On Sat, Nov 10, 2007 at 10:18:19AM +0100, zbigniew szalbot wrote: > Hello, > > Aryeh M. Friedman pisze: >> > I am not sure I understand the message about remote execution of >> > arbitrary code. >> That is just saying that if the security issue is a problem for you >> don't upgrade (i.e. go ahead if you don't care). >> > Thanks but I think I now understand even less :) > If a security issue is a problem, don't upgrade???
Apparently there is a bug in this port that would allow an attacker from outside to make cupsd execute his malicious code. Therefore installation of this port is forbidden as a precaution until a fix is available. But if you have a firewall that rejects incomming connections or if you have cupsd set up to deny all connections but local ones this bug presumably cannot affect you. > Not sure also how one could go ahead? There is no option to continue. The > message appears and that's all. I am not given any option. Upgrade the port once it is fixed. In the meantime block incoming connections either in cupsd.conf or with your firewall. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
pgp0xktlq0rfD.pgp
Description: PGP signature
