Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Slackware: 2023-145-02 Important: OpenSSL Buffer Overflow Vulnerability

slackware
Calendar Grey August 22, 2013
Dist Slackware Esm H88
Recent HPLIP updates in Slackware fix a critical stack overflow vulnerability that may allow remote code execution. Users should upgrade immediately for better security
New hplip packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.0 ChangeLog: patches/packages/hplip-3.12.9-i486-2_slack14.0.txz: Rebuilt. This update fixes a stack-based buffer overflow in the hpmud_get_pml function that can allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value. For more information, see: https://www.cve.org/CVERecord?id=CVE-2010-4267 (* Security fix *)

Topics%20covered

Topics Covered

security advisory update buffer overflow critical remote code execution Slackware hplip

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/hplip-2.8.4-i486-2_slack12.1.tgz
Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/hplip-2.8.10-i486-2_slack12.2.tgz
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/hplip-3.9.4b-i486-3_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/hplip-3.9.4b-x86_64-3_slack13.0.txz
Updated package for Slackware 13.1:
Updated package for Slackware x86_64 13.1:
Updated package for Slackware 13.37:
Updated package for Slackware x86_64 13.37:
Updated package for Sla...

Read the Full Advisory

MD5 Signatures

Slackware 12.1 package: 8be191cbea266c3b066a62fd4a7abe1b hplip-2.8.4-i486-2_slack12.1.tgz
Slackware 12.2 package: 1147954a0ba115c0ec7d790728c573b8 hplip-2.8.10-i486-2_slack12.2.tgz
Slackware 13.0 package: 7059a1a3e5fb4da48f2f86e3c925b66f hplip-3.9.4b-i486-3_slack13.0.txz
Slackware x86_64 13.0 package: 70b47d8cdfb8a650151cb92e23f911b4 hplip-3.9.4b-x86_64-3_slack13.0.txz
Slackware 13.1 package: b7300bba42910ff7d2aa3e1de42f1913 hplip-3.10.2-i486-3_slack13.1.txz
Slackware x86_64 13.1 package: 232acad880099cc2e710410298186e30 hplip-3.10.2-x86_64-3_slack13.1.txz
Slackware 13.37 package: 6c9932b7addeb655d5220b284efb80ba hplip-3.11.3a-i486-2_slack13.37.txz
Slackware x86_64 13.37 package: ae324888a574a7cca90aec0bcecdeab7 hplip-3.11.3a-x86_64-2_slack13.37.txz
Slackware 14.0 package: 5a5965bab3aca2e1692a6e4094d9cac8 hplip-3.12.9-i486-2_slack14.0.txz
Slackware x86_64 14.0 package: 1e5ba160ad52ba773fbd6c2624c34bac hplip-3.12.9-x86_64-2_slack14.0.txz
Slackware -current package: 8565a3e57d21a0d7579dfba4c2d48d44 ap/hplip-3.13.8-i486-1.txz
Slackware x86_64 -current package: 5e6e5a133ed1623084ca2841b203093d ap/hplip-3.13.8-x86_64-1.txz

Severity
important
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory update buffer overflow critical remote code execution Slackware hplip

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg hplip-3.12.9-i486-2_slack14.0.txz

Related News

Your message here