Scientific Linux alert SLSA-2013:1274-1 (hplip)

From:
    	     
 
Pat Riehecky <riehecky@fnal.gov> 
To:
    	     
 
<scientific-linux-errata@listserv.fnal.gov> 
Subject:
    	     
 
Security ERRATA Important: hplip on SL6.x i386/x86_64 
Date:
    	     
 
Thu, 19 Sep 2013 19:26:11 +0000
Message-ID:
    	     
 
<20130919192611.18876.85683@slpackages.fnal.gov>
Archive-link:
    	     
 
Article, Thread
              
Synopsis:          Important: hplip security update
Advisory ID:       SLSA-2013:1274-1
Issue Date:        2013-09-19
CVE Numbers:       CVE-2013-4325
--

HPLIP communicated with PolicyKit for authorization via a D-Bus API that
is vulnerable to a race condition. This could lead to intended PolicyKit
authorizations being bypassed. This update modifies HPLIP to communicate
with PolicyKit via a different API that is not vulnerable to the race
condition. (CVE-2013-4325)
--

SL6
  x86_64
    hpijs-3.12.4-4.el6_4.1.x86_64.rpm
    hplip-3.12.4-4.el6_4.1.x86_64.rpm
    hplip-common-3.12.4-4.el6_4.1.x86_64.rpm
    hplip-debuginfo-3.12.4-4.el6_4.1.i686.rpm
    hplip-debuginfo-3.12.4-4.el6_4.1.x86_64.rpm
    hplip-gui-3.12.4-4.el6_4.1.x86_64.rpm
    hplip-libs-3.12.4-4.el6_4.1.i686.rpm
    hplip-libs-3.12.4-4.el6_4.1.x86_64.rpm
    libsane-hpaio-3.12.4-4.el6_4.1.x86_64.rpm
  i386
    hpijs-3.12.4-4.el6_4.1.i686.rpm
    hplip-3.12.4-4.el6_4.1.i686.rpm
    hplip-common-3.12.4-4.el6_4.1.i686.rpm
    hplip-debuginfo-3.12.4-4.el6_4.1.i686.rpm
    hplip-gui-3.12.4-4.el6_4.1.i686.rpm
    hplip-libs-3.12.4-4.el6_4.1.i686.rpm
    libsane-hpaio-3.12.4-4.el6_4.1.i686.rpm

- Scientific Linux Development Team