Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Scientific Linux 5: CVE-2007-5208 Critical Hplip Security Update

Calendar Oct 18, 2007 User Avatar LinuxSecurity Advisories
2 - 4 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory local attack arbitrary commands daemon issue important update hplip SL5
Important: hplip security update 
Date: Wed, 10 Oct 2007 16:00:15 -0500
Reply-To: Connie Sieh 
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: FASTBUGS for SL50 x86_64 now available
Comments: To: scientific 

These are available from

-Connie Sieh

-----------------------------------------------------------------------
cluster-cim-0.9.2-6.el5.x86_64.rpm
cluster-snmp-0.9.2-6.el5.x86_64.rpm
cman-2.0.64-1.0.1.el5.x86_64.rpm
cman-debuginfo-2.0.64-1.el5.x86_64.rpm
cman-devel-2.0.64-1.0.1.el5.i386.rpm
cman-devel-2.0.64-1.0.1.el5.x86_64.rpm
conman-0.1.9.2-8.el5.x86_64.rpm
cracklib-2.8.9-3.3.i386.rpm
cracklib-2.8.9-3.3.x86_64.rpm
cracklib-dicts-2.8.9-3.3.x86_64.rpm
enscript-1.6.4-4.1.el5.x86_64.rpm
fetchmail-6.3.6-1.1.el5.x86_64.rpm
finch-2.0.2-3.el5.x86_64.rpm
finch-devel-2.0.2-3.el5.x86_64.rpm
fonts-chinese-3.02-9.9.el5.noarch.rpm
gfs-utils-0.1.11-3.el5.x86_64.rpm
hardlink-1.0-1.27.x86_64.rpm
libpurple-2.0.2-3.el5.x86_64.rpm
libpurple-devel-2.0.2-3.el5.x86_64.rpm
libpurple-perl-2.0.2-3.el5.x86_64.rpm
libpurple-tcl-2.0.2-3.el5.x86_64.rpm
luci-0.9.2-6.el5.x86_64.rpm
man-pages-2.39-10.el5.noarch.rpm
man-pages-ja-20060815-5.noarch.rpm
mc-4.6.1a-35.el5.x86_64.rpm
meanwhile-1.0.2-5.el5.x86_64.rpm
meanwhile-devel-1.0.2-5.el5.x86_64.rpm
meanwhile-doc-1.0.2-5.el5.x86_64.rpm
mod_auth_kerb-5.1-3.el5.x86_64.rpm
mod_authz_ldap-0.26-8.el5.x86_64.rpm
modcluster-0.9.2-6.el5.x86_64.rpm
nspr-4.6.5-1.0.1.el5.i386.rpm
nspr-4.6.5-1.0.1.el5.x86_64.rpm
nspr-devel-4.6.5-1.0.1.el5.i386.rpm
nspr-devel-4.6.5-1.0.1.el5.x86_64.rpm
perl-TimeDate-1.16-5.el5.noarch.rpm
pidgin-2.0.2-3.el5.x86_64.rpm
pidgin-devel-2.0.2-3.el5.x86_64.rpm
pidgin-perl-2.0.2-3.el5.x86_64.rpm
prelink-0.3.9-2.1.x86_64.rpm
redhat-rpm-config-8.0.45-17.0.1.el5.noarch.rpm
rgmanager-2.0.24-1.el5.x86_64.rpm
rhpxl-0.41.1-1.el5.x86_64.rpm
ricci-0.9.2-6.el5.x86_64.rpm
sos-1.5-1.el5.noarch.rpm
sysreport-1.4.3-12.el5.noarch.rpm
system-config-cluster-1.0.39-1.0.1.noarch.rpm
system-config-kdump-1.0.10-1.el5.noarch.rpm
tzdata-2007h-1.el5.noarch.rpm
xterm-215-5.el5.x86_64.rpm
yum-rhn-plugin-0.4.3-2.el5.noarch.rpm
Date: Thu, 18 Oct 2007 16:40:48 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA for on SL5.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis:	Important: hplip security update
Issue date:	2007-10-11
CVE Names:	CVE-2007-5208

Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user
input. A local attacker could send a specially crafted request to the hpssd
daemon, possibly allowing them to run arbitrary commands as the root user.
(CVE-2007-5208).
On Scientific Linux 5, the SELinux targeted policy for hpssd which is enabled
by default, blocks the ability to exploit this issue to run arbitrary code.

SL 5.x

 SRPMS:
hpijs-1.6.7-4.1.el5.3.src.rpm
 i386:
hpijs-1.6.7-4.1.el5.3.i386.rpm
hplip-1.6.7-4.1.el5.3.i386.rpm
libsane-hpaio-1.6.7-4.1.el5.3.i386.rpm
 x86_64:
hpijs-1.6.7-4.1.el5.3.x86_64.rpm
hplip-1.6.7-4.1.el5.3.x86_64.rpm
libsane-hpaio-1.6.7-4.1.el5.3.x86_64.rpm

-Connie Sieh
-Troy Dawson

Related News

Your message here