Synopsis: Important: hplip security update
Issue date: 2007-10-11
CVE Names: CVE-2007-5208
Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user
input. A local attacker could send a specially crafted request to the hpssd
daemon, possibly allowing them to run arbitrary commands as the root user.
(CVE-2007-5208).
On Scientific Linux 5, the SELinux targeted policy for hpssd which is enabled
by default, blocks the ability to exploit this issue to run arbitrary code.
SL 5.x
SRPMS:
hpijs-1.6.7-4.1.el5.3.src.rpm
i386:
hpijs-1.6.7-4.1.el5.3.i386.rpm
hplip-1.6.7-4.1.el5.3.i386.rpm
libsane-hpaio-1.6.7-4.1.el5.3.i386.rpm
x86_64:
hpijs-1.6.7-4.1.el5.3.x86_64.rpm
hplip-1.6.7-4.1.el5.3.x86_64.rpm
libsane-hpaio-1.6.7-4.1.el5.3.x86_64.rpm
-Connie Sieh
-Troy Dawson