Skip to navigation

Security Advisory Low: hplip security, bug fix and enhancement update

Advisory: RHSA-2013:0500-2
Type: Security Advisory
Severity: Low
Issued on: 2013-02-21
Last updated on: 2013-02-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-2722
CVE-2013-0200

Details

Updated hplip packages that fix several security issues, multiple bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The hplip packages contain the Hewlett-Packard Linux Imaging and Printing
Project (HPLIP), which provides drivers for Hewlett-Packard printers and
multi-function peripherals.

Several temporary file handling flaws were found in HPLIP. A local attacker
could use these flaws to perform a symbolic link attack, overwriting
arbitrary files accessible to a process using HPLIP. (CVE-2013-0200,
CVE-2011-2722)

The CVE-2013-0200 issues were discovered by Tim Waugh of Red Hat.

The hplip packages have been upgraded to upstream version 3.12.4, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#731900)

This update also fixes the following bugs:

* Previously, the hpijs package required the obsolete cupsddk-drivers
package, which was provided by the cups package. Under certain
circumstances, this dependency caused hpijs installation to fail. This
bug has been fixed and hpijs no longer requires cupsddk-drivers.
(BZ#829453)

* The configuration of the Scanner Access Now Easy (SANE) back end is
located in the /etc/sane.d/dll.d/ directory, however, the hp-check
utility checked only the /etc/sane.d/dll.conf file. Consequently,
hp-check checked for correct installation, but incorrectly reported a
problem with the way the SANE back end was installed. With this update,
hp-check properly checks for installation problems in both locations as
expected. (BZ#683007)

All users of hplip are advised to upgrade to these updated packages, which
fix these issues and add these enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
hplip-3.12.4-4.el6.src.rpm
File outdated by:  RHSA-2013:1274
    MD5: 08c9367856a1eea9845d64a5ff52ffbc
SHA-256: ed83001fdf0cc432b2fa2d8de4540f643c1645ea599de3bfad3fea72cdab9d4d
 
IA-32:
hpijs-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 10cc58155d86c91178d2687915f5559f
SHA-256: 476ac0e1adc2442620363f086bae5571f789b25db85d533f942bfa8889059695
hplip-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 99e98a04bc596564f62a85fafc32a861
SHA-256: 4d7224fc2badac1bf8bf0c0d13c171900808826f1628a7207ffcfb49853eb92e
hplip-common-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 37972ade4bfb06625e50888cf49acd30
SHA-256: 5a5fc01614137257f8cdd1beb5b9c80bf9d17dcbeda18ba3cf5dd502616702fe
hplip-debuginfo-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: a271e1994595028cfdc767d9a1856d38
SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-gui-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 816f4197b3336db11f88426e301aa4ef
SHA-256: bc0301c8c64c98e8f8769059dce1936f74ca673c00398121ca2196bb74cad64a
hplip-libs-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 07296fdbfbc8bf555d259f1aa7a555d9
SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
libsane-hpaio-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 63bd4ab7c6ca3199fbdcf075760c14c1
SHA-256: f476cbd699c03b9705391023f6284143e850e26532f7e8f4f74a506ff7a6ab7a
 
x86_64:
hpijs-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 0855bdc07e6d797fff55d7faf4ab4510
SHA-256: 05e92dacd03a478df3675bdfede66f2d78c47ce46967e6c3dab66e5f036abaa7
hplip-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 4f19259ee4c18f09986b2f10981faecf
SHA-256: eabd1e09263a8949e8dabcc6b22f9692eb30310483d1fc6a7b13fbe2d7840f8e
hplip-common-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 23c8494758e24d3eccce2260149839d8
SHA-256: ddbf6f9a0eb14c5c803063fc42cf05753e3c1eaa4cf942fdff6157d90839342c
hplip-debuginfo-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: a271e1994595028cfdc767d9a1856d38
SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-debuginfo-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 8fa8015ed69e01affaf771dedf1f00c2
SHA-256: 57c7106e0fc36b175d2571d77d4ae5d4137089e5a52448ee6056afe5c3999165
hplip-gui-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 163880fc547fade042073a8b77218715
SHA-256: 8b4169fba475325a0098c21d2cdaf20ce207c83d68c73e502e0740fd03f72bf5
hplip-libs-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 07296fdbfbc8bf555d259f1aa7a555d9
SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
hplip-libs-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 60a2e2695189a73ad4793f7c18783ab0
SHA-256: 41b768d7ea53b61e4770afad949703d9748926afb3037c834f6164d0ffabe83c
libsane-hpaio-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: e572d66af4c94b973dd4a439885f159a
SHA-256: 01b9bb01b6b49e63c8744c93319bfff2ba1446defb42f766cdc3239ebfa9093b
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
hplip-3.12.4-4.el6.src.rpm
File outdated by:  RHSA-2013:1274
    MD5: 08c9367856a1eea9845d64a5ff52ffbc
SHA-256: ed83001fdf0cc432b2fa2d8de4540f643c1645ea599de3bfad3fea72cdab9d4d
 
IA-32:
hpijs-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 10cc58155d86c91178d2687915f5559f
SHA-256: 476ac0e1adc2442620363f086bae5571f789b25db85d533f942bfa8889059695
hplip-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 99e98a04bc596564f62a85fafc32a861
SHA-256: 4d7224fc2badac1bf8bf0c0d13c171900808826f1628a7207ffcfb49853eb92e
hplip-common-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 37972ade4bfb06625e50888cf49acd30
SHA-256: 5a5fc01614137257f8cdd1beb5b9c80bf9d17dcbeda18ba3cf5dd502616702fe
hplip-debuginfo-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: a271e1994595028cfdc767d9a1856d38
SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-gui-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 816f4197b3336db11f88426e301aa4ef
SHA-256: bc0301c8c64c98e8f8769059dce1936f74ca673c00398121ca2196bb74cad64a
hplip-libs-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 07296fdbfbc8bf555d259f1aa7a555d9
SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
libsane-hpaio-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 63bd4ab7c6ca3199fbdcf075760c14c1
SHA-256: f476cbd699c03b9705391023f6284143e850e26532f7e8f4f74a506ff7a6ab7a
 
PPC:
hpijs-3.12.4-4.el6.ppc64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 5692da2e39c063158f8af9a5bc2442e7
SHA-256: c97d7b44557b2b7d4b52b0080bd237178f6d2f300ab588948504c2915f818993
hplip-3.12.4-4.el6.ppc64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 4e78eef9e9a02659c26830d32951e220
SHA-256: f90064dfe6ae66e651440f318dc44e6f1f66f9a36b98f789b748e0a680d86d07
hplip-common-3.12.4-4.el6.ppc64.rpm
File outdated by:  RHSA-2013:1274
    MD5: b6563353f5ce61267fb13746278b8cdb
SHA-256: 3ba2522c7263241daca41efb6f8dc78896a21fa120992189e13d44aada8c7aca
hplip-debuginfo-3.12.4-4.el6.ppc.rpm
File outdated by:  RHSA-2013:1274
    MD5: 5a61c3144c58f0832a609411ff8819af
SHA-256: 8ed71e312bd397fc3a8c3adfb1ea60eedb0902fed8de1765192f2b0c55997793
hplip-debuginfo-3.12.4-4.el6.ppc64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 2d329070c3177c5c4ad074a57be4dc0d
SHA-256: f0818b736afcb19eaa558f08e58305a31c92e1e59e7a6d60dcec31a9c844d594
hplip-gui-3.12.4-4.el6.ppc64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 5679bddcee1567b98915f177c7925b4b
SHA-256: f40eda9b0dabdc491466817a91d9b665edb7d9aab64efaf9178b5e5de1d7339b
hplip-libs-3.12.4-4.el6.ppc.rpm
File outdated by:  RHSA-2013:1274
    MD5: f12ccf1b98351f391a87a8521d6eb7f6
SHA-256: 8b0301215b33fa59d02ebc52596f834a18a574b9074d6f7b5f39a5ca0e52f014
hplip-libs-3.12.4-4.el6.ppc64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 333d48e219a0338d302a4ed41a62256c
SHA-256: 7a1ea54bb7a3310a94b874b8dc03d28d949f88b665c2af9b89600dcdf8665f4f
libsane-hpaio-3.12.4-4.el6.ppc64.rpm
File outdated by:  RHSA-2013:1274
    MD5: e46e15a775bbdbeec1f2ffa0332ae99b
SHA-256: b6c4ee35eb66f73a450ff8cc495682aafe02cd53ce84e8aa98cc935e5c0ae5a4
 
x86_64:
hpijs-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 0855bdc07e6d797fff55d7faf4ab4510
SHA-256: 05e92dacd03a478df3675bdfede66f2d78c47ce46967e6c3dab66e5f036abaa7
hplip-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 4f19259ee4c18f09986b2f10981faecf
SHA-256: eabd1e09263a8949e8dabcc6b22f9692eb30310483d1fc6a7b13fbe2d7840f8e
hplip-common-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 23c8494758e24d3eccce2260149839d8
SHA-256: ddbf6f9a0eb14c5c803063fc42cf05753e3c1eaa4cf942fdff6157d90839342c
hplip-debuginfo-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: a271e1994595028cfdc767d9a1856d38
SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-debuginfo-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 8fa8015ed69e01affaf771dedf1f00c2
SHA-256: 57c7106e0fc36b175d2571d77d4ae5d4137089e5a52448ee6056afe5c3999165
hplip-gui-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 163880fc547fade042073a8b77218715
SHA-256: 8b4169fba475325a0098c21d2cdaf20ce207c83d68c73e502e0740fd03f72bf5
hplip-libs-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 07296fdbfbc8bf555d259f1aa7a555d9
SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
hplip-libs-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 60a2e2695189a73ad4793f7c18783ab0
SHA-256: 41b768d7ea53b61e4770afad949703d9748926afb3037c834f6164d0ffabe83c
libsane-hpaio-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: e572d66af4c94b973dd4a439885f159a
SHA-256: 01b9bb01b6b49e63c8744c93319bfff2ba1446defb42f766cdc3239ebfa9093b
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
hplip-3.12.4-4.el6.src.rpm
File outdated by:  RHSA-2013:1274
    MD5: 08c9367856a1eea9845d64a5ff52ffbc
SHA-256: ed83001fdf0cc432b2fa2d8de4540f643c1645ea599de3bfad3fea72cdab9d4d
 
IA-32:
hpijs-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 10cc58155d86c91178d2687915f5559f
SHA-256: 476ac0e1adc2442620363f086bae5571f789b25db85d533f942bfa8889059695
hplip-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 99e98a04bc596564f62a85fafc32a861
SHA-256: 4d7224fc2badac1bf8bf0c0d13c171900808826f1628a7207ffcfb49853eb92e
hplip-common-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 37972ade4bfb06625e50888cf49acd30
SHA-256: 5a5fc01614137257f8cdd1beb5b9c80bf9d17dcbeda18ba3cf5dd502616702fe
hplip-debuginfo-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: a271e1994595028cfdc767d9a1856d38
SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-gui-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 816f4197b3336db11f88426e301aa4ef
SHA-256: bc0301c8c64c98e8f8769059dce1936f74ca673c00398121ca2196bb74cad64a
hplip-libs-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 07296fdbfbc8bf555d259f1aa7a555d9
SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
libsane-hpaio-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 63bd4ab7c6ca3199fbdcf075760c14c1
SHA-256: f476cbd699c03b9705391023f6284143e850e26532f7e8f4f74a506ff7a6ab7a
 
x86_64:
hpijs-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 0855bdc07e6d797fff55d7faf4ab4510
SHA-256: 05e92dacd03a478df3675bdfede66f2d78c47ce46967e6c3dab66e5f036abaa7
hplip-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 4f19259ee4c18f09986b2f10981faecf
SHA-256: eabd1e09263a8949e8dabcc6b22f9692eb30310483d1fc6a7b13fbe2d7840f8e
hplip-common-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 23c8494758e24d3eccce2260149839d8
SHA-256: ddbf6f9a0eb14c5c803063fc42cf05753e3c1eaa4cf942fdff6157d90839342c
hplip-debuginfo-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: a271e1994595028cfdc767d9a1856d38
SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-debuginfo-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 8fa8015ed69e01affaf771dedf1f00c2
SHA-256: 57c7106e0fc36b175d2571d77d4ae5d4137089e5a52448ee6056afe5c3999165
hplip-gui-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 163880fc547fade042073a8b77218715
SHA-256: 8b4169fba475325a0098c21d2cdaf20ce207c83d68c73e502e0740fd03f72bf5
hplip-libs-3.12.4-4.el6.i686.rpm
File outdated by:  RHSA-2013:1274
    MD5: 07296fdbfbc8bf555d259f1aa7a555d9
SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
hplip-libs-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: 60a2e2695189a73ad4793f7c18783ab0
SHA-256: 41b768d7ea53b61e4770afad949703d9748926afb3037c834f6164d0ffabe83c
libsane-hpaio-3.12.4-4.el6.x86_64.rpm
File outdated by:  RHSA-2013:1274
    MD5: e572d66af4c94b973dd4a439885f159a
SHA-256: 01b9bb01b6b49e63c8744c93319bfff2ba1446defb42f766cdc3239ebfa9093b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

683007 - hpaio is in /etc/sane.d/dll.d/hpaio
725830 - CVE-2011-2722 hplip: insecure temporary file handling
731900 - Update hplip to newer version for increased hardware support.
902163 - CVE-2013-0200 hplip: insecure temporary file handling flaws


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/