Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 15.04 LTS USN-2699-1 Critical: HPLIP Man-In-The-Middle Threat

ubuntu
Calendar Grey July 30, 2015
Scroller Ubuntu
A reported security issue within HPLIP reveals a flaw that could enable unauthorized alteration of GPG keys when installing printer plugins.
HPLIP could be tricked into downloading a different GPG key when performing printer plugin installations.

Summary

HPLIP could be tricked into downloading a different GPG key when

performing printer plugin installations.

Software Description:

- hplip: HP Linux Printing and Imaging System (HPLIP)

Details:

Enrico Zini discovered that HPLIP used a short GPG key ID when downloading

keys from the keyserver. An attacker could possibly use this to return a

different key with a duplicate short key id and perform a man-in-the-middle

attack on printer plugin installations.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  hplip-data                      3.15.2-0ubuntu4.2

Ubuntu 14.04 LTS:
  hplip-data                      3.14.3-0ubuntu3.4

Ubuntu 12.04 LTS:
  hplip-data                      3.12.2-1ubuntu3.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2699-1

CVE-2015-0839

Severity
critical
Lowest
Low
Medium
High
Critical

July 30, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.