Skip to navigation

Security Advisory Low: hplip3 security and bug fix update

Advisory: RHSA-2013:0133-1
Type: Security Advisory
Severity: Low
Issued on: 2013-01-08
Last updated on: 2013-01-08
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2011-2722

Details

Updated hplip3 packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for
Hewlett-Packard (HP) printers and multifunction peripherals.

It was found that the HP CUPS (Common UNIX Printing System) fax filter in
HPLIP created a temporary file in an insecure way. A local attacker could
use this flaw to perform a symbolic link attack, overwriting arbitrary
files accessible to a process using the fax filter (such as the
hp3-sendfax tool). (CVE-2011-2722)

This update also fixes the following bug:

* Previous modifications of the hplip3 package to allow it to be installed
alongside the original hplip package introduced several problems to fax
support; for example, the hp-sendfax utility could become unresponsive.
These problems have been fixed with this update. (BZ#501834)

All users of hplip3 are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
hplip3-3.9.8-15.el5.src.rpm     MD5: 074ba5a9741630698b7cde5c7d0995c9
SHA-256: 678df971702fee5568b24bee66dcb7b7dc9f9408a42f18a04ed1183eaf1b771c
 
IA-32:
hpijs3-3.9.8-15.el5.i386.rpm     MD5: 3cdb2a7132b97c9c9bc13180a4ae7b13
SHA-256: a1a755bba75d7a59876c1249eaacaf6eeec8dd277f4fe76f25f5739345b5bee5
hplip3-3.9.8-15.el5.i386.rpm     MD5: 2affeb01f2ad362c1ff02b61144155ba
SHA-256: c8136c0fa5ea54d38d53aae3c02bcb671baeba07ee452e790c8239061d1ae65e
hplip3-common-3.9.8-15.el5.i386.rpm     MD5: bba2440a482e3340b3ea2e64a479f3cf
SHA-256: f86cdac6f8bdc5f6085a51da8dca9afbef5fc6999fd7347f282cb405b63501d4
hplip3-debuginfo-3.9.8-15.el5.i386.rpm     MD5: 8d2eedfae343b6addd8ff88da2d0f97c
SHA-256: fe2eb0285b2b10fb34b3c54e1548b6addb9c2894bda1c01ada8c36756173f8b7
hplip3-gui-3.9.8-15.el5.i386.rpm     MD5: 90bcf289fab5d4bdc6ddbf0f238fe40f
SHA-256: f671dd1c6beb59feec59ea9badd6496c86751dece1a6f5200b8d4be9b7115c6c
hplip3-libs-3.9.8-15.el5.i386.rpm     MD5: 5bc69dc0a85378714b18b7536aaf24e5
SHA-256: 006b85f902953c70f29b0b230b8cecd8d2bd6ec10cb651d23fa7a56592ac00fd
libsane-hpaio3-3.9.8-15.el5.i386.rpm     MD5: 05883c40dd905d128a49aaf828be097c
SHA-256: ecde01653d49058c573e8b327b7b2ba50842fc10991adb2dac4becc26f5efd33
 
IA-64:
hpijs3-3.9.8-15.el5.ia64.rpm     MD5: 9b6977c10e0cd6c1f1562c3273cd0ae7
SHA-256: f900e5fbacca524dcb07b30ff8692d7f9e4e8f388df4935cc7c9ee77b22c7c51
hplip3-3.9.8-15.el5.ia64.rpm     MD5: f0c5d939a0d7f4986a51e9622aa15fe9
SHA-256: 27b09363a6f8b023c6d1309c1b5f4f0792f4510f8de4963afe6a422ecd67e508
hplip3-common-3.9.8-15.el5.ia64.rpm     MD5: 542ad55f2d37ae9c4dda1825178a8cc0
SHA-256: 2227a6ff0a0f303fc8913d44ee304a8195353f7203da85b740c3960e035924a6
hplip3-debuginfo-3.9.8-15.el5.ia64.rpm     MD5: c81a9d66a306c8be3729c2e0aaaab1e7
SHA-256: e9c429ef9f04563f5ec979b3ee9881af5fd59c5eb1ef0305477483ec091b4092
hplip3-gui-3.9.8-15.el5.ia64.rpm     MD5: 3ffd92bfa1d479f9c8e2bd56acddda6b
SHA-256: 9c0c4dbac0223b1360e9d19f9c5d13e3d6e4f80988fab68072af6148cbd9979f
hplip3-libs-3.9.8-15.el5.ia64.rpm     MD5: 28920d260c284048305bd620f7905d98
SHA-256: 7a7cdf8e5ddbeee2fad45551dfe1350049abb00fec7704c43cb5037923c3e313
libsane-hpaio3-3.9.8-15.el5.ia64.rpm     MD5: d0913d774b1b8b2819762e6df40361ae
SHA-256: 89cee90d0866f2ee1a230dd5fc54c86633c18f2b2c6cf5651269a835a1d59d91
 
PPC:
hpijs3-3.9.8-15.el5.ppc.rpm     MD5: c1ad02ff040cab3caed575bf201e8b54
SHA-256: 544f4715115b22f7ab17fe562bf9a27ff67b0893740ac6ab6f2858fbd8c185f6
hplip3-3.9.8-15.el5.ppc.rpm     MD5: 9b30605bca5ef39d5bf0e438ebc9cddb
SHA-256: 5ae23aa2f5253eb52acf54d9a95a968f7ce4212addbea49bd6d2c24d9a490744
hplip3-common-3.9.8-15.el5.ppc.rpm     MD5: e0161364efe30715b85394eb00f58142
SHA-256: 8e443b151fc6a3c712f8e4e3cf9e61e86cb6ca6a3f8c91213f7121114c29bcb7
hplip3-debuginfo-3.9.8-15.el5.ppc.rpm     MD5: 6139e50bfc95ec120c8af5ad87ba8692
SHA-256: 28f89a2d161523744cdd985496026ad6c35ce3d515870d6d5bc6fb3e5658beb1
hplip3-gui-3.9.8-15.el5.ppc.rpm     MD5: 387f97c370f5498da852c2dd76b40521
SHA-256: fccee1c5b2d63ee84ef05a76b9bc609f7c1a0e79ac42a6af476c7d66ef31829b
hplip3-libs-3.9.8-15.el5.ppc.rpm     MD5: ab707c8c523afada4f134aa0bd5fe3e4
SHA-256: 1abf8f10d69e402366a97ab0c33cd4e5c3c8ec6fe4d134d1f8940374cd6a0a36
libsane-hpaio3-3.9.8-15.el5.ppc.rpm     MD5: e9703c516f95e3b5510e755120349bcb
SHA-256: 69d807c6cabad0d55ce52eaa90d739a9499eb2befa557da4855c04e4700b7389
 
x86_64:
hpijs3-3.9.8-15.el5.x86_64.rpm     MD5: 9410f38952fb5d4796a990ecb41d3849
SHA-256: 5ee7c959014fd1590f1f509c5bd808d91026ac3cbe8765a05e0c59d548fd731e
hplip3-3.9.8-15.el5.x86_64.rpm     MD5: b4890567cee0362179bd7ee29d16d85f
SHA-256: 193941204c02139bae99ee207696dfc2f17d5d6c324148cc830cd31e4c02590d
hplip3-common-3.9.8-15.el5.x86_64.rpm     MD5: 2776e3e3fcabc7efdb545fde4b115c3f
SHA-256: 6914ba1a02c87a7c5b94173f3e05badf93fe4af72f4c9b7870df65f04c9c96aa
hplip3-debuginfo-3.9.8-15.el5.x86_64.rpm     MD5: e87a13124e1eb7fd0da8a70400244a30
SHA-256: 393ad9d93b435acd3cc63b603c0c6167d257b8885d2edcbfad0d9c536ad00af1
hplip3-gui-3.9.8-15.el5.x86_64.rpm     MD5: 8510e05a5959bd93f26c8ef06e285821
SHA-256: 4bc5115e000abd8510e5cacba6f09edd6f5e344168381dc1c13c5a8683ec7e0b
hplip3-libs-3.9.8-15.el5.x86_64.rpm     MD5: ac410759986b15812454d49e2fbf535d
SHA-256: 97e3ea963a06efa733f039b68bd835d701790c0ac22160308b8d83d2d12454f6
libsane-hpaio3-3.9.8-15.el5.x86_64.rpm     MD5: 35e429ddfc74ccdefe7300a8fd70f676
SHA-256: 3cecfef118a3a989407552685a425e3f6e16e529a573c2200fb9f060931e8c69
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
hplip3-3.9.8-15.el5.src.rpm     MD5: 074ba5a9741630698b7cde5c7d0995c9
SHA-256: 678df971702fee5568b24bee66dcb7b7dc9f9408a42f18a04ed1183eaf1b771c
 
IA-32:
hpijs3-3.9.8-15.el5.i386.rpm     MD5: 3cdb2a7132b97c9c9bc13180a4ae7b13
SHA-256: a1a755bba75d7a59876c1249eaacaf6eeec8dd277f4fe76f25f5739345b5bee5
hplip3-3.9.8-15.el5.i386.rpm     MD5: 2affeb01f2ad362c1ff02b61144155ba
SHA-256: c8136c0fa5ea54d38d53aae3c02bcb671baeba07ee452e790c8239061d1ae65e
hplip3-common-3.9.8-15.el5.i386.rpm     MD5: bba2440a482e3340b3ea2e64a479f3cf
SHA-256: f86cdac6f8bdc5f6085a51da8dca9afbef5fc6999fd7347f282cb405b63501d4
hplip3-debuginfo-3.9.8-15.el5.i386.rpm     MD5: 8d2eedfae343b6addd8ff88da2d0f97c
SHA-256: fe2eb0285b2b10fb34b3c54e1548b6addb9c2894bda1c01ada8c36756173f8b7
hplip3-gui-3.9.8-15.el5.i386.rpm     MD5: 90bcf289fab5d4bdc6ddbf0f238fe40f
SHA-256: f671dd1c6beb59feec59ea9badd6496c86751dece1a6f5200b8d4be9b7115c6c
hplip3-libs-3.9.8-15.el5.i386.rpm     MD5: 5bc69dc0a85378714b18b7536aaf24e5
SHA-256: 006b85f902953c70f29b0b230b8cecd8d2bd6ec10cb651d23fa7a56592ac00fd
libsane-hpaio3-3.9.8-15.el5.i386.rpm     MD5: 05883c40dd905d128a49aaf828be097c
SHA-256: ecde01653d49058c573e8b327b7b2ba50842fc10991adb2dac4becc26f5efd33
 
x86_64:
hpijs3-3.9.8-15.el5.x86_64.rpm     MD5: 9410f38952fb5d4796a990ecb41d3849
SHA-256: 5ee7c959014fd1590f1f509c5bd808d91026ac3cbe8765a05e0c59d548fd731e
hplip3-3.9.8-15.el5.x86_64.rpm     MD5: b4890567cee0362179bd7ee29d16d85f
SHA-256: 193941204c02139bae99ee207696dfc2f17d5d6c324148cc830cd31e4c02590d
hplip3-common-3.9.8-15.el5.x86_64.rpm     MD5: 2776e3e3fcabc7efdb545fde4b115c3f
SHA-256: 6914ba1a02c87a7c5b94173f3e05badf93fe4af72f4c9b7870df65f04c9c96aa
hplip3-debuginfo-3.9.8-15.el5.x86_64.rpm     MD5: e87a13124e1eb7fd0da8a70400244a30
SHA-256: 393ad9d93b435acd3cc63b603c0c6167d257b8885d2edcbfad0d9c536ad00af1
hplip3-gui-3.9.8-15.el5.x86_64.rpm     MD5: 8510e05a5959bd93f26c8ef06e285821
SHA-256: 4bc5115e000abd8510e5cacba6f09edd6f5e344168381dc1c13c5a8683ec7e0b
hplip3-libs-3.9.8-15.el5.x86_64.rpm     MD5: ac410759986b15812454d49e2fbf535d
SHA-256: 97e3ea963a06efa733f039b68bd835d701790c0ac22160308b8d83d2d12454f6
libsane-hpaio3-3.9.8-15.el5.x86_64.rpm     MD5: 35e429ddfc74ccdefe7300a8fd70f676
SHA-256: 3cecfef118a3a989407552685a425e3f6e16e529a573c2200fb9f060931e8c69
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

501834 - hplip hp-sendfax PyQt combination is broken
725830 - CVE-2011-2722 hplip: insecure temporary file handling


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/