MDVSA-2008:169

Nom du paquet

hplip

Date

2008-08-13

Advisory ID

MDVSA-2008:169

Affected versions

2008.0 i586 , 2007.1 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.1 x86_64 , 2008.1 i586 , 2007.1 x86_64

Problem description

Marc Schoenefeld of the Red Hat Security Response Team discovered a
vulnerability in the hplip alert-mailing functionality that could allow
a local attacker to elevate their privileges by using specially-crafted
packets to trigger alert mails that are sent by the root account
(CVE-2008-2940).

Another vulnerability was discovered by Marc Schoenefeld in the hpssd
message parser that could allow a local attacker to stop the hpssd
process by sending specially-craftd packets, causing a denial of
service (CVE-2008-2941).

The updated packages have been patched to correct these issues.

Updated packages

2008.0 i586

 a669379d666c88e8a16504ad983ad402  2008.0/i586/hplip-2.7.7-8.2mdv2008.0.i586.rpm
 494b6e9147fb639381d4133cf98612fc  2008.0/i586/hplip-doc-2.7.7-8.2mdv2008.0.i586.rpm
 17748ef3c683b999551bf3ffc4f395b3  2008.0/i586/hplip-hpijs-2.7.7-8.2mdv2008.0.i586.rpm
 dd608f041c6780bfc88272724ddedefc  2008.0/i586/hplip-hpijs-ppds-2.7.7-8.2mdv2008.0.i586.rpm
 06d7e452624d5619288dbca8f7c70677  2008.0/i586/hplip-model-data-2.7.7-8.2mdv2008.0.i586.rpm
 c1d867ed0a2c6599bd281db3f287ac64  2008.0/i586/libhpip0-2.7.7-8.2mdv2008.0.i586.rpm
 83425939a7d9f20abb3cf657e6abff1e  2008.0/i586/libhpip0-devel-2.7.7-8.2mdv2008.0.i586.rpm
 b33ae916dbb238f33af46135eeddf4bb  2008.0/i586/libsane-hpaio1-2.7.7-8.2mdv2008.0.i586.rpm 
 97b991d5a065c8bf99ad480485e93a35  2008.0/SRPMS/hplip-2.7.7-8.2mdv2008.0.src.rpm

2007.1 i586

 83a70dea97bcf550fead0ee3fad08932  2007.1/i586/hplip-2.7.7-7.2mdv2007.1.i586.rpm
 7ee68cb6dc64814f9d040e8bc7ca67ef  2007.1/i586/hplip-doc-2.7.7-7.2mdv2007.1.i586.rpm
 b055ab176b056b0751d2b68f9e34ec52  2007.1/i586/hplip-hpijs-2.7.7-7.2mdv2007.1.i586.rpm
 c02f74f305d8a90c42ec1f84481067e7  2007.1/i586/hplip-hpijs-ppds-2.7.7-7.2mdv2007.1.i586.rpm
 31a009fbc34f485fde381f90cd8cf76e  2007.1/i586/hplip-model-data-2.7.7-7.2mdv2007.1.i586.rpm
 7a1a9cb8373fd6966f8cd495664a14a1  2007.1/i586/libhpip0-2.7.7-7.2mdv2007.1.i586.rpm
 7e1ddcca51e6415638cfbba7f05ef26f  2007.1/i586/libhpip0-devel-2.7.7-7.2mdv2007.1.i586.rpm
 c4b990b2704cf5edb8c9d780569c6324  2007.1/i586/libsane-hpaio1-2.7.7-7.2mdv2007.1.i586.rpm 
 c318707ebd9d10f57c612761360b1178  2007.1/SRPMS/hplip-2.7.7-7.2mdv2007.1.src.rpm

CS4.0 i586

 777fdcbe85c52b1e0db7a2a5b240e8f1  corporate/4.0/i586/hplip-1.6.7-2.2.20060mlcs4.i586.rpm
 9b21f3609bb7894a5b45c0bea18542f9  corporate/4.0/i586/hplip-hpijs-1.6.7-2.2.20060mlcs4.i586.rpm
 987d8962f67ab6bbd7ef25eb0326711a  corporate/4.0/i586/hplip-hpijs-ppds-1.6.7-2.2.20060mlcs4.i586.rpm
 1a98c497f6f5614794eedd2db14fa3ca  corporate/4.0/i586/hplip-model-data-1.6.7-2.2.20060mlcs4.i586.rpm
 5ad16063e0556e0f0878b68d8f1064ee  corporate/4.0/i586/libhpip0-1.6.7-2.2.20060mlcs4.i586.rpm
 5e275a760dd9a0432509948bd67cb415  corporate/4.0/i586/libhpip0-devel-1.6.7-2.2.20060mlcs4.i586.rpm
 a918a721f51f5409002e793f1b8b8f18  corporate/4.0/i586/libsane-hpaio1-1.6.7-2.2.20060mlcs4.i586.rpm 
 7e7628d18c806f644f6f6dd2e876e30b  corporate/4.0/SRPMS/hplip-1.6.7-2.2.20060mlcs4.src.rpm

2008.0 x86_64

 b405a8760af623755e8232266c382e11  2008.0/x86_64/hplip-2.7.7-8.2mdv2008.0.x86_64.rpm
 f98dc84adbe75fd8fa3ef132e6607d33  2008.0/x86_64/hplip-doc-2.7.7-8.2mdv2008.0.x86_64.rpm
 ba944e7864a866f595d499074869b9b8  2008.0/x86_64/hplip-hpijs-2.7.7-8.2mdv2008.0.x86_64.rpm
 cd4dd779d069352fcb35b717c35efef9  2008.0/x86_64/hplip-hpijs-ppds-2.7.7-8.2mdv2008.0.x86_64.rpm
 184feac7be49c0e67c99dce1683a32ef  2008.0/x86_64/hplip-model-data-2.7.7-8.2mdv2008.0.x86_64.rpm
 9d9307fe41b01a37f23916617bfd990a  2008.0/x86_64/lib64hpip0-2.7.7-8.2mdv2008.0.x86_64.rpm
 91b98fd69b6ab7a7cbce027878036915  2008.0/x86_64/lib64hpip0-devel-2.7.7-8.2mdv2008.0.x86_64.rpm
 500488fb28d19bdd398c55f15ae4c99b  2008.0/x86_64/lib64sane-hpaio1-2.7.7-8.2mdv2008.0.x86_64.rpm 
 97b991d5a065c8bf99ad480485e93a35  2008.0/SRPMS/hplip-2.7.7-8.2mdv2008.0.src.rpm

CS4.0 x86_64

 7daa0b4aafff137f99e69d52a99f9954  corporate/4.0/x86_64/hplip-1.6.7-2.2.20060mlcs4.x86_64.rpm
 0ffb395958b34858e07389c68c5681dc  corporate/4.0/x86_64/hplip-hpijs-1.6.7-2.2.20060mlcs4.x86_64.rpm
 bbf23a0cf41449fa0d5fc5275fc86961  corporate/4.0/x86_64/hplip-hpijs-ppds-1.6.7-2.2.20060mlcs4.x86_64.rpm
 544db3c364d87fc3b87793406dbf8b24  corporate/4.0/x86_64/hplip-model-data-1.6.7-2.2.20060mlcs4.x86_64.rpm
 0922189cf841085cc6bb573964119dad  corporate/4.0/x86_64/lib64hpip0-1.6.7-2.2.20060mlcs4.x86_64.rpm
 ccf36346eb5acf53c8203a58e5ac4cb5  corporate/4.0/x86_64/lib64hpip0-devel-1.6.7-2.2.20060mlcs4.x86_64.rpm
 0422d486d4f749d26ce9bfb06231c9d6  corporate/4.0/x86_64/lib64sane-hpaio1-1.6.7-2.2.20060mlcs4.x86_64.rpm 
 7e7628d18c806f644f6f6dd2e876e30b  corporate/4.0/SRPMS/hplip-1.6.7-2.2.20060mlcs4.src.rpm

2008.1 x86_64

 a06e08c9b0f36e5036d871583d18fa44  2008.1/x86_64/hplip-2.8.2-2.1mdv2008.1.x86_64.rpm
 ee9f3a71639fd721a200f6f71985166d  2008.1/x86_64/hplip-doc-2.8.2-2.1mdv2008.1.x86_64.rpm
 700d2a48a22c1ad8c9f577b4502de6b2  2008.1/x86_64/hplip-hpijs-2.8.2-2.1mdv2008.1.x86_64.rpm
 a9e25ce6b1629acf6c741049c56bb10f  2008.1/x86_64/hplip-hpijs-ppds-2.8.2-2.1mdv2008.1.x86_64.rpm
 b9a2240b8a037ab7188fcdb0b33a2be6  2008.1/x86_64/hplip-model-data-2.8.2-2.1mdv2008.1.x86_64.rpm
 1363348b6924780fea45e1669af9d427  2008.1/x86_64/lib64hpip0-2.8.2-2.1mdv2008.1.x86_64.rpm
 ee10d5ed822c3d21fbec9bf4f80dfebc  2008.1/x86_64/lib64hpip0-devel-2.8.2-2.1mdv2008.1.x86_64.rpm
 63873101b63f13e706df9e1ecd4c43f3  2008.1/x86_64/lib64sane-hpaio1-2.8.2-2.1mdv2008.1.x86_64.rpm 
 ec0721343a1f44dda4950a38f91be5a1  2008.1/SRPMS/hplip-2.8.2-2.1mdv2008.1.src.rpm

2008.1 i586

 1ff1ac0d25edb4e0c3d355041b3ee99b  2008.1/i586/hplip-2.8.2-2.1mdv2008.1.i586.rpm
 5b6887e12ad80634f844ef76332d4e6b  2008.1/i586/hplip-doc-2.8.2-2.1mdv2008.1.i586.rpm
 22619a7630be2f3ece75312c107f3f18  2008.1/i586/hplip-hpijs-2.8.2-2.1mdv2008.1.i586.rpm
 c53d888519e32d939615e2fbeee7da08  2008.1/i586/hplip-hpijs-ppds-2.8.2-2.1mdv2008.1.i586.rpm
 f011e651be37ec70d1bace8d80288278  2008.1/i586/hplip-model-data-2.8.2-2.1mdv2008.1.i586.rpm
 96cd7153acd9bf2fa7e97e0141015205  2008.1/i586/libhpip0-2.8.2-2.1mdv2008.1.i586.rpm
 ad30eb0f33a59d501ca9b19a1bfdd596  2008.1/i586/libhpip0-devel-2.8.2-2.1mdv2008.1.i586.rpm
 895342b4ea74b66ff11caf25ba05e8a9  2008.1/i586/libsane-hpaio1-2.8.2-2.1mdv2008.1.i586.rpm 
 ec0721343a1f44dda4950a38f91be5a1  2008.1/SRPMS/hplip-2.8.2-2.1mdv2008.1.src.rpm

2007.1 x86_64

 ef3723584df0f9c67599674b6db8aa27  2007.1/x86_64/hplip-2.7.7-7.2mdv2007.1.x86_64.rpm
 17ae578aa6993ff1200444e82197efb2  2007.1/x86_64/hplip-doc-2.7.7-7.2mdv2007.1.x86_64.rpm
 cd0600174962a2bd3ad3d1a4f1faadd3  2007.1/x86_64/hplip-hpijs-2.7.7-7.2mdv2007.1.x86_64.rpm
 708f74ce9ce6ade4dc8167389e312f9a  2007.1/x86_64/hplip-hpijs-ppds-2.7.7-7.2mdv2007.1.x86_64.rpm
 3e5832b9145aaa41f743aa670f20f014  2007.1/x86_64/hplip-model-data-2.7.7-7.2mdv2007.1.x86_64.rpm
 bf7d38126f996dbcd10ba514a766113d  2007.1/x86_64/lib64hpip0-2.7.7-7.2mdv2007.1.x86_64.rpm
 907ce0b1d866f6ed35b782c7bea48e89  2007.1/x86_64/lib64hpip0-devel-2.7.7-7.2mdv2007.1.x86_64.rpm
 37c264306ddf4f614b594b4a26bca70f  2007.1/x86_64/lib64sane-hpaio1-2.7.7-7.2mdv2007.1.x86_64.rpm 
 c318707ebd9d10f57c612761360b1178  2007.1/SRPMS/hplip-2.7.7-7.2mdv2007.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2940
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2941