12 matches found
RHEL 6 : hplip (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - hplip: hp-plugin verified binary download with short key ID CVE-2015-0839 Note that Nessus has not tested for this...
Debian: Security Advisory (DLA-775-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2015-0839
The hp-plugin utility in HP Linux Imaging and Printing HPLIP makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads...
CVE-2015-0839
The hp-plugin utility in HP Linux Imaging and Printing HPLIP makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads...
CVE-2015-0839
The hp-plugin utility in HP Linux Imaging and Printing HPLIP makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads...
CVE-2015-0839
The hp-plugin utility in HP Linux Imaging and Printing HPLIP makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads...
CVE-2015-0839
The CVE-2015-0839 issue affects the hp-plugin download verification in HP Linux Imaging and Printing (HPLIP). Root cause: verification uses a short GPG key ID from a keyserver, enabling MITM attackers to potentially drive arbitrary code execution during print plugin downloads. Impact: network-exp...
Debian DLA-775-1 : hplip security update
CVE-2015-0839 The hplip plugin download function verifies the driver using a short-key. This is not secure because it is trivial to generate keys with arbitrary key IDs. For Debian 7 'Wheezy', these problems have been fixed in version 3.12.6-3.1+deb7u2. We recommend that you upgrade your hplip...
[SECURITY] [DLA 775-1] hplip security update
Package : hplip Version : 3.12.6-3.1+deb7u2 CVE ID : CVE-2015-0839 Debian Bug : 787353 CVE-2015-0839 The hplip plugin download function verifies the driver using a short-key. This is not secure because it is trivial to generate keys with arbitrary key IDs. For Debian 7 "Wheezy", these problems ha...
Updated hplip packages fix CVE-2015-0839
Updated hplip packages fix security vulnerability: It was reported that the hp-plugin utility, included in the hplip package, downloads a binary driver and verifies it via a key specified by the key's short ID. A man-in-the-middle attacker could use this flaw to generate a key with the expected...
Ubuntu: Security Advisory (USN-2699-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 22 : hplip-3.15.7-1.fc22 (2015-11723)
New upstream bug-fix release, which fixes CVE-2015-0839 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...