[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1KTUEm-0001Qf-KG@titan.mandriva.com>
Date: Wed, 13 Aug 2008 22:15:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:169 ] hplip
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:169
http://www.mandriva.com/security/
_______________________________________________________________________
Package : hplip
Date : August 13, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
Marc Schoenefeld of the Red Hat Security Response Team discovered a
vulnerability in the hplip alert-mailing functionality that could allow
a local attacker to elevate their privileges by using specially-crafted
packets to trigger alert mails that are sent by the root account
(CVE-2008-2940).
Another vulnerability was discovered by Marc Schoenefeld in the hpssd
message parser that could allow a local attacker to stop the hpssd
process by sending specially-craftd packets, causing a denial of
service (CVE-2008-2941).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2941
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
83a70dea97bcf550fead0ee3fad08932 2007.1/i586/hplip-2.7.7-7.2mdv2007.1.i586.rpm
7ee68cb6dc64814f9d040e8bc7ca67ef 2007.1/i586/hplip-doc-2.7.7-7.2mdv2007.1.i586.rpm
b055ab176b056b0751d2b68f9e34ec52 2007.1/i586/hplip-hpijs-2.7.7-7.2mdv2007.1.i586.rpm
c02f74f305d8a90c42ec1f84481067e7 2007.1/i586/hplip-hpijs-ppds-2.7.7-7.2mdv2007.1.i586.rpm
31a009fbc34f485fde381f90cd8cf76e 2007.1/i586/hplip-model-data-2.7.7-7.2mdv2007.1.i586.rpm
7a1a9cb8373fd6966f8cd495664a14a1 2007.1/i586/libhpip0-2.7.7-7.2mdv2007.1.i586.rpm
7e1ddcca51e6415638cfbba7f05ef26f 2007.1/i586/libhpip0-devel-2.7.7-7.2mdv2007.1.i586.rpm
c4b990b2704cf5edb8c9d780569c6324 2007.1/i586/libsane-hpaio1-2.7.7-7.2mdv2007.1.i586.rpm
c318707ebd9d10f57c612761360b1178 2007.1/SRPMS/hplip-2.7.7-7.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
ef3723584df0f9c67599674b6db8aa27 2007.1/x86_64/hplip-2.7.7-7.2mdv2007.1.x86_64.rpm
17ae578aa6993ff1200444e82197efb2 2007.1/x86_64/hplip-doc-2.7.7-7.2mdv2007.1.x86_64.rpm
cd0600174962a2bd3ad3d1a4f1faadd3 2007.1/x86_64/hplip-hpijs-2.7.7-7.2mdv2007.1.x86_64.rpm
708f74ce9ce6ade4dc8167389e312f9a 2007.1/x86_64/hplip-hpijs-ppds-2.7.7-7.2mdv2007.1.x86_64.rpm
3e5832b9145aaa41f743aa670f20f014 2007.1/x86_64/hplip-model-data-2.7.7-7.2mdv2007.1.x86_64.rpm
bf7d38126f996dbcd10ba514a766113d 2007.1/x86_64/lib64hpip0-2.7.7-7.2mdv2007.1.x86_64.rpm
907ce0b1d866f6ed35b782c7bea48e89 2007.1/x86_64/lib64hpip0-devel-2.7.7-7.2mdv2007.1.x86_64.rpm
37c264306ddf4f614b594b4a26bca70f 2007.1/x86_64/lib64sane-hpaio1-2.7.7-7.2mdv2007.1.x86_64.rpm
c318707ebd9d10f57c612761360b1178 2007.1/SRPMS/hplip-2.7.7-7.2mdv2007.1.src.rpm
Mandriva Linux 2008.0:
a669379d666c88e8a16504ad983ad402 2008.0/i586/hplip-2.7.7-8.2mdv2008.0.i586.rpm
494b6e9147fb639381d4133cf98612fc 2008.0/i586/hplip-doc-2.7.7-8.2mdv2008.0.i586.rpm
17748ef3c683b999551bf3ffc4f395b3 2008.0/i586/hplip-hpijs-2.7.7-8.2mdv2008.0.i586.rpm
dd608f041c6780bfc88272724ddedefc 2008.0/i586/hplip-hpijs-ppds-2.7.7-8.2mdv2008.0.i586.rpm
06d7e452624d5619288dbca8f7c70677 2008.0/i586/hplip-model-data-2.7.7-8.2mdv2008.0.i586.rpm
c1d867ed0a2c6599bd281db3f287ac64 2008.0/i586/libhpip0-2.7.7-8.2mdv2008.0.i586.rpm
83425939a7d9f20abb3cf657e6abff1e 2008.0/i586/libhpip0-devel-2.7.7-8.2mdv2008.0.i586.rpm
b33ae916dbb238f33af46135eeddf4bb 2008.0/i586/libsane-hpaio1-2.7.7-8.2mdv2008.0.i586.rpm
97b991d5a065c8bf99ad480485e93a35 2008.0/SRPMS/hplip-2.7.7-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
b405a8760af623755e8232266c382e11 2008.0/x86_64/hplip-2.7.7-8.2mdv2008.0.x86_64.rpm
f98dc84adbe75fd8fa3ef132e6607d33 2008.0/x86_64/hplip-doc-2.7.7-8.2mdv2008.0.x86_64.rpm
ba944e7864a866f595d499074869b9b8 2008.0/x86_64/hplip-hpijs-2.7.7-8.2mdv2008.0.x86_64.rpm
cd4dd779d069352fcb35b717c35efef9 2008.0/x86_64/hplip-hpijs-ppds-2.7.7-8.2mdv2008.0.x86_64.rpm
184feac7be49c0e67c99dce1683a32ef 2008.0/x86_64/hplip-model-data-2.7.7-8.2mdv2008.0.x86_64.rpm
9d9307fe41b01a37f23916617bfd990a 2008.0/x86_64/lib64hpip0-2.7.7-8.2mdv2008.0.x86_64.rpm
91b98fd69b6ab7a7cbce027878036915 2008.0/x86_64/lib64hpip0-devel-2.7.7-8.2mdv2008.0.x86_64.rpm
500488fb28d19bdd398c55f15ae4c99b 2008.0/x86_64/lib64sane-hpaio1-2.7.7-8.2mdv2008.0.x86_64.rpm
97b991d5a065c8bf99ad480485e93a35 2008.0/SRPMS/hplip-2.7.7-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.1:
1ff1ac0d25edb4e0c3d355041b3ee99b 2008.1/i586/hplip-2.8.2-2.1mdv2008.1.i586.rpm
5b6887e12ad80634f844ef76332d4e6b 2008.1/i586/hplip-doc-2.8.2-2.1mdv2008.1.i586.rpm
22619a7630be2f3ece75312c107f3f18 2008.1/i586/hplip-hpijs-2.8.2-2.1mdv2008.1.i586.rpm
c53d888519e32d939615e2fbeee7da08 2008.1/i586/hplip-hpijs-ppds-2.8.2-2.1mdv2008.1.i586.rpm
f011e651be37ec70d1bace8d80288278 2008.1/i586/hplip-model-data-2.8.2-2.1mdv2008.1.i586.rpm
96cd7153acd9bf2fa7e97e0141015205 2008.1/i586/libhpip0-2.8.2-2.1mdv2008.1.i586.rpm
ad30eb0f33a59d501ca9b19a1bfdd596 2008.1/i586/libhpip0-devel-2.8.2-2.1mdv2008.1.i586.rpm
895342b4ea74b66ff11caf25ba05e8a9 2008.1/i586/libsane-hpaio1-2.8.2-2.1mdv2008.1.i586.rpm
ec0721343a1f44dda4950a38f91be5a1 2008.1/SRPMS/hplip-2.8.2-2.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
a06e08c9b0f36e5036d871583d18fa44 2008.1/x86_64/hplip-2.8.2-2.1mdv2008.1.x86_64.rpm
ee9f3a71639fd721a200f6f71985166d 2008.1/x86_64/hplip-doc-2.8.2-2.1mdv2008.1.x86_64.rpm
700d2a48a22c1ad8c9f577b4502de6b2 2008.1/x86_64/hplip-hpijs-2.8.2-2.1mdv2008.1.x86_64.rpm
a9e25ce6b1629acf6c741049c56bb10f 2008.1/x86_64/hplip-hpijs-ppds-2.8.2-2.1mdv2008.1.x86_64.rpm
b9a2240b8a037ab7188fcdb0b33a2be6 2008.1/x86_64/hplip-model-data-2.8.2-2.1mdv2008.1.x86_64.rpm
1363348b6924780fea45e1669af9d427 2008.1/x86_64/lib64hpip0-2.8.2-2.1mdv2008.1.x86_64.rpm
ee10d5ed822c3d21fbec9bf4f80dfebc 2008.1/x86_64/lib64hpip0-devel-2.8.2-2.1mdv2008.1.x86_64.rpm
63873101b63f13e706df9e1ecd4c43f3 2008.1/x86_64/lib64sane-hpaio1-2.8.2-2.1mdv2008.1.x86_64.rpm
ec0721343a1f44dda4950a38f91be5a1 2008.1/SRPMS/hplip-2.8.2-2.1mdv2008.1.src.rpm
Corporate 4.0:
777fdcbe85c52b1e0db7a2a5b240e8f1 corporate/4.0/i586/hplip-1.6.7-2.2.20060mlcs4.i586.rpm
9b21f3609bb7894a5b45c0bea18542f9 corporate/4.0/i586/hplip-hpijs-1.6.7-2.2.20060mlcs4.i586.rpm
987d8962f67ab6bbd7ef25eb0326711a corporate/4.0/i586/hplip-hpijs-ppds-1.6.7-2.2.20060mlcs4.i586.rpm
1a98c497f6f5614794eedd2db14fa3ca corporate/4.0/i586/hplip-model-data-1.6.7-2.2.20060mlcs4.i586.rpm
5ad16063e0556e0f0878b68d8f1064ee corporate/4.0/i586/libhpip0-1.6.7-2.2.20060mlcs4.i586.rpm
5e275a760dd9a0432509948bd67cb415 corporate/4.0/i586/libhpip0-devel-1.6.7-2.2.20060mlcs4.i586.rpm
a918a721f51f5409002e793f1b8b8f18 corporate/4.0/i586/libsane-hpaio1-1.6.7-2.2.20060mlcs4.i586.rpm
7e7628d18c806f644f6f6dd2e876e30b corporate/4.0/SRPMS/hplip-1.6.7-2.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
7daa0b4aafff137f99e69d52a99f9954 corporate/4.0/x86_64/hplip-1.6.7-2.2.20060mlcs4.x86_64.rpm
0ffb395958b34858e07389c68c5681dc corporate/4.0/x86_64/hplip-hpijs-1.6.7-2.2.20060mlcs4.x86_64.rpm
bbf23a0cf41449fa0d5fc5275fc86961 corporate/4.0/x86_64/hplip-hpijs-ppds-1.6.7-2.2.20060mlcs4.x86_64.rpm
544db3c364d87fc3b87793406dbf8b24 corporate/4.0/x86_64/hplip-model-data-1.6.7-2.2.20060mlcs4.x86_64.rpm
0922189cf841085cc6bb573964119dad corporate/4.0/x86_64/lib64hpip0-1.6.7-2.2.20060mlcs4.x86_64.rpm
ccf36346eb5acf53c8203a58e5ac4cb5 corporate/4.0/x86_64/lib64hpip0-devel-1.6.7-2.2.20060mlcs4.x86_64.rpm
0422d486d4f749d26ce9bfb06231c9d6 corporate/4.0/x86_64/lib64sane-hpaio1-1.6.7-2.2.20060mlcs4.x86_64.rpm
7e7628d18c806f644f6f6dd2e876e30b corporate/4.0/SRPMS/hplip-1.6.7-2.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIo4c6mqjQ0CJFipgRAjl6AKC0uWNwQSFgRN4zDUr+OSHcwH022wCfXj13
7MRmm5yM3p2javKSBoIT/hI=
=qaWN
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists