Synopsis: Important: hplip security update Issue date: 2007-10-11 CVE Names: CVE-2007-5208 Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user input. A local attacker could send a specially crafted request to the hpssd daemon, possibly allowing them to run arbitrary commands as the root user. (CVE-2007-5208). On Scientific Linux 5, the SELinux targeted policy for hpssd which is enabled by default, blocks the ability to exploit this issue to run arbitrary code. SL 5.x SRPMS: hpijs-1.6.7-4.1.el5.3.src.rpm i386: hpijs-1.6.7-4.1.el5.3.i386.rpm hplip-1.6.7-4.1.el5.3.i386.rpm libsane-hpaio-1.6.7-4.1.el5.3.i386.rpm x86_64: hpijs-1.6.7-4.1.el5.3.x86_64.rpm hplip-1.6.7-4.1.el5.3.x86_64.rpm libsane-hpaio-1.6.7-4.1.el5.3.x86_64.rpm -Connie Sieh -Troy Dawson