Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Gentoo: GLSA-201203-17 High Severity HPLIP Code Exec Risk

gentoo
Calendar Grey March 16, 2012
Dist Gentoo Esm H88
Critical alert issued for Gentoo due to HPLIP flaws that could lead to unauthorized code execution and denial of service.
Multiple vulnerabilities have been found in HPLIP, the worst of which may allow execution of arbitrary code.

Summary

Two vulnerabilities have been found in HPLIP: * The "hpmud_get_pml()" function in pml.c contains a boundary error which could cause a stack-based buffer overflow (CVE-2010-4267). * The "send_data_to_stdout()" function in hpcupsfax.cpp creates insecure temporary files (CVE-2011-2722).

Topics%20covered

Topics Covered

security advisory Gentoo high severity code execution arbitrary code Denial of Service HPLIP

Resolution

All HPLIP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/hplip-3.11.10"

References

[ 1 ] CVE-2010-4267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4267 [ 2 ] CVE-2011-2722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2722

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201203-17
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: High
Title: HPLIP: Multiple vulnerabilities
Date: March 16, 2012
Bugs: #352085, #388655
ID: 201203-17

Topics%20covered

Topics Covered

security advisory Gentoo high severity code execution arbitrary code Denial of Service HPLIP

Synopsis

Multiple vulnerabilities have been found in HPLIP, the worst of which may allow execution of arbitrary code.

Background

The Hewlett-Packard Linux Imaging and Printing system (HPLIP) provides drivers for HP's inkjet and laser printers, scanners and fax machines.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/hplip < 3.11.10 >= 3.11.10

Impact

===== A remote attacker might send specially crafted SNMP reponses, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a local attacker could perform symlink attacks to overwrite arbitrary files.

Workaround

There is no known workaround at this time.

Related News

Your message here