/service endpoint information.

   Note the information for the following bugs has been moved to a new
   secondary Sun Alert for this printing regression issue: 6699689,
   6740381, 6699255, 6720586, 6724477, 6737146  Please refer to this new
   new secondary Sun Alert 247386 for these BugIDs and more BugIDs
   relating to this printing issue.

   2. Contributing Factors

   These issues can occur in the following releases:
   SPARC Platform:
     * Solaris 10 with patch 127127-11
     * OpenSolaris based upon builds snv_44 through snv_99

   x86 Platform:
     * Solaris 10 with patch 127128-11
     * OpenSolaris based upon builds snv_44 through snv_99

   Note: OpenSolaris is not affected by 6708442
   OpenSolaris distributions may include additional bug fixes above and
   beyond the build from which it was derived. The base build can be
   derived as follows:

   $ uname -v
   snv_86

   3. Symptoms

   The symptoms of each issue are as listed below:

   6715450 - When submitting a request with a page range, all pages of
   the document will be printed.

   6718897 - 'lpstat -o <queue>' will return blank fields for Printer
   types, PPD, Connection, Character Sets and Default Page Size even when
   this fields have been populated with information.

   6724904 - lpr(1B) will report the following usage error:

   "-r and -s may not be used together"

   6729885 - Print requests to remote printers will be seen to hang.

   6735837 - printmgr(1M) will show blank descriptions in the printer
   overview window even when printer description fields have been
   populated.

   6694850 - The stack trace from the core file will be similar to the
   following:

   fedc246c papiAttributeValuesFree (deadbeef, deadbeef) + 1c
   fedc24d6 papiAttributeFree (8067a90) + 3a
   fedc250f papiAttributeListFree (806da98) + 27
   fede4e68 papiServiceDestroy (8068430) + 5c

   6698648 - All pages will be printed even if a valid page range has
   been supplied.

   6698649 - After applying a hold to a print request, lpstat(1) will not
   show the request as being held.

   6698650 - Applying a priority of 39 will result in the request being
   moved to the top of the print queue. Applying a priority of 0 will
   result in the request being moved to the end of the queue. This
   behavior can be observed via lpstat(1).

   6704910 - Examining /var/spool/lp/logs/requests will show the request
   as having a field: "Ui=false" which is not understood by the print
   server.  A mail will also be received by the user containing this
   information.

   6180823 - printmgr(1M) will always show the banner option as:

   "Always print banner"

   regardless of the setting applied.

   6667354 - printmgr(1M) will display a popup error message containing
   "java.lang.NullPointerException" when closing the printer
   addition/modification windows, whether or not any printer settings
   were modified/added.

   6689188 - After modifying a printer via printmgr(1M), viewing the
   details of the printer again using printmgr(1M) will show no changes
   having been made. File Contents, Notification and Printer Type will
   still have the previous values.

   6699182 - 'cancel(1) -u <user>' will result in all printers being
   purged of all jobs, regardless of whom owns them.
   'cancel -u <user> <printer>' will result in the supplied printer being
   purged of all jobs - again, regardless of the owner.

   6708442 - printmgr(1M) will show a blank popup error message when
   closing the add/modify printer window.

   6707986 - After using lpset(1M) job submission via lp(1) will produce
   an error message similar to the following:

   <queue>: failed to commit job (<job id>): unknown destination

   4. Workaround

   Removing the affected patches 127127-11 (SPARC platform) or
   127128-11 (x86 platform) will resolve these printing issues.
   However, these patches fix certain security issues which are not
   resolved by any other patch, and as such, this course of action is not
   recommended.

   5. Resolution

   These issues are addressed in the following releases:

   SPARC Platform:
   Solaris 10 with:
     * patch 138112-01 or later (for 6180823, 6667354, 6689188)
     * patch 138116-01 or later (for 6698648, 6698649, 6698650,
       6704910)
     * patch 138118-01 or later (for 6699182)
     * patch 138120-01 or later (for 6708442)
     * patch 138627-02 or later (for 6694850)
     * patch 139487-01 or later (for 6724904)
     * patch 138870-01 or later (for 6707986)
     * patch 138627-03 or later (for 6715450)
     * patch 138848-02 or later (for 6718897)
     * patch 139390-01 or later (for 6735837)
     * patch 140192-01 or later (for 6729885)
     * OpenSolaris based upon builds snv_100 or later

   x86 Platform:
   Solaris 10 with:
     * patch 138113-01 or later (for 6180823, 6667354, 6689188)
     * patch 138117-01 or later (for 6698648, 6698649, 6698650,
       6704910)
     * patch 138119-01 or later (for 6699182)
     * patch 138121-01 or later (for 6708442)
     * patch 138628-02 or later (for 6694850)
     * patch 139488-01 or later (for 6724904)
     * patch 138871-01 or later (for 6707986)
     * patch 138628-03 or later (for 6715450)
     * patch 138849-02 or later (for 6718897)
     * patch 139391-01 or later (for 6735837)
     * patch 140193-01 or later (for 6729885)
     * OpenSolaris based upon builds snv_100 or later

   Note the current/latest patches that that will deliver all the above
   fixes are:
     * SPARC - 138848-02 138627-03 138411-01 138858-01
       139487-01 138870-01, 139390-01, 140192-01
     *  x86   - 138849-02 138628-03 138412-01 138859-01
       139488-01 138871-01, 139391-01 140193-01

   Note that it is advisable that customers install these patches since
   this is the patch baseline for relief available for the issues
   documented in Sun Alert 247386.
   This Sun Alert notification is being provided to you on an "AS IS"
   basis. This Sun Alert notification may contain information provided by
   third parties. The issues described in this Sun Alert notification may
   or may not impact your system(s). Sun makes no representations,
   warranties, or guarantees as to the information contained herein. ANY
   AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
   WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
   NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
   YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
   INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
   OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
   This Sun Alert notification contains Sun proprietary and confidential
   information. It is being provided to you pursuant to the provisions of
   your agreement to purchase services from Sun, or, if you do not have
   such an agreement, the Sun.com Terms of Use. This Sun Alert
   notification may only be used for the purposes contemplated by these
   agreements.

   Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa
   Clara, CA 95054 U.S.A. All rights reserved

- ---

   Solution Type: Sun Alert
   Solution  247386 :   Part II - Multiple Printing Regressions in
   Solaris 10 Kernel Patches 127127-11 and 127128-11          
   Bug ID: 6699689, 6740381, 6699255, 6720586, 6724477, 6737146, 6740759,
   6748739, 6749323, 6723892, 6739383, 6740079, 6752372, 6723334, 6724379,
   6727979, 6752568, 6751830, 6759910, 6752577, 6759604, 6757330, 6591929,
   6755076, 6760057, 6763608, 6770599, 6746130, 6770629, 6780792, 6619120,
   6761767, 6781426, 6783023, 6781952

   Product
   Solaris 10 Operating System
   OpenSolaris

   Date of Workaround Release: 10-Dec-2008

   Part II - Multiple Printing Regressions in Solaris 10 Kernel Patches
   127127-11 and 127128-11

   1. Impact

   Solaris 10 kernel patches 127127-11 (SPARC platform) or
   127128-11 (x86 platform) introduce multiple printing regressions as
   listed below.

   Note that these issues are in addition to the ones already identified
   in Sun Alert 241426, available at
   http://sunsolve.sun.com/search/document.do?assetkey=1-66-241426-1
   6699689 - Using the -D option to lpadmin(1M) corrupts
   '/etc/printers.conf' and leads lpstat(1) to core dump after which
   printing is no longer possible.

   6740381 - 'lpstat -o' no longer reports status for remote Windows
   printers.

   6699255 - After installation of KU 127127/127128-11, printing is no
   longer possible if print server and client have different KU revision.

   6720586 - "nobanner" entry gets added to request when lp(1) is invoked
   with the -i <request-id> to change print request options.

   6724477 - The command "cancel <queuename>" causes a segmentation fault
   when used to cancel the first job on a remote queue.

   6737146 - Unprivileged users cannot place a hold on "print -" requests
   when using the -H switch with l(1).

   6740759 - lpstat(1) always reports "Forms allowed: (none)" after
   making a form (lpforms(1M)) available to the printer.

   6748739 - cancel(1) doesn't print correct status for Windows remote
   printers. Job will be cancelled but output from the command
   incorrectly states that it could not find the job.

   6749323 - It is not possible to determine from the output from
   lpstat(1) which host a job was submitted from.

   6723892 - 'lpstat -p' dumps core when queues are created with the "-s
   ipp://" or "-s lpd://" options. This issue only occurs when the
   required fields are not specified. Supplying valid field data ensures
   this does not occur.

   6739383 - print commands accept(1M), reject(1), enable(1), disable(1)
   do not report status after execution. This has minimal impact as
   although the status is not reported, the commands complete correctly.
   This can be verified via "lpstat -lp".

   6740079 - "lpstat -R" does not show queued jobs, so it is not possible
   to tell the order in which jobs will be printed.

   6752372 - The output from "lpstat -o" is incorrect and so it is not
   possible to find which job is currently being printed.

   6723334 - There is a slow memory leak in the libpapi library. This
   could result in a system-wide resource shortage.

   6724379 - Printing from FireFox 3 is not possible. Attempts to print
   using the FireFox 3 application will crash in papiJobStreamOpen.

   6727979 - Printing to local queues is not be possible due to memory
   corruption in psm-lpsched.so which will core dump.

   6752568 - Using "lpstat -o" to display queue data for a printer which
   has a queue name that matches the syntax for a job id is not possible.

   For example, if a job id is defined as : <printer name>-<#>, i.e:
   hplaser-1 whereby 'hplaser' is the printer, and '1' is the job-id.
   If a printer is added with a name that matches the job-format
   "hplaser-1", then 'lpstat -o hplaser-1' will be treated as a job id
   rather than a printer id and will fail.

   6751830 - In cases where a remote queue is disabled, using lpstat(1)
   on the client will incorrectly report that the printer is accepting
   requests. The status reported by the server will be correct.

   6759910 - lpstat(1) cannot display (-D) Description, but this does not
   affect print jobs.

   6752577 - lpmove(1M) dumps core after moving a print job. Print jobs
   will be processed correctly, however each time lpmove is executed, a
   core file will be created.

   6759604 - A local unprivileged user on the lp client can cancel print
   jobs owned by root.

   6757330 - Zero byte print jobs will hang. Other print jobs are not
   impacted when this occurs.

   6591929 - Passing in a postscript file to lp via standard input (using
   the command like '$ cat <postscript-file> | lp)', will cause the
   printer to print the postscript markup version of the file.

   Drivers such as ljet and hpijs use this command format and are
   therefore impacted by this issue. Note that 'lp <postscript-file>' is
   not impacted by this issue.

   6755076 - enable(1), disable(1) commands are not supported for remote
   printer queues. Using these commands on remote printers fails but the
   error message generated omits the reason why the command is not
   working (not supported).

   6760057 - accept(1M), reject(1) commands are not supported for remote
   printer queues. Using these commands on remote printers fails but the
   error message generated omits the reason why the command is not
   working (not supported).

   6763608 - lpstat reports remote Windows printers as disabled even when
   they are enabled. In some cases jobs will print even though the queue
   is listed as disabled. In other cases, jobs will not be printed.

   6770599 - Configuring network printers as remote printers is not
   supported and will not work.  lpstat(1) will report these remote
   printers as disabled. (In the past however, such incorrectly
   configured printers may have worked.)

   This affects network printers that are configured using the remote
   printer format which looks like the following:

   printer-uri-supported=lpd://<print server>/printers/<printer name>
   bsdaddr=<print server>,<printer name>, Solaris

   6746130 - more memory leaks in the libpapi library. This could result
   in a system-wide resource shortage.

   6770629 - lpsched(1M) will core dump when using Xerox printers. smf(5)
   will detect this event and will respond by disabling print services.
   This only occurs with Xerox printers. Print services will need to be
   re-enabled.

   6780792 - Print jobs sent to NIprint print-server software on Windows
   systems will not be processed and will never print.

   6619120 - lpmove(1M) dumps core if it is invoked without using any
   paramaters as in the case when displaying the command usage data.
   Users may instead refer to the man page for usage details to work
   around this issue.

   6761767 - '/usr/ucb/lpc topq' (see lpc(1B)), fails to move the
   specified print jobs to the top of the print queue.  Instead it will
   dump core.

   6781426 - When sending print jobs to a Novell print server, all jobs
   can be rejected if '-o nobanner' is passed as an option.

   6783023 - lpstat -v dumps core if there is no printer name defined in
   /etc/printers.conf.

   6781952 - enable(1)/accept(1M) used to return code 1 (meaning failure)
   if the print queue is already enabled/accepting. Now, with these
   patches installed, enable(1)/accept(1M) will instead return code 0
   (meaning success) if the queue is already enabled/accepting. Return
   codes for other situations has remained unchanged.

   2. Contributing Factors

   These issues can occur in the following releases:

   SPARC Platform:
     * Solaris 10 with patch 127127-11
     * OpenSolaris based upon builds snv_44 or later

   x86 Platform:
     * Solaris 10 with patch 127128-11
     * OpenSolaris based upon builds snv_44 or later

   Notes:
   1. Solaris 8 and 9 are not impacted by this issue.
   2. Solaris 10 is not affected by 6724379.
   3. OpenSolaris distributions may include additional bug fixes above
   and beyond the build from which it was derived. The base build can be
   derived as follows:

   $uname -v
   snv_86

   3. Symptoms

   The symptoms of each issue are as listed below:

   6699689 - Examining '/etc/printers.conf' will show that the
   destination field in the 'bsdaddr' line is blank after adding a
   description.

   6740381 - 'lpstat -o <queue residing on MS Windows server>' will
   return no output, even when jobs are resident on the queue.

   6699255 - 'lpstat -o <queue>' will return a different request-id to
   that returned from lp(1) during request submission.

   6720586 - After passing the -i switch to lp(1), the output from:

   /var/spool/lp/tmp/<print server>/<job-id>

   will contain the text:

   nobanner

   6724477 - cancel(1) will suffer a segmentation fault, a stack trace
   from the core will be similar to the following:

   ff25276c papiAttributeListFind (0, 245e4, 245e4, ffbffbec, ff396000, 6c706400)+ 18
   ff252878 papiAttributeListGetValue (0, ffbffb14, 245e4, 1, ffbffb7c, ffbffcdc)+ 5c
   ff25296c papiAttributeListGetInteger (6c706400, 0, 245e4, ffbffbec, ff396000, 13c7c) + 2c
   00012aac cancel_job (25b68, 24a00, ffbffe1d, 25c80, 0, ffbffcdc) + 6c
   00012fd8 berkeley_cancel_request (25b68, 24a00, ffbffe1d, 0, ffbffcdc, 29) + 158
   00011fe4 main     (2, ffbffd6c, ffbffd78, 24400, ff3600c0, ff360100) + 43c
   000118b8 _start   (0, 0, 0, 0, 0, 0) + 108

   6737146 - After placing a hold on a print request, the 'Hold' keyword
   will not be present in:

   /var/spool/lp/tmp/<print server>/<job-id>

   6740759 - lpstat always reports "Forms allowed: (none)" after making a
   form available to printer.

   6748739 - Cancel reports : <job-id>: not-found when attempting to
   cancel jobs on remote Windows server.

   6749323 - lpstat(1) does not show which host a job was submitted from.
   'lpstat -o' does not display the host information along with the owner
   of the request.

   6723892 - lpstat -p dumps core when used on queues created with the
   "-s ipp://" or "-s lpd://" options.
   The stack trace generated is similar to the following:

   core 'core' of 20123:   /usr/lib/lp/bin/lpstat -p a2
   fee93088 strrchr  (8046fa0) + 18
   fee43ec1 getprinterbyname (8047246, 0) + 16d
   fee44b85 service_load (8068470, 8047246) + 49
   fee44e08 papiServiceCreate (8047040, 8047246, 0, 0, 8054cec, 1) + a0
   08053037 printer_query (8047246, 80526b4, 1, 0, 0) + 2f
   08053ddb main     (3, 80470e4, 80470f4) + 4cb
   08052046 _start   (3, 804722c, 8047243, 8047246, 0, 8047249) + 7a

   6739383 - Commands 'accept', 'reject', disable', 'enable' do not
   report status after execution.

   6740079 - 'lpstat -R' will show no output when run against a valid
   queue.

   6752372 - "lpstat -o" output fails to show which job is currently
   being printed. The output should look like the following but the 'on
   <printer>' information is missing:

   VSP4720FM-39213   bsnps        343   Jun 18 20:52 on VSP4720FM

   6723334 - memory leak in libpapi will result in increased system
   memory usage. The cause can be determined using dtrace(1M) to profile
   the processes.

   6724379 - Crash dump created when printing using firefox 3 will have a
   stack trace similar to the following:
   
   core 'core' of 1153:    /usr/lib/firefox/firefox-bin
   -----------------  lwp# 1 / thread# 1  --------------------
   fed0d955 _lwp_kill (1, b) + 15
   fecc1592 raise    (b) + 22
   fcecd20a __1cNnsProfileLockSFatalSignalHandler6Fi_v_ (b, 0, 8045928) + e6
   fed0942f __sighndlr (b, 0, 8045928, fcecd124) + f
   fecfe5c2 call_user_handler (b, 0, 8045928) + 2bf
   fecfe7f6 sigacthandler (b, 0, 8045928) + d0
   --- called from signal handler with signal 11 (SIGSEGV) ---
   fecb41f0 t_splay  (f0c3e054) + 30
   fecb40bd t_delete (f0c3e054) + 2d
   fecb3dd0 realfree (f0c3ab24) + 60
   fecb4433 cleanfree (eef20780) + 5b
   fecb3a2e realloc  (eef20780, 16) + 59
   f67b3836 add_lpd_control_line (804650c, 50, f7465030) + 66

   6727979 - Core dump created when printing to local queues will have a
   stack trace similar to the following:

   psm-lpsched.so.1'_Free+0x1b
   psm-lpsched.so.1'freerequest+0x138
   psm-lpsched.so.1'papiJobSubmitByReference+0x24e
   libpapi.so.0'_papi_job_submit_reference_or_validate+0x90
   libpapi.so.0'papiJobSubmitByReference+0x31
   lp'main+0x593
   lp'_start+0x7a

   6752568 - Using lpstat(1) -o to display queue data for a printer which
   has a queue name that matches the syntax for a job id will result in
   the following error:

     Failed to contact service for <printer>: not-found

   6751830 - Where a remote queue is disabled, using lpstat(1) on the
   client will incorrectly report that the printer is accepting requests
   but the server will report the correct status.
   On the server:

   <printer name> not accepting requests since <date>

   On the client:

   <printer name> accepting requests since <date>

   6759910 - 'lpstat -D' does not display (-D) Description. lpstat will
   not show any printer descriptions.

   6752577 - lpmove(1M) dumps core with a stack trace similar to the
   following:

   psm-lpsched.so.1`_getmessage+0x137(80af0d0, 20, 8047c6c)
   psm-lpsched.so.1`rcv_msg+0x7b(807ddf0, 20, 8047cc8)
   psm-lpsched.so.1`papiJobMove+0x10f(807ddf0, 8088eb0, f, 8088d00)
   libpapi.so.0`papiJobMove+0x9b(8088f88, 8047ee5, f, 8088d00)
   0x80515d2(8088f88, 8047ee5, f, 8047ef2)
   main+0x119(2, 8047e14, 8047e24)
   _start+0x7a(3, 8047ed4, 8047ee5, 8047ef2, 0, 8047efa)

   6759604 - A local unprivileged user on the lp client can cancel print
   jobs owned by root.

   6757330 - Zero byte print jobs will hang. Other print jobs are not
   impacted when this occurs.

   6591929 - Passing in a postscript file to lp via standard input 'cat
   <postscript-file> | lp', will cause the printer to print the
   postscript markup.

   6755076 - Output messages from the enable(1)/disable(1) print commands
   when using a remote queue fail to state that enable(1) and disable(1)
   are not supported for remote queues. The output shows the following:

   enable: <printer>: operation-not-supported
   disable: <printer>: operation-not-supported

   6760057 - Output messages from the accept(1)/reject(1) print commands
   when using a remote queue fail to state that accept(1) and reject(1)
   are not supported for remote queues. The output shows the following:

   accept: <printer>: operation-not-supported
   reject: <printer>: operation-not-supported

   6763608 - lpstat(1) reports remote Window printers as disabled even
   when they are enabled.

   6770599 - lpstat(1) reports network printers that have been
   incorrectly configured as remote printers as disabled, even when they
   are enabled. Printing to these will fail.

   6746130 - Memory leaks in libpapi will result in increased system
   memory usage The cause can be determined using dtrace(1M) to profile
   the processes.

   6770629 - lpsched(1M) will core dump when using Xerox printers causing
   smf(5) to disable the print services and issue the following message:

     [ <date> Stopping because process dumped core. ]

   6780792 - Print jobs sent to NIprint print-server software running on
   Windows systems will fail to print. lp(1) will complete correctly and
   a job-id will be returned but the job will not be printed.

   6619120 - lpmove(1) will dump core when invoked without any parameters
   when displaying the usage data.

   6761767 - When the 'topq' command is excecuted within the lpc(1B)
   shell, lpc will dump core with a stack trace similar to:

   core 'core' of 744:     lpc
   ff2c1470 atoi     (2a058, 25f10, 0, 0, 25b00, 0) + 4
   00011e5c ???????? (ffffffff, 25f10, 2, 13400, 24400, 11ab0)
   00011f34 ???????? (11ab0, 25f10, 2, 0, 29618, 0)
   00011fe8 ???????? (0, 25f10, ffbfeb7c, 2, 25f10, 1)
   000121d4 ???????? (0, 25f18, 1, 13400, 134e4, 13400)
   00012290 main     (0, ffbffd9c, ffbffda4, 25000, 13400, 13400) + 94
   00011440 _s
   tart   (0, 0, 0, 0, 0, 0) + 108

   6781426 - Print jobs sent to a Novell print server fail with the
   following message visible via snoop(1M):

   "<printer>: Unrecognized LPR syntax. Only BSD-type usage acceped
   (per RFC 1179)."

   6783023 Using lpstat -v with no printer name defined, will coredump
   with a stack trace similar to:

   ff2b1d50 strlen   (14b0d, ffbffd48, ffbfff47, 0, 0, 0) + 50
   ff31c4c8 printf   (14afc, 27170, 0, 2718e, ff36e308, 14afc) + f4
   00011978 ???????? (27620, 2bca8, ffbfff42, 0, 0, 14800)
   000129b0 ???????? (0, 11804, 0, 0, 0, 0)
   00013738 main     (0, ffbffe8c, 27400, 1, 11800, 12a28) + 3ec
   000114ec _start   (0, 0, 0, 0, 0, 0) + 108

   6781952 - enable(1)/accept(1M) return code 0 (meaning success) if the
   print queue is already enabled/accepting.

   4. Workaround

   Removing the affected patches 127127-11 (SPARC platform) or
   127128-11 (x86 platform) will resolve these printing issues.
   However, these patches fix certain security issues which are not
   resolved by any other patch, and as such, this course of action is not
   recommended.

   Binary relief can be obtained via the normal support channels for the
   following Bugs:

   6699689, 6740381, 6699255, 6720586, 6724477, 6737146, 6740759,
   6749323, 6757330, 6752568, 6759910, 6752577, 6780792, 6619120,
   6591929, 6761767, 6763608.
   To date, there is no binary relief available for the following Bugs:
   6748739, 6723892, 6739383, 6740079, 6752372, 6723334, 6727979,
   6751830, 6759604, 6755076, 6760057, 6770599, 6746130, 6770629,
   6781426, 6783023, 6781952

   5. Resolution

   This issue is addressed in the following releases:

   SPARC Platform:
     * OpenSolaris based upon builds snv_104 or later (only for bugs
       6699689, 6699255, 6720586, 6724477, 6723892, 6723334, 6724379,
       6727979, 6591929)

   x86 Platform:
     * OpenSolaris based upon builds snv_104 or later (only for bugs
       6699689, 6699255, 6720586, 6724477, 6723892, 6723334, 6724379,
       6727979, 6591929)

   A final resolution is pending completion for Solaris 10 and for the
   remaining Bugs in OpenSolaris.

   This Sun Alert notification is being provided to you on an "AS IS"
   basis. This Sun Alert notification may contain information provided by
   third parties. The issues described in this Sun Alert notification may
   or may not impact your system(s). Sun makes no representations,
   warranties, or guarantees as to the information contained herein. ANY
   AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
   WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
   NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
   YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
   INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
   OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
   This Sun Alert notification contains Sun proprietary and confidential
   information. It is being provided to you pursuant to the provisions of
   your agreement to purchase services from Sun, or, if you do not have
   such an agreement, the Sun.com Terms of Use. This Sun Alert
   notification may only be used for the purposes contemplated by these
   agreements.

   Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa
   Clara, CA 95054 U.S.A. All rights reserved

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBSU8P+yh9+71yA2DNAQI2qwP/azlp490dZ0U8VssQg7aw2FWR3rimMHJ+
xrQCEu1YpEElhNpc1hw6WtzxSipW/QwXISSmahrMlcZa+eVe0bB/9ptNdu43yan4
QaOy0kCX4y6C5ULDkJP+RATSSx3OXStNd6D97vvz5uxs03mZwMiGWtz1Qgdt6DcS
lgBse9K/+cE=
=4icy
-----END PGP SIGNATURE-----