-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:169 http://www.mandriva.com/security/ _______________________________________________________________________ Package : hplip Date : August 13, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0 _______________________________________________________________________ Problem Description: Marc Schoenefeld of the Red Hat Security Response Team discovered a vulnerability in the hplip alert-mailing functionality that could allow a local attacker to elevate their privileges by using specially-crafted packets to trigger alert mails that are sent by the root account (CVE-2008-2940). Another vulnerability was discovered by Marc Schoenefeld in the hpssd message parser that could allow a local attacker to stop the hpssd process by sending specially-craftd packets, causing a denial of service (CVE-2008-2941). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2941 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 83a70dea97bcf550fead0ee3fad08932 2007.1/i586/hplip-2.7.7-7.2mdv2007.1.i586.rpm 7ee68cb6dc64814f9d040e8bc7ca67ef 2007.1/i586/hplip-doc-2.7.7-7.2mdv2007.1.i586.rpm b055ab176b056b0751d2b68f9e34ec52 2007.1/i586/hplip-hpijs-2.7.7-7.2mdv2007.1.i586.rpm c02f74f305d8a90c42ec1f84481067e7 2007.1/i586/hplip-hpijs-ppds-2.7.7-7.2mdv2007.1.i586.rpm 31a009fbc34f485fde381f90cd8cf76e 2007.1/i586/hplip-model-data-2.7.7-7.2mdv2007.1.i586.rpm 7a1a9cb8373fd6966f8cd495664a14a1 2007.1/i586/libhpip0-2.7.7-7.2mdv2007.1.i586.rpm 7e1ddcca51e6415638cfbba7f05ef26f 2007.1/i586/libhpip0-devel-2.7.7-7.2mdv2007.1.i586.rpm c4b990b2704cf5edb8c9d780569c6324 2007.1/i586/libsane-hpaio1-2.7.7-7.2mdv2007.1.i586.rpm c318707ebd9d10f57c612761360b1178 2007.1/SRPMS/hplip-2.7.7-7.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: ef3723584df0f9c67599674b6db8aa27 2007.1/x86_64/hplip-2.7.7-7.2mdv2007.1.x86_64.rpm 17ae578aa6993ff1200444e82197efb2 2007.1/x86_64/hplip-doc-2.7.7-7.2mdv2007.1.x86_64.rpm cd0600174962a2bd3ad3d1a4f1faadd3 2007.1/x86_64/hplip-hpijs-2.7.7-7.2mdv2007.1.x86_64.rpm 708f74ce9ce6ade4dc8167389e312f9a 2007.1/x86_64/hplip-hpijs-ppds-2.7.7-7.2mdv2007.1.x86_64.rpm 3e5832b9145aaa41f743aa670f20f014 2007.1/x86_64/hplip-model-data-2.7.7-7.2mdv2007.1.x86_64.rpm bf7d38126f996dbcd10ba514a766113d 2007.1/x86_64/lib64hpip0-2.7.7-7.2mdv2007.1.x86_64.rpm 907ce0b1d866f6ed35b782c7bea48e89 2007.1/x86_64/lib64hpip0-devel-2.7.7-7.2mdv2007.1.x86_64.rpm 37c264306ddf4f614b594b4a26bca70f 2007.1/x86_64/lib64sane-hpaio1-2.7.7-7.2mdv2007.1.x86_64.rpm c318707ebd9d10f57c612761360b1178 2007.1/SRPMS/hplip-2.7.7-7.2mdv2007.1.src.rpm Mandriva Linux 2008.0: a669379d666c88e8a16504ad983ad402 2008.0/i586/hplip-2.7.7-8.2mdv2008.0.i586.rpm 494b6e9147fb639381d4133cf98612fc 2008.0/i586/hplip-doc-2.7.7-8.2mdv2008.0.i586.rpm 17748ef3c683b999551bf3ffc4f395b3 2008.0/i586/hplip-hpijs-2.7.7-8.2mdv2008.0.i586.rpm dd608f041c6780bfc88272724ddedefc 2008.0/i586/hplip-hpijs-ppds-2.7.7-8.2mdv2008.0.i586.rpm 06d7e452624d5619288dbca8f7c70677 2008.0/i586/hplip-model-data-2.7.7-8.2mdv2008.0.i586.rpm c1d867ed0a2c6599bd281db3f287ac64 2008.0/i586/libhpip0-2.7.7-8.2mdv2008.0.i586.rpm 83425939a7d9f20abb3cf657e6abff1e 2008.0/i586/libhpip0-devel-2.7.7-8.2mdv2008.0.i586.rpm b33ae916dbb238f33af46135eeddf4bb 2008.0/i586/libsane-hpaio1-2.7.7-8.2mdv2008.0.i586.rpm 97b991d5a065c8bf99ad480485e93a35 2008.0/SRPMS/hplip-2.7.7-8.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: b405a8760af623755e8232266c382e11 2008.0/x86_64/hplip-2.7.7-8.2mdv2008.0.x86_64.rpm f98dc84adbe75fd8fa3ef132e6607d33 2008.0/x86_64/hplip-doc-2.7.7-8.2mdv2008.0.x86_64.rpm ba944e7864a866f595d499074869b9b8 2008.0/x86_64/hplip-hpijs-2.7.7-8.2mdv2008.0.x86_64.rpm cd4dd779d069352fcb35b717c35efef9 2008.0/x86_64/hplip-hpijs-ppds-2.7.7-8.2mdv2008.0.x86_64.rpm 184feac7be49c0e67c99dce1683a32ef 2008.0/x86_64/hplip-model-data-2.7.7-8.2mdv2008.0.x86_64.rpm 9d9307fe41b01a37f23916617bfd990a 2008.0/x86_64/lib64hpip0-2.7.7-8.2mdv2008.0.x86_64.rpm 91b98fd69b6ab7a7cbce027878036915 2008.0/x86_64/lib64hpip0-devel-2.7.7-8.2mdv2008.0.x86_64.rpm 500488fb28d19bdd398c55f15ae4c99b 2008.0/x86_64/lib64sane-hpaio1-2.7.7-8.2mdv2008.0.x86_64.rpm 97b991d5a065c8bf99ad480485e93a35 2008.0/SRPMS/hplip-2.7.7-8.2mdv2008.0.src.rpm Mandriva Linux 2008.1: 1ff1ac0d25edb4e0c3d355041b3ee99b 2008.1/i586/hplip-2.8.2-2.1mdv2008.1.i586.rpm 5b6887e12ad80634f844ef76332d4e6b 2008.1/i586/hplip-doc-2.8.2-2.1mdv2008.1.i586.rpm 22619a7630be2f3ece75312c107f3f18 2008.1/i586/hplip-hpijs-2.8.2-2.1mdv2008.1.i586.rpm c53d888519e32d939615e2fbeee7da08 2008.1/i586/hplip-hpijs-ppds-2.8.2-2.1mdv2008.1.i586.rpm f011e651be37ec70d1bace8d80288278 2008.1/i586/hplip-model-data-2.8.2-2.1mdv2008.1.i586.rpm 96cd7153acd9bf2fa7e97e0141015205 2008.1/i586/libhpip0-2.8.2-2.1mdv2008.1.i586.rpm ad30eb0f33a59d501ca9b19a1bfdd596 2008.1/i586/libhpip0-devel-2.8.2-2.1mdv2008.1.i586.rpm 895342b4ea74b66ff11caf25ba05e8a9 2008.1/i586/libsane-hpaio1-2.8.2-2.1mdv2008.1.i586.rpm ec0721343a1f44dda4950a38f91be5a1 2008.1/SRPMS/hplip-2.8.2-2.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: a06e08c9b0f36e5036d871583d18fa44 2008.1/x86_64/hplip-2.8.2-2.1mdv2008.1.x86_64.rpm ee9f3a71639fd721a200f6f71985166d 2008.1/x86_64/hplip-doc-2.8.2-2.1mdv2008.1.x86_64.rpm 700d2a48a22c1ad8c9f577b4502de6b2 2008.1/x86_64/hplip-hpijs-2.8.2-2.1mdv2008.1.x86_64.rpm a9e25ce6b1629acf6c741049c56bb10f 2008.1/x86_64/hplip-hpijs-ppds-2.8.2-2.1mdv2008.1.x86_64.rpm b9a2240b8a037ab7188fcdb0b33a2be6 2008.1/x86_64/hplip-model-data-2.8.2-2.1mdv2008.1.x86_64.rpm 1363348b6924780fea45e1669af9d427 2008.1/x86_64/lib64hpip0-2.8.2-2.1mdv2008.1.x86_64.rpm ee10d5ed822c3d21fbec9bf4f80dfebc 2008.1/x86_64/lib64hpip0-devel-2.8.2-2.1mdv2008.1.x86_64.rpm 63873101b63f13e706df9e1ecd4c43f3 2008.1/x86_64/lib64sane-hpaio1-2.8.2-2.1mdv2008.1.x86_64.rpm ec0721343a1f44dda4950a38f91be5a1 2008.1/SRPMS/hplip-2.8.2-2.1mdv2008.1.src.rpm Corporate 4.0: 777fdcbe85c52b1e0db7a2a5b240e8f1 corporate/4.0/i586/hplip-1.6.7-2.2.20060mlcs4.i586.rpm 9b21f3609bb7894a5b45c0bea18542f9 corporate/4.0/i586/hplip-hpijs-1.6.7-2.2.20060mlcs4.i586.rpm 987d8962f67ab6bbd7ef25eb0326711a corporate/4.0/i586/hplip-hpijs-ppds-1.6.7-2.2.20060mlcs4.i586.rpm 1a98c497f6f5614794eedd2db14fa3ca corporate/4.0/i586/hplip-model-data-1.6.7-2.2.20060mlcs4.i586.rpm 5ad16063e0556e0f0878b68d8f1064ee corporate/4.0/i586/libhpip0-1.6.7-2.2.20060mlcs4.i586.rpm 5e275a760dd9a0432509948bd67cb415 corporate/4.0/i586/libhpip0-devel-1.6.7-2.2.20060mlcs4.i586.rpm a918a721f51f5409002e793f1b8b8f18 corporate/4.0/i586/libsane-hpaio1-1.6.7-2.2.20060mlcs4.i586.rpm 7e7628d18c806f644f6f6dd2e876e30b corporate/4.0/SRPMS/hplip-1.6.7-2.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 7daa0b4aafff137f99e69d52a99f9954 corporate/4.0/x86_64/hplip-1.6.7-2.2.20060mlcs4.x86_64.rpm 0ffb395958b34858e07389c68c5681dc corporate/4.0/x86_64/hplip-hpijs-1.6.7-2.2.20060mlcs4.x86_64.rpm bbf23a0cf41449fa0d5fc5275fc86961 corporate/4.0/x86_64/hplip-hpijs-ppds-1.6.7-2.2.20060mlcs4.x86_64.rpm 544db3c364d87fc3b87793406dbf8b24 corporate/4.0/x86_64/hplip-model-data-1.6.7-2.2.20060mlcs4.x86_64.rpm 0922189cf841085cc6bb573964119dad corporate/4.0/x86_64/lib64hpip0-1.6.7-2.2.20060mlcs4.x86_64.rpm ccf36346eb5acf53c8203a58e5ac4cb5 corporate/4.0/x86_64/lib64hpip0-devel-1.6.7-2.2.20060mlcs4.x86_64.rpm 0422d486d4f749d26ce9bfb06231c9d6 corporate/4.0/x86_64/lib64sane-hpaio1-1.6.7-2.2.20060mlcs4.x86_64.rpm 7e7628d18c806f644f6f6dd2e876e30b corporate/4.0/SRPMS/hplip-1.6.7-2.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIo4c6mqjQ0CJFipgRAjl6AKC0uWNwQSFgRN4zDUr+OSHcwH022wCfXj13 7MRmm5yM3p2javKSBoIT/hI= =qaWN -----END PGP SIGNATURE-----
