Your submission was sent successfully! Close

USN-674-1: HPLIP vulnerabilities

19 November 2008

HPLIP vulnerabilities

Releases

Packages

Details

It was discovered that the hpssd tool of hplip did not validate
privileges in the alert-mailing function. A local attacker could
exploit this to gain privileges and send e-mail messages from the
account of the hplip user. This update alters hplip behaviour by
preventing users from setting alerts and by moving alert configuration
to a root-controlled /etc/hp/alerts.conf file. (CVE-2008-2940)

It was discovered that the hpssd tool of hplip did not correctly
handle certain commands. A local attacker could use a specially
crafted packet to crash hpssd, leading to a denial of service.
(CVE-2008-2941)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.04
Ubuntu 7.10
Ubuntu 6.06

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Related notices