Fedora 7 Critical Issue: Hplip 1.7.4a-6 Hpssd Daemon Vulnerability

The Hewlett-Packard Linux Imaging and Printing Project provides

drivers for HP printers and multi-function peripherals.

This update fixes a vulnerability in the hpssd daemon.

* Fri Oct 12 2007 Tim Waugh 1.7.4a-6

- Build requires openssl-devel.

- Applied patch to fix CVE-2007-5208 (bug #329111).

* Tue Oct 9 2007 Tim Waugh 1.7.4a-5

- Use raw instead of 1284.4 communication for LJ4000 series (bug #249191).

* Mon Sep 10 2007 Tim Waugh

- Backported cmd_print/cmd_scan traceback fix from 2.7.7 (bug #283291).

* Mon Jul 16 2007 Tim Waugh

- Low ink is a warning condition, not an error.

* Wed Jul 11 2007 Tim Waugh

- Show the HP Toolbox menu entry again.

* Mon Jul 9 2007 Tim Waugh 1.7.4a-4

- Read system config when run as root (bug #242974).

* Thu Jun 28 2007 Tim Waugh 1.7.4a-3

- Another go at avoiding AVC messages on boot (bug #244205).

* Thu Jun 14 2007 Tim Waugh 1.7.4a-2

- Don't try to write a /root/.hplip.conf file when running as a CUPS

backend (bug #244205).

* Wed Jun 13 2007 Tim Waugh 1.7.4a-1

- Don't put the version in the desktop file; let desktop-file-install do it.

- 1.7.4a. No longer need marker-supply or faxing-with-low-supplies

patches. Cheetah and cherrypy directories no longer shipped in source

tarball.

* Mon Jun 11 2007 Tim Waugh 1.7.2-13

- Don't ship hp-check (bug #243273).

- Moved hp-setup back to the base package, and put code in

utils.checkPyQtImport() to check for the gui sub-package as well as

PyQt (bug #243273).

* Fri Jun 8 2007 Tim Waugh

- Moved hp-setup to the ui package (bug #243273).

* Wed May 30 2007 Tim Waugh 1.7.2-11

- Prevent SELinux audit message from the CUPS backends (bug #241776)

[ 1 ] Bug #329111 - CVE-2007-5208 hplip arbitrary command execution [F7]

https://bugzilla.redhat.com/show_bug.cgi?id=329111

[ 2 ] CVE-2007-5208

2c6dafcf59ea6ad25e4b0f21824e272e15eac490 hplip-gui-1.7.4a-6.fc7.ppc64.rpm

c63a95a36a63c5e67d2e3ae582d6d3390244ab57 hplip-1.7.4a-6.fc7.ppc64.rpm

918acf9691c65c7fb3338719b3ea18b9ec772aef hpijs-1.7.4a-6.fc7.ppc64.rpm

6cbb7cfb4a75f71cdaf8d8ffb286b405e02eecbe hplip-debuginfo-1.7.4a-6.fc7.ppc64.rpm

c1aa00429151f0abd474c7fc769522c973012c5b libsane-hpaio-1.7.4a-6.fc7.ppc64.rpm

6e5d32d1e1166567063137c0a1c0d480cc95b8a0 hplip-1.7.4a-6.fc7.i386.rpm

be5b515d659ca4f2b5f88797afd0676368475d1f hplip-debuginfo-1.7.4a-6.fc7.i386.rpm

924ba1bbe5bbf05e336dbb51062ee277b6c9ead4 libsane-hpaio-1.7.4a-6.fc7.i386.rpm

0c651369df8ab3007999a8b909f3ec447e5718a6 hpijs-1.7.4a-6.fc7.i386.rpm

48551d094070e7efd09fc2bb5d95a0166828187c hplip-gui-1.7.4a-6.fc7.i386.rpm

438742d2769d09d660a06244cdbbc072afbcc22f hplip-gui-1.7.4a-6.fc7.x86_64.rpm

d6fad1250fa848d942d515eb83ca2eba338e1eb2 hplip-1.7.4a-6.fc7.x86_64.rpm

2523f339146023931ca41814ed0fbce16af38ef8 libsane-hpaio-1.7.4a-6.fc7.x86_64.rpm

f96a70070bfc770d82dfccbd9a846ad297972de7 hpijs-1.7.4a-6.fc7.x86_64.rpm

19e9c272ad2755db6a52edc468f2faefa840824d hplip-debuginfo-1.7.4a-6.fc7.x86_64.rpm

d3dc4e6e0ebe963da2e7976e8d081be0197bec1d hpijs-1.7.4a-6.fc7.ppc.rpm

19616ca728fb8c046f94d07c9bff4a02ddb84014 hplip-debuginfo-1.7.4a-6.fc7.ppc.rpm

69951042bee9eaf0f47780386ed4deefc4108030 libsane-hpaio-1.7.4a-6.fc7.ppc.rpm

435b50f8d634bd624d3c8a6b3abb99d5249ec8ee hplip-gui-1.7.4a-6.fc7.ppc.rpm

cb3a3e72f73822cb0d6f107ce22a6bad4daf1bb1 hplip-1.7.4a-6.fc7.ppc.rpm

28dbfa04f0b01e31420d9dd075b5ab5b80ed724b hplip-1.7.4a-6.fc7.src.rpm

This update can be installed with the "yum" update program. Use

su -c 'yum update hplip'

at the command line. For more information, refer to "Managing Software

with yum", available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/