USN-674-1: HPLIP vulnerabilities
19 November 2008
HPLIP vulnerabilities
Releases
Packages
- hplip -
Details
It was discovered that the hpssd tool of hplip did not validate
privileges in the alert-mailing function. A local attacker could
exploit this to gain privileges and send e-mail messages from the
account of the hplip user. This update alters hplip behaviour by
preventing users from setting alerts and by moving alert configuration
to a root-controlled /etc/hp/alerts.conf file. (CVE-2008-2940)
It was discovered that the hpssd tool of hplip did not correctly
handle certain commands. A local attacker could use a specially
crafted packet to crash hpssd, leading to a denial of service.
(CVE-2008-2941)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 8.04
Ubuntu 7.10
Ubuntu 6.06
In general, a standard system upgrade is sufficient to effect the
necessary changes.