Skip to navigation

Security Advisory Moderate: hplip security update

Advisory: RHSA-2008:0818-4
Type: Security Advisory
Severity: Moderate
Issued on: 2008-08-12
Last updated on: 2008-08-12
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.2.z server)
CVEs (cve.mitre.org): CVE-2008-2940
CVE-2008-2941

Details

Updated hplip packages that fix various security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The hplip (Hewlett-Packard Linux Imaging and Printing) packages provide
drivers for Hewlett-Packard printers and multifunction peripherals.

A flaw was discovered in the hplip alert-mailing functionality. A local
attacker could elevate their privileges by using specially-crafted packets
to trigger alert mails, which are sent by the root account. (CVE-2008-2940)

A flaw was discovered in the hpssd message parser. By sending
specially-crafted packets, a local attacker could cause a denial of
service, stopping the hpssd process. (CVE-2008-2941)

Users of hplip should upgrade to these updated packages, which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
hplip-1.6.7-4.1.el5_2.4.src.rpm
File outdated by:  RHSA-2011:0154
    MD5: 52d3ac32d07a5b8c87392ddb210a76b8
 
IA-32:
hpijs-1.6.7-4.1.el5_2.4.i386.rpm
File outdated by:  RHSA-2011:0154
    MD5: 206febd550a7c3c175ac44f53d10c979
hplip-1.6.7-4.1.el5_2.4.i386.rpm
File outdated by:  RHSA-2011:0154
    MD5: d3b3b36ff2e3ba10ea8be909b1148d88
libsane-hpaio-1.6.7-4.1.el5_2.4.i386.rpm
File outdated by:  RHSA-2011:0154
    MD5: 687b38b84d9b74148650e42a909b2673
 
IA-64:
hpijs-1.6.7-4.1.el5_2.4.ia64.rpm
File outdated by:  RHSA-2011:0154
    MD5: 45a269bb01a4a608450e6ee20f5cf54f
hplip-1.6.7-4.1.el5_2.4.ia64.rpm
File outdated by:  RHSA-2011:0154
    MD5: b27c92c38e61d895806db7f6b94c1b31
libsane-hpaio-1.6.7-4.1.el5_2.4.ia64.rpm
File outdated by:  RHSA-2011:0154
    MD5: d39d7a78720db0d4e2e7c79fbbfb171e
 
PPC:
hpijs-1.6.7-4.1.el5_2.4.ppc.rpm
File outdated by:  RHSA-2011:0154
    MD5: 4aa46803f52c2183c7d24d57ab8efa58
hplip-1.6.7-4.1.el5_2.4.ppc.rpm
File outdated by:  RHSA-2011:0154
    MD5: d1e6b3bc2dc1eed61bec9ad3a89a2ce9
libsane-hpaio-1.6.7-4.1.el5_2.4.ppc.rpm
File outdated by:  RHSA-2011:0154
    MD5: d7d527d460d0c3dd13cfab1365ae19be
 
x86_64:
hpijs-1.6.7-4.1.el5_2.4.x86_64.rpm
File outdated by:  RHSA-2011:0154
    MD5: 52b22b589df835ce18109b82ec0df6a9
hplip-1.6.7-4.1.el5_2.4.x86_64.rpm
File outdated by:  RHSA-2011:0154
    MD5: 8f78182a4e227fbc2444cdc30cc1fe98
libsane-hpaio-1.6.7-4.1.el5_2.4.x86_64.rpm
File outdated by:  RHSA-2011:0154
    MD5: f4668a36bcdacdf2238567f3ba20e02b
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
hplip-1.6.7-4.1.el5_2.4.src.rpm
File outdated by:  RHSA-2011:0154
    MD5: 52d3ac32d07a5b8c87392ddb210a76b8
 
IA-32:
hpijs-1.6.7-4.1.el5_2.4.i386.rpm
File outdated by:  RHSA-2011:0154
    MD5: 206febd550a7c3c175ac44f53d10c979
hplip-1.6.7-4.1.el5_2.4.i386.rpm
File outdated by:  RHSA-2011:0154
    MD5: d3b3b36ff2e3ba10ea8be909b1148d88
libsane-hpaio-1.6.7-4.1.el5_2.4.i386.rpm
File outdated by:  RHSA-2011:0154
    MD5: 687b38b84d9b74148650e42a909b2673
 
x86_64:
hpijs-1.6.7-4.1.el5_2.4.x86_64.rpm
File outdated by:  RHSA-2011:0154
    MD5: 52b22b589df835ce18109b82ec0df6a9
hplip-1.6.7-4.1.el5_2.4.x86_64.rpm
File outdated by:  RHSA-2011:0154
    MD5: 8f78182a4e227fbc2444cdc30cc1fe98
libsane-hpaio-1.6.7-4.1.el5_2.4.x86_64.rpm
File outdated by:  RHSA-2011:0154
    MD5: f4668a36bcdacdf2238567f3ba20e02b
 
Red Hat Enterprise Linux EUS (v. 5.2.z server)

SRPMS:
hplip-1.6.7-4.1.el5_2.4.src.rpm
File outdated by:  RHSA-2011:0154
    MD5: 52d3ac32d07a5b8c87392ddb210a76b8
 
IA-32:
hpijs-1.6.7-4.1.el5_2.4.i386.rpm     MD5: 206febd550a7c3c175ac44f53d10c979
hplip-1.6.7-4.1.el5_2.4.i386.rpm     MD5: d3b3b36ff2e3ba10ea8be909b1148d88
libsane-hpaio-1.6.7-4.1.el5_2.4.i386.rpm     MD5: 687b38b84d9b74148650e42a909b2673
 
IA-64:
hpijs-1.6.7-4.1.el5_2.4.ia64.rpm     MD5: 45a269bb01a4a608450e6ee20f5cf54f
hplip-1.6.7-4.1.el5_2.4.ia64.rpm     MD5: b27c92c38e61d895806db7f6b94c1b31
libsane-hpaio-1.6.7-4.1.el5_2.4.ia64.rpm     MD5: d39d7a78720db0d4e2e7c79fbbfb171e
 
PPC:
hpijs-1.6.7-4.1.el5_2.4.ppc.rpm     MD5: 4aa46803f52c2183c7d24d57ab8efa58
hplip-1.6.7-4.1.el5_2.4.ppc.rpm     MD5: d1e6b3bc2dc1eed61bec9ad3a89a2ce9
libsane-hpaio-1.6.7-4.1.el5_2.4.ppc.rpm     MD5: d7d527d460d0c3dd13cfab1365ae19be
 
x86_64:
hpijs-1.6.7-4.1.el5_2.4.x86_64.rpm     MD5: 52b22b589df835ce18109b82ec0df6a9
hplip-1.6.7-4.1.el5_2.4.x86_64.rpm     MD5: 8f78182a4e227fbc2444cdc30cc1fe98
libsane-hpaio-1.6.7-4.1.el5_2.4.x86_64.rpm     MD5: f4668a36bcdacdf2238567f3ba20e02b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

455235 - CVE-2008-2940 hpssd of hplip allows unprivileged user to trigger alert mail
457052 - CVE-2008-2941 hplip hpssd.py Denial-Of-Service parsing vulnerability


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/