hpijs, hpijs3, hplip, hplip3, libsane security update

CentOS Errata and Security Advisory CESA-2011:0154

Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for
Hewlett-Packard printers and multifunction peripherals, and tools for
installing, using, and configuring them.

A flaw was found in the way certain HPLIP tools discovered devices using
the SNMP protocol. If a user ran certain HPLIP tools that search for
supported devices using SNMP, and a malicious user is able to send
specially-crafted SNMP responses, it could cause those HPLIP tools to crash
or, possibly, execute arbitrary code with the privileges of the user
running them. (CVE-2010-4267)

Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for
reporting this issue.

Users of hplip should upgrade to these updated packages, which contain a
backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-April/079504.html
https://lists.centos.org/pipermail/centos-announce/2011-April/079505.html
https://lists.centos.org/pipermail/centos-announce/2011-April/079506.html
https://lists.centos.org/pipermail/centos-announce/2011-April/079507.html

Affected packages:
hpijs
hpijs3
hplip
hplip3
hplip3-common
hplip3-gui
hplip3-libs
libsane-hpaio
libsane-hpaio3

Upstream details at:
https://access.redhat.com/errata/RHSA-2011:0154