SCIENTIFIC-LINUX-ERRATA Archives

January 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Low: hplip3 on SL5.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Wed, 16 Jan 2013 16:10:46 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (42 lines) 
Synopsis:          Low: hplip3 security and bug fix update
Issue Date:        2013-01-08
CVE Numbers:       CVE-2011-2722
--

It was found that the HP CUPS (Common UNIX Printing System) fax filter 
in HPLIP
created a temporary file in an insecure way. A local attacker could use this
flaw to perform a symbolic link attack, overwriting arbitrary files 
accessible
to a process using the fax filter (such as the hp3-sendfax tool).
(CVE-2011-2722)

This update also fixes the following bug:

* Previous modifications of the hplip3 package to allow it to be installed
alongside the original hplip package introduced several problems to fax
support; for example, the hp-sendfax utility could become unresponsive. 
These
problems have been fixed with this update.
--

SL5
   x86_64
     hpijs3-3.9.8-15.el5.x86_64.rpm
     hplip3-3.9.8-15.el5.x86_64.rpm
     hplip3-common-3.9.8-15.el5.x86_64.rpm
     hplip3-debuginfo-3.9.8-15.el5.x86_64.rpm
     hplip3-gui-3.9.8-15.el5.x86_64.rpm
     hplip3-libs-3.9.8-15.el5.x86_64.rpm
     libsane-hpaio3-3.9.8-15.el5.x86_64.rpm
   i386
     hpijs3-3.9.8-15.el5.i386.rpm
     hplip3-3.9.8-15.el5.i386.rpm
     hplip3-common-3.9.8-15.el5.i386.rpm
     hplip3-debuginfo-3.9.8-15.el5.i386.rpm
     hplip3-gui-3.9.8-15.el5.i386.rpm
     hplip3-libs-3.9.8-15.el5.i386.rpm
     libsane-hpaio3-3.9.8-15.el5.i386.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2