CentOS Errata and Security Advisory CESA-2013:0133
Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for Hewlett-Packard (HP) printers and multifunction peripherals.
It was found that the HP CUPS (Common UNIX Printing System) fax filter in HPLIP created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to a process using the fax filter (such as the hp3-sendfax tool). (CVE-2011-2722)
This update also fixes the following bug:
All users of hplip3 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2013-January/019115.html http://lists.centos.org/pipermail/centos-cr-announce/2013-January/000350.html
Affected packages: hpijs3 hplip3 hplip3-common hplip3-gui hplip3-libs libsane-hpaio3
Upstream details at: https://rhn.redhat.com/errata/RHSA-2013-0133.html