Stay Secure with the Latest Linux Advisories

security advisorysecurity updatefedora

Fedora 21 HPLIP Security Advisory: Insecure Binary Verification Fix

fixes CVE-2015-0839. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-11916 2015-07-21 23:37:57 -------------------------------------------------------------------------------- Name : hplip Product : Fedora 21 Version : 3.14.10 Release : 9.fc21 URL : https://sourceforge.net/projects/hplip/ Summary : HP Linux Imaging and Printing Project Description : The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals. -------------------------------------------------------------------------------- Update Information: fixes CVE-2015-0839 -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 21 2015 Jiri Popelka - 3.14.10-9 - Insecure binary driver verification (CVE-2015-0839, bug #1227253) * Mon Mar 16 2015 Tim Waugh - 3.14.10-8 - Ignore IOError when logging output (bug #712537). * Wed Jan 21 2015 Tim Waugh - 3.14.10-7 - Fixed uses of strncpy throughout. * Wed Jan 14 2015 Tim Waugh - 3.14.10-6 - Requires python3-cups to get postscriptdriver() tags. * Tue Dec 23 2014 Tim Waugh - 3.14.10-5 - Fixed left/right margins for HP DeskJet 990C (LP #1405212). * Tue Nov 4 2014 Tim Waugh - 3.14.10-4 - IEEE 1284 Device ID for HP LaserJet Professional M1132 MFP (bug #1158743 comment #5). - IEEE 1284 Device ID for HP LaserJet Color M451dn (bug #1159380). * Fri Oct 31 2014 Tim Waugh - 3.14.10-3 - Fixed build against libjpeg-turbo 1.3.90. * Fri Oct 31 2014 Tim Waugh - 3.14.10-2 - Fixed incorrect name in function call in makeURI when a parallel port device is used (bug #1159161). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1227252 - CVE-2015-0839 hplip: hp-plugin verified binary download with short key ID https://bugzilla.redhat.com/show_bug.cgi?id=1227252 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update hplip' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . This patch resolves a vulnerability concerning binary driver validation in hplip. Crucial for Fedora 21 users to implement.. Hplip Security Update, Fedora 21 Security Issue, Driver Verification Patch. . Severity: Important. LinuxSecurity.com Team

Jul 30, 2015 •Important Fedora