Synopsis: Moderate: hplip security update
Issue date: 2008-08-12
CVE Names: CVE-2008-2940 CVE-2008-2941
A flaw was discovered in the hplip alert-mailing functionality. A local
attacker could elevate their privileges by using specially-crafted packets
to trigger alert mails, which are sent by the root account. (CVE-2008-2940)
A flaw was discovered in the hpssd message parser. By sending
specially-crafted packets, a local attacker could cause a denial of
service, stopping the hpssd process. (CVE-2008-2941)
SL 5.x
SRPMS:
hplip-1.6.7-4.1.el5_2.4.src.rpm
i386:
hpijs-1.6.7-4.1.el5_2.4.i386.rpm
hplip-1.6.7-4.1.el5_2.4.i386.rpm
libsane-hpaio-1.6.7-4.1.el5_2.4.i386.rpm
x86_64:
hpijs-1.6.7-4.1.el5_2.4.x86_64.rpm
hplip-1.6.7-4.1.el5_2.4.x86_64.rpm
libsane-hpaio-1.6.7-4.1.el5_2.4.x86_64.rpm
-Connie Sieh
-Troy Dawson