Package name
hplip
Date
2007-10-22
Advisory ID
MDKSA-2007:201
Affected versions
2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , 2007.1 x86_64

Problem description

A vulnerability in the hpssd tool was discovered where it did not
correctly handle shell meta-characters. A local attacker could use
this flaw to execute arbitrary commands as the hplip user.

As well, this update fixes a problem with some HP scanners on Mandriva
Linux 2007.1, particularly HP PSC 1315, which wouldn't be detected
and also fixes a problem with HP 1220 and possibly other models when
scanning via the OpenOffice.org suite.

Updated packages have been patched to prevent these issues.

Updated packages

2007.0 x86_64

 7dbf6c7630f64155962506d669c8f86b  2007.0/x86_64/hplip-1.6.9-1.1mdv2007.0.x86_64.rpm
 e41eca285e2612a28693bfeb38db7582  2007.0/x86_64/hplip-hpijs-1.6.9-1.1mdv2007.0.x86_64.rpm
 6436d68462becda088383a864aea768c  2007.0/x86_64/hplip-hpijs-ppds-1.6.9-1.1mdv2007.0.x86_64.rpm
 723e6deb7b02c29f7b93600ab165237b  2007.0/x86_64/hplip-model-data-1.6.9-1.1mdv2007.0.x86_64.rpm
 fc5cc7bb5f33b62d7c2c252090d28f26  2007.0/x86_64/lib64hpip0-1.6.9-1.1mdv2007.0.x86_64.rpm
 58bfc0c955530a49be5dd00da5e76fbb  2007.0/x86_64/lib64hpip0-devel-1.6.9-1.1mdv2007.0.x86_64.rpm
 af9a2efc2ce1084bb670a0a4e293a4c9  2007.0/x86_64/lib64sane-hpaio1-1.6.9-1.1mdv2007.0.x86_64.rpm 
 4e5ab4d4da6e8050b478a0bb265f185e  2007.0/SRPMS/hplip-1.6.9-1.1mdv2007.0.src.rpm

2007.1 i586

 a6b33bf46a7f78268ddb007f689edd23  2007.1/i586/hplip-2.7.7-7.1mdv2007.1.i586.rpm
 28e5e8aff4105d52126b8732e90cadf1  2007.1/i586/hplip-doc-2.7.7-7.1mdv2007.1.i586.rpm
 d806cde0fdcb8fe9d46640ab2271795d  2007.1/i586/hplip-hpijs-2.7.7-7.1mdv2007.1.i586.rpm
 c27544b840ddf59a82c0697db5b4cd32  2007.1/i586/hplip-hpijs-ppds-2.7.7-7.1mdv2007.1.i586.rpm
 d295506bc92eff1b5581ad37e04e5a68  2007.1/i586/hplip-model-data-2.7.7-7.1mdv2007.1.i586.rpm
 10a99416666a03079ed387bcee74ce80  2007.1/i586/libhpip0-2.7.7-7.1mdv2007.1.i586.rpm
 27a2755550ee7191a62751ec99cb719f  2007.1/i586/libhpip0-devel-2.7.7-7.1mdv2007.1.i586.rpm
 e583be3527d370980488f5f78d1b7362  2007.1/i586/libsane-hpaio1-2.7.7-7.1mdv2007.1.i586.rpm 
 452c3521b28c09698fe7e19026827874  2007.1/SRPMS/hplip-2.7.7-7.1mdv2007.1.src.rpm

2007.0 i586

 299f2491535547a8c31047547c30a374  2007.0/i586/hplip-1.6.9-1.1mdv2007.0.i586.rpm
 466199e8246ac5bbb313fd4993d70bf2  2007.0/i586/hplip-hpijs-1.6.9-1.1mdv2007.0.i586.rpm
 2244889c2bd7f270df27343142d3f62e  2007.0/i586/hplip-hpijs-ppds-1.6.9-1.1mdv2007.0.i586.rpm
 41c25c58e970090ce4d40f36c0068138  2007.0/i586/hplip-model-data-1.6.9-1.1mdv2007.0.i586.rpm
 8f7bcb7fa03eea5dbdd1f77ce0dabb60  2007.0/i586/libhpip0-1.6.9-1.1mdv2007.0.i586.rpm
 e6d65bd872a05366e9561dd6f55edf61  2007.0/i586/libhpip0-devel-1.6.9-1.1mdv2007.0.i586.rpm
 856ab7370c5ee2522a28dedf1a5f4ab3  2007.0/i586/libsane-hpaio1-1.6.9-1.1mdv2007.0.i586.rpm 
 4e5ab4d4da6e8050b478a0bb265f185e  2007.0/SRPMS/hplip-1.6.9-1.1mdv2007.0.src.rpm

CS4.0 i586

 9e53fb82a52956138a75bcaaf1ba7737  corporate/4.0/i586/hplip-1.6.7-2.1.20060mlcs4.i586.rpm
 657b7c524b1fc298417fd5c59bbbe0e9  corporate/4.0/i586/hplip-hpijs-1.6.7-2.1.20060mlcs4.i586.rpm
 e6ad7fd9f757505067dfdd1ffb8fd2e4  corporate/4.0/i586/hplip-hpijs-ppds-1.6.7-2.1.20060mlcs4.i586.rpm
 2d96a52c37b2fc1b76244cde9e220727  corporate/4.0/i586/hplip-model-data-1.6.7-2.1.20060mlcs4.i586.rpm
 1992cf05eb0fd87b8b04f6761a08eecf  corporate/4.0/i586/libhpip0-1.6.7-2.1.20060mlcs4.i586.rpm
 18384c122ec43e4c600d54d1d763d179  corporate/4.0/i586/libhpip0-devel-1.6.7-2.1.20060mlcs4.i586.rpm
 3c0c95262df3e2a56a6f95705463e7a8  corporate/4.0/i586/libsane-hpaio1-1.6.7-2.1.20060mlcs4.i586.rpm 
 70e6cd75ad4712b1bc3302da3261b132  corporate/4.0/SRPMS/hplip-1.6.7-2.1.20060mlcs4.src.rpm

2008.0 x86_64

 b2174cb0a9f0566059a9791c0cfe30e3  2008.0/x86_64/hplip-2.7.7-8.1mdv2008.0.x86_64.rpm
 b2d1403450fb191b0c41ce5ce1b16172  2008.0/x86_64/hplip-doc-2.7.7-8.1mdv2008.0.x86_64.rpm
 1358e2423a1eb5f5fd116c34f7d21b36  2008.0/x86_64/hplip-hpijs-2.7.7-8.1mdv2008.0.x86_64.rpm
 f6b8950ac8b94e4ce3acac765c9c4699  2008.0/x86_64/hplip-hpijs-ppds-2.7.7-8.1mdv2008.0.x86_64.rpm
 f2f50dbabb9d619ab169e28e55c18c66  2008.0/x86_64/hplip-model-data-2.7.7-8.1mdv2008.0.x86_64.rpm
 b18aa425d5cef2815044d0a2c06f06b0  2008.0/x86_64/lib64hpip0-2.7.7-8.1mdv2008.0.x86_64.rpm
 c09cd479422f14a164f6daff3a106e00  2008.0/x86_64/lib64hpip0-devel-2.7.7-8.1mdv2008.0.x86_64.rpm
 e27d7faa1e618ff467a4e50c380c7f3b  2008.0/x86_64/lib64sane-hpaio1-2.7.7-8.1mdv2008.0.x86_64.rpm 
 0688297afeaa5c8fb02659fb5548e2e0  2008.0/SRPMS/hplip-2.7.7-8.1mdv2008.0.src.rpm

CS4.0 x86_64

 41374a1ef2b9cf25721fe182dae2251e  corporate/4.0/x86_64/hplip-1.6.7-2.1.20060mlcs4.x86_64.rpm
 c7a950d5a616dccc688cdf942ef9a669  corporate/4.0/x86_64/hplip-hpijs-1.6.7-2.1.20060mlcs4.x86_64.rpm
 f102bea95bf3671e606e33582cf8f5b7  corporate/4.0/x86_64/hplip-hpijs-ppds-1.6.7-2.1.20060mlcs4.x86_64.rpm
 27c44674a3e70e4b4c39cb0cda4a5824  corporate/4.0/x86_64/hplip-model-data-1.6.7-2.1.20060mlcs4.x86_64.rpm
 deb89257aa15b07f1890c2d5f572f8dd  corporate/4.0/x86_64/lib64hpip0-1.6.7-2.1.20060mlcs4.x86_64.rpm
 653098db0848cc9ecfcf5421cfda08c0  corporate/4.0/x86_64/lib64hpip0-devel-1.6.7-2.1.20060mlcs4.x86_64.rpm
 eab54d31f392b41e18323f2a75358f2b  corporate/4.0/x86_64/lib64sane-hpaio1-1.6.7-2.1.20060mlcs4.x86_64.rpm 
 70e6cd75ad4712b1bc3302da3261b132  corporate/4.0/SRPMS/hplip-1.6.7-2.1.20060mlcs4.src.rpm

2008.0 i586

 0c90a3351c4c00a666280eff3f7bf7d2  2008.0/i586/hplip-2.7.7-8.1mdv2008.0.i586.rpm
 212ab21c2301c49e4feb164bff7770d8  2008.0/i586/hplip-doc-2.7.7-8.1mdv2008.0.i586.rpm
 23fa4660a68cc597879f90aacdaef8b6  2008.0/i586/hplip-hpijs-2.7.7-8.1mdv2008.0.i586.rpm
 41a48568c0e5e5778de17b4abdd96634  2008.0/i586/hplip-hpijs-ppds-2.7.7-8.1mdv2008.0.i586.rpm
 953c9014fb7093211f0cbf5692a489c8  2008.0/i586/hplip-model-data-2.7.7-8.1mdv2008.0.i586.rpm
 d7c87b86485ae7b23cbb78c9e19d30f0  2008.0/i586/libhpip0-2.7.7-8.1mdv2008.0.i586.rpm
 50593238a5a5cdd22dd385d52dfe440a  2008.0/i586/libhpip0-devel-2.7.7-8.1mdv2008.0.i586.rpm
 53bbb3cfc1b252d27d67835198618951  2008.0/i586/libsane-hpaio1-2.7.7-8.1mdv2008.0.i586.rpm 
 0688297afeaa5c8fb02659fb5548e2e0  2008.0/SRPMS/hplip-2.7.7-8.1mdv2008.0.src.rpm

2007.1 x86_64

 4dc92ef5ab778ecd7661a510a2e202ca  2007.1/x86_64/hplip-2.7.7-7.1mdv2007.1.x86_64.rpm
 d81779825ff546a4da4badd8a5556bdc  2007.1/x86_64/hplip-doc-2.7.7-7.1mdv2007.1.x86_64.rpm
 ffe82f1e7726d7dfed351bc60216fadc  2007.1/x86_64/hplip-hpijs-2.7.7-7.1mdv2007.1.x86_64.rpm
 e35bf35488bea202e59a8fbfc7383aff  2007.1/x86_64/hplip-hpijs-ppds-2.7.7-7.1mdv2007.1.x86_64.rpm
 24fa0b0693fc01c1e3693d793b24b35a  2007.1/x86_64/hplip-model-data-2.7.7-7.1mdv2007.1.x86_64.rpm
 fb0e6fe41d2317f594020c3c71f5f3ba  2007.1/x86_64/lib64hpip0-2.7.7-7.1mdv2007.1.x86_64.rpm
 6e4712f70b98998a9bb2e1c1934ba9dc  2007.1/x86_64/lib64hpip0-devel-2.7.7-7.1mdv2007.1.x86_64.rpm
 87dcadb1b297fc41ec0a5e8c1a2a1a67  2007.1/x86_64/lib64sane-hpaio1-2.7.7-7.1mdv2007.1.x86_64.rpm 
 452c3521b28c09698fe7e19026827874  2007.1/SRPMS/hplip-2.7.7-7.1mdv2007.1.src.rpm

References