The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-708-1] HPLIP vulnerability


<< Previous INDEX Search src / Print Next >>
Subject: [USN-708-1] HPLIP vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com.>
To: [email protected]
Cc: [email protected], [email protected]
X-Original-To: [email protected]
X-Mailcontrol-Inbound: 
 uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xw=
X-Spam-Score: -4.2
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.74.0.165
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-CXh9fLe/CpQXpMIMbKne"
Date: Tue, 13 Jan 2009 15:50:26 -0500
Message-Id: <1231879826.11166.22.camel@mdlinux.technorage.com.>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.2 
X-Virus-Scanned: antivirus-gw at tyumen.ru


--=-CXh9fLe/CpQXpMIMbKne
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-708-1           January 13, 2009
hplip vulnerability
https://launchpad.net/bugs/191299
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  hplip                           2.7.7.dfsg.1-0ubuntu5.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that an installation script in the HPLIP package would
change permissions on the hplip config files located in user's home directo=
ries.
A local user could exploit this and change permissions on arbitrary files
upon an HPLIP installation or upgrade, which could lead to root privileges.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-=
0ubuntu5.3.diff.gz
      Size/MD5:   149462 e8b5cb18aff082738bfcfe069eb873f5
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-=
0ubuntu5.3.dsc
      Size/MD5:     1064 531e707f0cbace5f1eb82039e409c306
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1.=
orig.tar.gz
      Size/MD5: 14361049 ae5165d46413db8119979f5b3345f7a5

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-data_2.7.7.df=
sg.1-0ubuntu5.3_all.deb
      Size/MD5:  6898006 691895b0f8e5fc93bcb86d47d11da1af
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-doc_2.7.7.dfs=
g.1-0ubuntu5.3_all.deb
      Size/MD5:  4146918 d4e0b928aacc84bbe2a05862050a5963
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-gui_2.7.7.dfs=
g.1-0ubuntu5.3_all.deb
      Size/MD5:   117628 91f0c9d09f2520e76b3a3e6cde4abd63
    http://security.ubuntu.com/ubuntu/pool/universe/h/hplip/hpijs-ppds_2.7.=
7+2.7.7.dfsg.1-0ubuntu5.3_all.deb
      Size/MD5:   480134 59604754cef89d7b5ae128ecf20f44da

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.7+2.7.7.d=
fsg.1-0ubuntu5.3_amd64.deb
      Size/MD5:   341576 918813fb4741326051c7480ffeae9a9a
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_2.7.7.dfs=
g.1-0ubuntu5.3_amd64.deb
      Size/MD5:   770122 ccef78fc8a55b4e94318931964e9e97b
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-=
0ubuntu5.3_amd64.deb
      Size/MD5:   302856 f2a47e27a69aa016334a1ffdac105be1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.7+2.7.7.d=
fsg.1-0ubuntu5.3_i386.deb
      Size/MD5:   334690 dd891b2df494fd1fbc46abd25b9ef7db
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_2.7.7.dfs=
g.1-0ubuntu5.3_i386.deb
      Size/MD5:   747250 4676694a4d20445e64f3f4dc91aaa44c
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-=
0ubuntu5.3_i386.deb
      Size/MD5:   290282 921463222e2b642fb5bc16083d8b70ac

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/h/hplip/hpijs_2.7.7+2.7.7.dfsg.1-0ubu=
ntu5.3_lpia.deb
      Size/MD5:   337798 9c060add246bb5212706b9dd0d92cc51
    http://ports.ubuntu.com/pool/main/h/hplip/hplip-dbg_2.7.7.dfsg.1-0ubunt=
u5.3_lpia.deb
      Size/MD5:   926096 af4481ea010212486ea621103329cf13
    http://ports.ubuntu.com/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3=
_lpia.deb
      Size/MD5:   290082 f26b9fc31e3457719b3102b3a9c77b5b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.7+2.7.7.d=
fsg.1-0ubuntu5.3_powerpc.deb
      Size/MD5:   348258 66f9714865cad898e10e98ef83f6e443
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_2.7.7.dfs=
g.1-0ubuntu5.3_powerpc.deb
      Size/MD5:   784504 0c76dac215474fc62900aea547168387
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-=
0ubuntu5.3_powerpc.deb
      Size/MD5:   319006 52d13211d1681fe90b74951dc204a788

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.7+2.7.7.d=
fsg.1-0ubuntu5.3_sparc.deb
      Size/MD5:   332756 a3411ca114399f0359b949462e0313ab
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_2.7.7.dfs=
g.1-0ubuntu5.3_sparc.deb
      Size/MD5:   717210 401d1050417a9a8608198088abb9e305
    http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-=
0ubuntu5.3_sparc.deb
      Size/MD5:   289370 f92c0c0f6a2f2ccef18d3874db728bf7



--=-CXh9fLe/CpQXpMIMbKne
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkls/o8ACgkQLMAs/0C4zNrcLgCghOdVf4DIVYQ/G4ERIDP2qJ2P
wKcAn05AE2q/x4yoir1sbwux1JtUtBmU
=8Pw+
-----END PGP SIGNATURE-----

--=-CXh9fLe/CpQXpMIMbKne--



<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру