hpijs, hpijs3, hplip, hplip3, libsane security update

2011-04-14T19:47:58
ID CESA-2011:0154
Type centos
Reporter CentOS Project
Modified 2011-04-14T19:47:58

Description

CentOS Errata and Security Advisory CESA-2011:0154

Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for Hewlett-Packard printers and multifunction peripherals, and tools for installing, using, and configuring them.

A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially-crafted SNMP responses, it could cause those HPLIP tools to crash or, possibly, execute arbitrary code with the privileges of the user running them. (CVE-2010-4267)

Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.

Users of hplip should upgrade to these updated packages, which contain a backported patch to correct this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2011-April/017342.html http://lists.centos.org/pipermail/centos-announce/2011-April/017343.html http://lists.centos.org/pipermail/centos-announce/2011-April/017344.html http://lists.centos.org/pipermail/centos-announce/2011-April/017345.html

Affected packages: hpijs hpijs3 hplip hplip3 hplip3-common hplip3-gui hplip3-libs libsane-hpaio libsane-hpaio3

Upstream details at: https://rhn.redhat.com/errata/RHSA-2011-0154.html