CVE-2009-0122

Published: 15 January 2009

hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories.

Notes

Author	Note
mdeslaur	only affected gutsy

Priority

Status

Package	Release	Status
hplip Launchpad, Ubuntu, Debian	dapper	Not vulnerable (code not present)
	gutsy	Released (2.7.7.dfsg.1-0ubuntu5.3)
	hardy	Not vulnerable (code was removed)
	intrepid	Not vulnerable (code not present)
	upstream	Not vulnerable (ubuntu package only)

References

https://ubuntu.com/security/notices/USN-708-1
https://www.cve.org/CVERecord?id=CVE-2009-0122
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›