Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2011:013 ] hplip
From: security () mandriva com
Date: Wed, 19 Jan 2011 19:07:01 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:013
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : hplip
 Date    : January 19, 2011
 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in hplip:
 
 A flaw was found in the way certain HPLIP tools discovered devices
 using the SNMP protocol. If a user ran certain HPLIP tools that search
 for supported devices using SNMP, and a malicious user is able to send
 specially-crafted SNMP responses, it could cause those HPLIP tools
 to crash or, possibly, execute arbitrary code with the privileges of
 the user running them (CVE-2010-4267).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4267
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 8214d304ea3600384ac1294a68f97f7d  2009.0/i586/hplip-3.9.2-0.3mdv2009.0.i586.rpm
 d22709aa65a201f2c4dc12d8d62dcc3e  2009.0/i586/hplip-doc-3.9.2-0.3mdv2009.0.i586.rpm
 8ffd86cae73deaf3ab7e1923b03acbdf  2009.0/i586/hplip-gui-3.9.2-0.3mdv2009.0.i586.rpm
 3dd9bb27f26f86f616554ab10457604a  2009.0/i586/hplip-hpijs-3.9.2-0.3mdv2009.0.i586.rpm
 6d669b42e440c17cd00a85180907d963  2009.0/i586/hplip-hpijs-ppds-3.9.2-0.3mdv2009.0.i586.rpm
 89bf042640cfeecf86e291bc58982c12  2009.0/i586/hplip-model-data-3.9.2-0.3mdv2009.0.i586.rpm
 ee41d05b0155ba083cd7947695c36150  2009.0/i586/libhpip0-3.9.2-0.3mdv2009.0.i586.rpm
 5777267dbf4eca32d6767b861296ba1d  2009.0/i586/libhpip0-devel-3.9.2-0.3mdv2009.0.i586.rpm
 374c44a32f6b37ade9a484f3ec8887b9  2009.0/i586/libsane-hpaio1-3.9.2-0.3mdv2009.0.i586.rpm 
 049c49a5f2d9cba781afe22481304c11  2009.0/SRPMS/hplip-3.9.2-0.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 3ef81309b167606ac368bb2c0290fa92  2009.0/x86_64/hplip-3.9.2-0.3mdv2009.0.x86_64.rpm
 de41283d4fee8451e4d924d716a1994a  2009.0/x86_64/hplip-doc-3.9.2-0.3mdv2009.0.x86_64.rpm
 4ffe7768ececd74971f9878e61f7faff  2009.0/x86_64/hplip-gui-3.9.2-0.3mdv2009.0.x86_64.rpm
 43207cac141d48058a5dc480e7a55e5f  2009.0/x86_64/hplip-hpijs-3.9.2-0.3mdv2009.0.x86_64.rpm
 2a832e8e0601bc2d22db0aa920b6c753  2009.0/x86_64/hplip-hpijs-ppds-3.9.2-0.3mdv2009.0.x86_64.rpm
 c72502af75c91df338f5aae608a7c843  2009.0/x86_64/hplip-model-data-3.9.2-0.3mdv2009.0.x86_64.rpm
 8d14ef97d6f5119bd6df1175b2effb95  2009.0/x86_64/lib64hpip0-3.9.2-0.3mdv2009.0.x86_64.rpm
 e96200416f5138cdb9c3dad20f8aa18e  2009.0/x86_64/lib64hpip0-devel-3.9.2-0.3mdv2009.0.x86_64.rpm
 bf19e9363033d581e63ff38e4c3a202f  2009.0/x86_64/lib64sane-hpaio1-3.9.2-0.3mdv2009.0.x86_64.rpm 
 049c49a5f2d9cba781afe22481304c11  2009.0/SRPMS/hplip-3.9.2-0.3mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 e41cc08c0aa166ecc33ba4e8ba1a0790  2010.0/i586/hplip-3.9.8-8.1mdv2010.0.i586.rpm
 d7f1c043dc344c6f72b6023752e33c55  2010.0/i586/hplip-doc-3.9.8-8.1mdv2010.0.i586.rpm
 11cb78c08a6572a3c85ba7cd9b381006  2010.0/i586/hplip-gui-3.9.8-8.1mdv2010.0.i586.rpm
 389035fbf8a167024d7547046c3fc3be  2010.0/i586/hplip-hpijs-3.9.8-8.1mdv2010.0.i586.rpm
 f1185f4e52788e77d66a98ed0d3a2ae7  2010.0/i586/hplip-hpijs-ppds-3.9.8-8.1mdv2010.0.i586.rpm
 28978f3b95bfb597ce203b366a6c621f  2010.0/i586/hplip-model-data-3.9.8-8.1mdv2010.0.i586.rpm
 28a60a47e8fd1287ec3729b1402e1818  2010.0/i586/libhpip0-3.9.8-8.1mdv2010.0.i586.rpm
 92b20ede62c9c771f58f2ac4038f0753  2010.0/i586/libhpip0-devel-3.9.8-8.1mdv2010.0.i586.rpm
 bed73b20763f3866948e5ad820dd930c  2010.0/i586/libsane-hpaio1-3.9.8-8.1mdv2010.0.i586.rpm 
 7ea9d7ad0947ac1b4b8ae84b67825a0a  2010.0/SRPMS/hplip-3.9.8-8.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 7c9fc99ce28d02ce207a8b6c0b8101e0  2010.0/x86_64/hplip-3.9.8-8.1mdv2010.0.x86_64.rpm
 4eab6a380849afe2c4f1ab59d146b0e4  2010.0/x86_64/hplip-doc-3.9.8-8.1mdv2010.0.x86_64.rpm
 250043b36f3a1acc91708c509f8b6aa1  2010.0/x86_64/hplip-gui-3.9.8-8.1mdv2010.0.x86_64.rpm
 996b02e6542d4ef9bd52d02211d34dd0  2010.0/x86_64/hplip-hpijs-3.9.8-8.1mdv2010.0.x86_64.rpm
 48c2dd200290cfd5f95af097f709af0a  2010.0/x86_64/hplip-hpijs-ppds-3.9.8-8.1mdv2010.0.x86_64.rpm
 35ed1a7bbfa6db12b549d67ecf828e2f  2010.0/x86_64/hplip-model-data-3.9.8-8.1mdv2010.0.x86_64.rpm
 6cd5642a0f3964ee06202c7195b11589  2010.0/x86_64/lib64hpip0-3.9.8-8.1mdv2010.0.x86_64.rpm
 56f68349234debbf6dd87fe930f27b54  2010.0/x86_64/lib64hpip0-devel-3.9.8-8.1mdv2010.0.x86_64.rpm
 b219aa46fbe78c8b9229e50113a941e4  2010.0/x86_64/lib64sane-hpaio1-3.9.8-8.1mdv2010.0.x86_64.rpm 
 7ea9d7ad0947ac1b4b8ae84b67825a0a  2010.0/SRPMS/hplip-3.9.8-8.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 470a46ff48e003514e3e7de1b16148e6  2010.1/i586/hplip-3.10.2-5.1mdv2010.2.i586.rpm
 07ce6b09c09543f3d217f1e517f55391  2010.1/i586/hplip-doc-3.10.2-5.1mdv2010.2.i586.rpm
 0426e952bf1586e26fd602b06f8d7320  2010.1/i586/hplip-gui-3.10.2-5.1mdv2010.2.i586.rpm
 8781da9d946ae56692b517f5960656d2  2010.1/i586/hplip-hpijs-3.10.2-5.1mdv2010.2.i586.rpm
 1c43a61ed3ec16b24789062939435a86  2010.1/i586/hplip-hpijs-ppds-3.10.2-5.1mdv2010.2.i586.rpm
 c417b14637e30fec5b1426b4b943a118  2010.1/i586/hplip-model-data-3.10.2-5.1mdv2010.2.i586.rpm
 bc442c6d44ff336ea40c1d02b1d4c4c8  2010.1/i586/libhpip0-3.10.2-5.1mdv2010.2.i586.rpm
 fd427f25b9d8e4a949cdf572558d73f8  2010.1/i586/libhpip0-devel-3.10.2-5.1mdv2010.2.i586.rpm
 541f1a880503fd80227492fa7a62887c  2010.1/i586/libsane-hpaio1-3.10.2-5.1mdv2010.2.i586.rpm 
 a24cb6ad4cad2126dd0981b40ece0a32  2010.1/SRPMS/hplip-3.10.2-5.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 0cf5ba5a9fb6a0105c3e018756335bb1  2010.1/x86_64/hplip-3.10.2-5.1mdv2010.2.x86_64.rpm
 5f3cd426f6b8fe299f4a5cee1b087190  2010.1/x86_64/hplip-doc-3.10.2-5.1mdv2010.2.x86_64.rpm
 a758e7cb12ce3d38e3900afaa030af92  2010.1/x86_64/hplip-gui-3.10.2-5.1mdv2010.2.x86_64.rpm
 2842b87a9cfd8554759c8b3f83216549  2010.1/x86_64/hplip-hpijs-3.10.2-5.1mdv2010.2.x86_64.rpm
 d5c69f5aa745fe442cad0e9ab3595f57  2010.1/x86_64/hplip-hpijs-ppds-3.10.2-5.1mdv2010.2.x86_64.rpm
 69cf2fa947c348ca09ba79277835a29b  2010.1/x86_64/hplip-model-data-3.10.2-5.1mdv2010.2.x86_64.rpm
 ff933538fb5354536840637ec0948d79  2010.1/x86_64/lib64hpip0-3.10.2-5.1mdv2010.2.x86_64.rpm
 effb912c95ba268754016a73480af09c  2010.1/x86_64/lib64hpip0-devel-3.10.2-5.1mdv2010.2.x86_64.rpm
 519c5db5f1d58176dda0039cf10b7663  2010.1/x86_64/lib64sane-hpaio1-3.10.2-5.1mdv2010.2.x86_64.rpm 
 a24cb6ad4cad2126dd0981b40ece0a32  2010.1/SRPMS/hplip-3.10.2-5.1mdv2010.2.src.rpm

 Corporate 4.0:
 03d92550d30576b4c1c476a388ed243f  corporate/4.0/i586/hplip-1.6.7-2.3.20060mlcs4.i586.rpm
 e028be582856c66c772c49991edccc55  corporate/4.0/i586/hplip-hpijs-1.6.7-2.3.20060mlcs4.i586.rpm
 4abc0b0692096d0d9af598409c3eaf70  corporate/4.0/i586/hplip-hpijs-ppds-1.6.7-2.3.20060mlcs4.i586.rpm
 89b0d7da7999eca27901dcdcdd0c3634  corporate/4.0/i586/hplip-model-data-1.6.7-2.3.20060mlcs4.i586.rpm
 a81f14567a002c03c9b576f4130bf77d  corporate/4.0/i586/libhpip0-1.6.7-2.3.20060mlcs4.i586.rpm
 d82f9c10ced965c4365cab90c25d11bd  corporate/4.0/i586/libhpip0-devel-1.6.7-2.3.20060mlcs4.i586.rpm
 978eb556c1e2bb5cb86ab49cdb681f74  corporate/4.0/i586/libsane-hpaio1-1.6.7-2.3.20060mlcs4.i586.rpm 
 fb8f6ba8e4d368e5f5c45d99f405215c  corporate/4.0/SRPMS/hplip-1.6.7-2.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 ac5b9ec658f11d6cf241b466c9dac51d  corporate/4.0/x86_64/hplip-1.6.7-2.3.20060mlcs4.x86_64.rpm
 ddedb1a1fd78901189421345d7bf3a52  corporate/4.0/x86_64/hplip-hpijs-1.6.7-2.3.20060mlcs4.x86_64.rpm
 916024c9f7bb405520ae1f86df2e5c04  corporate/4.0/x86_64/hplip-hpijs-ppds-1.6.7-2.3.20060mlcs4.x86_64.rpm
 54025ca07b6d256722804dc352edc175  corporate/4.0/x86_64/hplip-model-data-1.6.7-2.3.20060mlcs4.x86_64.rpm
 c27a679cf14668ffbda4147443d05cec  corporate/4.0/x86_64/lib64hpip0-1.6.7-2.3.20060mlcs4.x86_64.rpm
 0fd62b75a59fd8c36c98ad361d071ec6  corporate/4.0/x86_64/lib64hpip0-devel-1.6.7-2.3.20060mlcs4.x86_64.rpm
 14d8ece2767b7dd80390e2eae3cc2a1e  corporate/4.0/x86_64/lib64sane-hpaio1-1.6.7-2.3.20060mlcs4.x86_64.rpm 
 fb8f6ba8e4d368e5f5c45d99f405215c  corporate/4.0/SRPMS/hplip-1.6.7-2.3.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 a06aefe0bbb961a7e9086f0d2a3b09c6  mes5/i586/hplip-3.9.2-0.3mdvmes5.1.i586.rpm
 954ff26f47895381ec87e2275cc97a92  mes5/i586/hplip-doc-3.9.2-0.3mdvmes5.1.i586.rpm
 89e9c42a35733a9102d9c3e3e5e046e2  mes5/i586/hplip-gui-3.9.2-0.3mdvmes5.1.i586.rpm
 cfa5063aee32f7ff46b2310d7ff6b03f  mes5/i586/hplip-hpijs-3.9.2-0.3mdvmes5.1.i586.rpm
 65bf90dc23d27e64b419fdd92e1d4c39  mes5/i586/hplip-hpijs-ppds-3.9.2-0.3mdvmes5.1.i586.rpm
 62dd5a662f2a876f9995c26796b2dec6  mes5/i586/hplip-model-data-3.9.2-0.3mdvmes5.1.i586.rpm
 7a4fa4bad0852a74a761713a36b0c49f  mes5/i586/libhpip0-3.9.2-0.3mdvmes5.1.i586.rpm
 59942dd743b392fc8cbaa7a00fddc512  mes5/i586/libhpip0-devel-3.9.2-0.3mdvmes5.1.i586.rpm
 bf6dfce0b9c56c6ee95efa41bd1c23e8  mes5/i586/libsane-hpaio1-3.9.2-0.3mdvmes5.1.i586.rpm 
 9acba40c908b838ef2dbc61ed6b95e44  mes5/SRPMS/hplip-3.9.2-0.3mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 b1a906f4ad7e5a4c443ed440c95e0e07  mes5/x86_64/hplip-3.9.2-0.3mdvmes5.1.x86_64.rpm
 bbcf72fdddf01b1e5d5eee61f4373b5c  mes5/x86_64/hplip-doc-3.9.2-0.3mdvmes5.1.x86_64.rpm
 36c42a823e73e78766291a8d76f7b5fe  mes5/x86_64/hplip-gui-3.9.2-0.3mdvmes5.1.x86_64.rpm
 20c81db73d37763c941f0f064c239fde  mes5/x86_64/hplip-hpijs-3.9.2-0.3mdvmes5.1.x86_64.rpm
 d1fd4fa1743b30954c39a1e9e5865957  mes5/x86_64/hplip-hpijs-ppds-3.9.2-0.3mdvmes5.1.x86_64.rpm
 de05671a4d16ff0f761938e11f4b00fc  mes5/x86_64/hplip-model-data-3.9.2-0.3mdvmes5.1.x86_64.rpm
 15a728fb93ae5fb57b7f083cafd59e54  mes5/x86_64/lib64hpip0-3.9.2-0.3mdvmes5.1.x86_64.rpm
 8efcab4cb06cf477169eb2698f840ee4  mes5/x86_64/lib64hpip0-devel-3.9.2-0.3mdvmes5.1.x86_64.rpm
 c582ac9835e04b9532164abf5b325e1f  mes5/x86_64/lib64sane-hpaio1-3.9.2-0.3mdvmes5.1.x86_64.rpm 
 9acba40c908b838ef2dbc61ed6b95e44  mes5/SRPMS/hplip-3.9.2-0.3mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNNvelmqjQ0CJFipgRApJbAJ9ItXvsDNbUG4JI9UXdkKO5rJ0ZPgCcCZ85
V7CNl7GosfO/iYlOpk0EfCU=
=yErj
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2011:013 ] hplip security (Jan 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]