Apply by doing:
	cd /usr/src
	patch -p0 < 023_lprm.patch

And then rebuild and install lprm:
	cd usr.sbin/lpr
	make obj
	make depend && make && make install

Index: usr.sbin/lpr/common_source/rmjob.c
===================================================================
RCS file: /cvs/src/usr.sbin/lpr/common_source/rmjob.c,v
retrieving revision 1.12
diff -u -r1.12 rmjob.c
--- usr.sbin/lpr/common_source/rmjob.c	16 Feb 2002 21:28:03 -0000	1.12
+++ usr.sbin/lpr/common_source/rmjob.c	5 Mar 2003 00:54:55 -0000
@@ -322,6 +322,7 @@
 {
 	char *cp;
 	int i, rem;
+	size_t n;
 	char buf[BUFSIZ];
 
 	if (!remote)
@@ -333,18 +334,26 @@
 	 */
 	fflush(stdout);
 
-	(void)snprintf(buf, sizeof(buf)-2, "\5%s %s", RP, all ? "-all" : person);
-	cp = buf + strlen(buf);
-	for (i = 0; i < users && cp-buf+1+strlen(user[i]) < sizeof buf - 2; i++) {
-		cp += strlen(cp);
+	/* the trailing space will be replaced with a newline later */
+	n = snprintf(buf, sizeof(buf), "\5%s %s ", RP, all ? "-all" : person);
+	if (n == -1 || n >= sizeof(buf))
+		goto bad;
+	cp = buf + n;
+	for (i = 0; i < users; i++) {
+		n = strlcpy(cp, user[i], sizeof(buf) - (cp - buf + 1));
+		if (n >= sizeof(buf) - (cp - buf + 1))
+			goto bad;
+		cp += n;
 		*cp++ = ' ';
-		strcpy(cp, user[i]);
 	}
-	for (i = 0; i < requests && cp-buf+10 < sizeof(buf) - 2; i++) {
-		cp += strlen(cp);
-		(void) sprintf(cp, " %d", requ[i]);
+	*cp = '\0';
+	for (i = 0; i < requests; i++) {
+		n = snprintf(cp, sizeof(buf) - (cp - buf), "%d ", requ[i]);
+		if (n == -1 || n >= sizeof(buf) - (cp - buf))
+			goto bad;
+		cp += n;
 	}
-	strcat(cp, "\n");
+	cp[-1] = '\n';		/* replace space with newline, leave the NUL */
 	rem = getport(RM, 0);
 	if (rem < 0) {
 		if (from != host)
@@ -358,6 +367,10 @@
 			(void) fwrite(buf, 1, i, stdout);
 		(void) close(rem);
 	}
+	return;
+bad:
+	printf("remote buffer too large\n");
+	return;
 }
 
 /*