Explore top 10 tips to secure your open-source projects now. Read More
×
HPLIP could be tricked into downloading a different GPG key when
performing printer plugin installations.
Software Description:
- hplip: HP Linux Printing and Imaging System (HPLIP)
Details:
Enrico Zini discovered that HPLIP used a short GPG key ID when downloading
keys from the keyserver. An attacker could possibly use this to return a
different key with a duplicate short key id and perform a man-in-the-middle
attack on printer plugin installations.
The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: hplip-data 3.15.2-0ubuntu4.2 Ubuntu 14.04 LTS: hplip-data 3.14.3-0ubuntu3.4 Ubuntu 12.04 LTS: hplip-data 3.12.2-1ubuntu3.5 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-2699-1
CVE-2015-0839
Get the latest Linux and open source security news straight to your inbox.