==========================================================Ubuntu Security Notice USN-674-1          November 19, 2008
hplip vulnerabilities
CVE-2008-2940, CVE-2008-2941
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  hplip                           0.9.7-4ubuntu1.1

Ubuntu 7.10:
  hplip                           2.7.7.dfsg.1-0ubuntu5.1

Ubuntu 8.04 LTS:
  hplip                           2.8.2-0ubuntu8.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the hpssd tool of hplip did not validate
privileges in the alert-mailing function. A local attacker could
exploit this to gain privileges and send e-mail messages from the
account of the hplip user. This update alters hplip behaviour by
preventing users from setting alerts and by moving alert configuration
to a root-controlled /etc/hp/alerts.conf file. (CVE-2008-2940)

It was discovered that the hpssd tool of hplip did not correctly
handle certain commands. A local attacker could use a specially
crafted packet to crash hpssd, leading to a denial of service.
(CVE-2008-2941)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   226218 b1befe142df70e2be0aacca378bff4c6
          Size/MD5:      805 44d5c87af34218551c39719f0d902ec6
          Size/MD5:  9705231 d2ee27d7c347f549306a880561c5030a

  Architecture independent packages:

          Size/MD5:  6318286 e92776a847c4dccb78e46e040cc4f37c
          Size/MD5:   391422 94a290c3c58d7cfde62719871a4206cb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   296914 7c2b35446a74ace8600ebd7bc0bcf7ff
          Size/MD5:   479454 07cbfe505c55c27c12220c8f18d6e4f0

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   280204 e3941e3f4fdb6c0d6ad16d50de90b469
          Size/MD5:   461862 11e44e329aff35e9684ee0761c44d8ee

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   299864 ad75271b2f55cc54f58410788e884d26
          Size/MD5:   486720 84acd213608e444cd108511579f6e19f

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   280186 ab1b58f5fb3fa17ece320035716498fa
          Size/MD5:   464572 1f2f60151bc92e6cdc7da921e53f35e2

Updated packages for Ubuntu 7.10:

  Source archives:

          Size/MD5:   149557 1adc73a32fbce24a03682309f23d6a50
          Size/MD5:     1064 180d4951171a12dc0b4e6b51963261ae
          Size/MD5: 14361049 ae5165d46413db8119979f5b3345f7a5

  Architecture independent packages:

          Size/MD5:  6897850 1cab82d64fedbb70076f1434d475d273
          Size/MD5:  4146758 7bf2d5554996cc17c60258de446eb8c6
          Size/MD5:   117522 85cd5e8a8d8ba35e7140a41fdc379c7c
          Size/MD5:   479918 c545f959d38b34dc32a93adc73461615

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   341468 79cb90ac94af0792c0f9e2089a60db64
          Size/MD5:   769990 cf835a70a0fa51078b80ad190ab1cec7
          Size/MD5:   302976 162ce78f2534152bd0e2ed33051619a2

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   334576 dd39560300fdda88c16a252b46ef2b7b
          Size/MD5:   747196 36d127560c5eba40354698a0eef1777a
          Size/MD5:   290354 df91f0e8b2d97b2aca110f3541952044

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   337694 43391f12453f206b9f225e081e669417
          Size/MD5:   925968 72d12b2e01a56317ed133fe9d4461191
          Size/MD5:   290174 2543c28b0990cddae6edd78988465b4c

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   348144 2635fbbe0d26218e328e5a65f6739ee1
          Size/MD5:   784396 db9c4e4175812910e690b6d93c78c484
          Size/MD5:   319062 fa76d41aeb82c0bd14565aa7046d3673

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   332584 0871e23022a68750c75c8354e887e064
          Size/MD5:   717140 8034edab3f572315e082918033eb41ef
          Size/MD5:   289462 53750500e86a4179592d9ee97def4770

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:    77238 6b40ac2c31a1751ba48997077ca2c9dc
          Size/MD5:     1317 b66ad37ff2a0bdd9b7cb903e9887fe50
          Size/MD5: 14195737 ea57b92483622d3eae359994c5fd3dc3

  Architecture independent packages:

          Size/MD5:  1529318 c5a1b517bc403570513f27a1f15341b8
          Size/MD5:  7019114 8f55c60778ef6f7e075803152a313496
          Size/MD5:  4167440 2cdbd923c549fe09c8436ff36bf73a1a
          Size/MD5:   128378 d4f8e634314c25160cee0bc44b6c55eb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   382262 5c2e135b7ea35a6202d0b087820a84e5
          Size/MD5:   811692 2babafedcd53a956049591f84d6b5664
          Size/MD5:   320852 3709f156c5528d77d70584da2385812b

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   374220 e8c891f92d1219bdfa178a8eb533215f
          Size/MD5:   788090 79b9fb3adfe38464311e6689ff634c35
          Size/MD5:   308622 64477942b624ef3cf98921e3535cc473

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   377036 984d300fa15fef7eb813e6e280034a16
          Size/MD5:   794452 7bbf76dce03cee5b2ba7363cfecb5f70
          Size/MD5:   307612 47ae3e6082e1dff01384e8834a959ee6

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   388358 197034b9a89bfa7f403ed908f010cb2b
          Size/MD5:   824638 01210ff766c493113fb780f6b52ce047
          Size/MD5:   336824 c97c1e1e8a8f328bc611ec46214aca74

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   371516 0db0e7f4c0e10948819fdc3ca509e19f
          Size/MD5:   755764 1529e25d7ee099815219ac63e12a2949
          Size/MD5:   306928 8e4e046d41c6f0efe22ce02409b90666

Ubuntu: HPLIP vulnerabilities USN-674-1

November 19, 2008
It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function

Summary

Update Instructions

References

Severity
hplip vulnerabilities

Package Information

Related News

21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved