Your submission was sent successfully! Close

USN-2699-1: HPLIP vulnerability

30 July 2015

HPLIP could be tricked into downloading a different GPG key when performing printer plugin installations.

Releases

Packages

  • hplip - HP Linux Printing and Imaging System (HPLIP)

Details

Enrico Zini discovered that HPLIP used a short GPG key ID when downloading
keys from the keyserver. An attacker could possibly use this to return a
different key with a duplicate short key id and perform a machine-in-the-middle
attack on printer plugin installations.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04
Ubuntu 14.04
Ubuntu 12.04

In general, a standard system update will make all the necessary changes.

References