=========================================================== 
Ubuntu Security Notice USN-530-1           October 12, 2007
hplip vulnerability
CVE-2007-5208
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  hplip                           1.6.9-0ubuntu2.1

Ubuntu 7.04:
  hplip                           1.7.3-0ubuntu1.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

It was discovered that the hpssd tool of hplip did not correctly handle
shell meta-characters.  A local attacker could exploit this to execute
arbitrary commands as the hplip user.


Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:   259212 536df2eefb0b9fbe7265ce08cbcab8c6
          Size/MD5:      867 f3fcef4f5d77e560d6e689dd46bd43cf
          Size/MD5: 10018087 38d57f58b48b5b0729d1de507776e7d1

  Architecture independent packages:

          Size/MD5:   206190 b9b489f0774aa87c39124cb0db13fd31
          Size/MD5:  6275996 6418efb1c032cd56481f644f19b3b61f
          Size/MD5:  1110706 e0178bd79b82544198aaaf530440383b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   353370 6bee9b223495e146322db33ba595a3dd
          Size/MD5:   852854 0e1c50cf2f59f863fdd9f6921d75e182
          Size/MD5:   558178 4993f82769599490e9afa75716ec676c

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   345224 d3b9fe0a4f475f27a4a7ed2f489bee5e
          Size/MD5:   825126 12c869a1721ccafc603583d711a01eff
          Size/MD5:   547254 dd426a5a7d2c9df72b6ca89e04bb546f

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   358780 4f77e25806dea449159b42eead6a7c99
          Size/MD5:   862550 60f526a1953027144f3276425fd8048a
          Size/MD5:   563708 92351b2f1f6b6e9a8322e79818656c22

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   338118 74c15c966e2f094464cd476b3b5682fa
          Size/MD5:   784194 92b986a25c359122a5f10123306921fd
          Size/MD5:   542478 79ca390d413545ec5038624a40eddea0

Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:   306365 f41ad069c89422c7cf532b7f0b2298e9
          Size/MD5:     1011 4205e63a16f1218403e403361351779b
          Size/MD5: 13556732 6921d256c9efc37446f5d2fad71979f8

  Architecture independent packages:

          Size/MD5:  6497568 cd98dd4bd54b155e664f6fc988ce3995
          Size/MD5:  4083742 089dcc3694e3d249188774c4ab6f727c
          Size/MD5:   217720 cdf52af0871895a8e4e8a81ada765870

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   382046 6ed6ce7e6fe4301a5322d8cd8dae3744
          Size/MD5:   902140 20107f7558991ccb6e4a90c283b45aa3
          Size/MD5:   632374 b054a977150ec9f73e6334609ba7c947

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   374496 9d99f0b15690bef45e3458ac5190f988
          Size/MD5:   874992 f5a1dc5eb40a50f043b2a2b5f73f9802
          Size/MD5:   620606 05a1aab80677a9147b09dc7c27937712

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   390378 eaec56fad0a69e249b2498eadf818d0d
          Size/MD5:   912866 80f008c38bb588d014dcaf598ca76c3f
          Size/MD5:   646356 e77243f70a0fd1a15c32948d792a5fb9

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   368140 0aebeee7c64bcac5a2ba28cf627b9282
          Size/MD5:   832520 aa33f0f52142a040f1fc462f634ddd53
          Size/MD5:   615194 e9216b7fc51ebb054961f22a5c4f759f

Ubuntu: hplip vulnerability

October 12, 2007
It was discovered that the hpssd tool of hplip did not correctly handle shell meta-characters

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-530-1 October 12, 2007

Package Information

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved