Synopsis: Moderate: hplip security update Issue date: 2008-08-12 CVE Names: CVE-2008-2940 CVE-2008-2941 A flaw was discovered in the hplip alert-mailing functionality. A local attacker could elevate their privileges by using specially-crafted packets to trigger alert mails, which are sent by the root account. (CVE-2008-2940) A flaw was discovered in the hpssd message parser. By sending specially-crafted packets, a local attacker could cause a denial of service, stopping the hpssd process. (CVE-2008-2941) SL 5.x SRPMS: hplip-1.6.7-4.1.el5_2.4.src.rpm i386: hpijs-1.6.7-4.1.el5_2.4.i386.rpm hplip-1.6.7-4.1.el5_2.4.i386.rpm libsane-hpaio-1.6.7-4.1.el5_2.4.i386.rpm x86_64: hpijs-1.6.7-4.1.el5_2.4.x86_64.rpm hplip-1.6.7-4.1.el5_2.4.x86_64.rpm libsane-hpaio-1.6.7-4.1.el5_2.4.x86_64.rpm -Connie Sieh -Troy Dawson