Home / mailings [USN-2085-1] HPLIP vulnerabilities
Posted on 21 January 2014
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2085-1
January 21, 2014
hplip vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in HPLIP.
Software Description:
- hplip: HP Linux Printing and Imaging System (HPLIP)
Details:
It was discovered that the HPLIP Polkit daemon incorrectly handled
temporary files. A local attacker could possibly use this issue to
overwrite arbitrary files. In the default installation of Ubuntu 12.04 LT=
S
and higher, this should be prevented by the Yama link restrictions.
(CVE-2013-6402)
It was discovered that HPLIP contained an upgrade tool that would downloa=
d
code in an unsafe fashion. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to execute arbitra=
ry
code. (CVE-2013-6427)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
hplip 3.13.9-1ubuntu0.1
Ubuntu 12.10:
hplip 3.12.6-3ubuntu4.3
Ubuntu 12.04 LTS:
hplip 3.12.2-1ubuntu3.4
Ubuntu 10.04 LTS:
hplip 3.10.2-2ubuntu2.5
In general, a standard system update will make all the necessary changes.=
References:
http://www.ubuntu.com/usn/usn-2085-1
CVE-2013-6402, CVE-2013-6427
Package Information:
https://launchpad.net/ubuntu/+source/hplip/3.13.9-1ubuntu0.1
https://launchpad.net/ubuntu/+source/hplip/3.12.6-3ubuntu4.3
https://launchpad.net/ubuntu/+source/hplip/3.12.2-1ubuntu3.4
https://launchpad.net/ubuntu/+source/hplip/3.10.2-2ubuntu2.5
