User: Password:
|
|
Subscribe / Log in / New account

Scientific Linux alert SL-hpli-20130116 (hplip3)

From:  Pat Riehecky <riehecky@fnal.gov>
To:  "SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV" <SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV>
Subject:  Security ERRATA Low: hplip3 on SL5.x i386/x86_64
Date:  Wed, 16 Jan 2013 16:10:46 -0600
Message-ID:  <50F72566.9070907@fnal.gov>
Archive-link:  Article, Thread

Synopsis: Low: hplip3 security and bug fix update Issue Date: 2013-01-08 CVE Numbers: CVE-2011-2722 -- It was found that the HP CUPS (Common UNIX Printing System) fax filter in HPLIP created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to a process using the fax filter (such as the hp3-sendfax tool). (CVE-2011-2722) This update also fixes the following bug: * Previous modifications of the hplip3 package to allow it to be installed alongside the original hplip package introduced several problems to fax support; for example, the hp-sendfax utility could become unresponsive. These problems have been fixed with this update. -- SL5 x86_64 hpijs3-3.9.8-15.el5.x86_64.rpm hplip3-3.9.8-15.el5.x86_64.rpm hplip3-common-3.9.8-15.el5.x86_64.rpm hplip3-debuginfo-3.9.8-15.el5.x86_64.rpm hplip3-gui-3.9.8-15.el5.x86_64.rpm hplip3-libs-3.9.8-15.el5.x86_64.rpm libsane-hpaio3-3.9.8-15.el5.x86_64.rpm i386 hpijs3-3.9.8-15.el5.i386.rpm hplip3-3.9.8-15.el5.i386.rpm hplip3-common-3.9.8-15.el5.i386.rpm hplip3-debuginfo-3.9.8-15.el5.i386.rpm hplip3-gui-3.9.8-15.el5.i386.rpm hplip3-libs-3.9.8-15.el5.i386.rpm libsane-hpaio3-3.9.8-15.el5.i386.rpm - Scientific Linux Development Team


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds