hplip-1.6.7-4.1.4.1AXS3
エラータID: AXSA:2008-271:01
Release date:
Wednesday, October 8, 2008 - 21:07
Subject:
hplip-1.6.7-4.1.4.1AXS3
Affected Channels:
Asianux Server 3 for ia64
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Asianux Server 3 for ppc
Severity:
Moderate
Description:
Description of problem:
The hplip (Hewlett-Packard Linux Imaging and Printing) packages provide drivers for Hewlett-Packard printers and multifunction peripherals.
A flaw was discovered in the hplip alert-mailing functionality. A local attacker could elevate their privileges by using specially-crafted packets to trigger alert mails, which are sent by the root account. (CVE-2008-2940).
A flaw was discovered in the hpssd message parser. By sending specially-crafted packets, a local attacker could cause a denial of service, stopping the hpssd process. (CVE-2008-2941).
Solution:
Update packages
CVEs:
CVE-2008-2940
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
CVE-2008-2941
The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.
The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.
Additional Info:
N/A
Download:
Asianux Server 3 for x86
- hpijs-1.6.7-4.1.4.1AXS3.i386.rpm
MD5: 8e5db9c30f968c6d331a83b3d57832b0
SHA-256: a71cd7151bec6c488243dff2612a15c16c017940658bee64ad78ea68e3871d85
Size: 286.60 kB - hplip-1.6.7-4.1.4.1AXS3.i386.rpm
MD5: 8377a418b3ba8408277652ad0dc2609e
SHA-256: ad5d03f2fc8f6f147a610b95a74b12a43328b898b11b6562b2cd11f2179a539b
Size: 7.80 MB - libsane-hpaio-1.6.7-4.1.4.1AXS3.i386.rpm
MD5: 38c298145ea8068c8dc37f801f3bc19d
SHA-256: 455adb41da29fe69f15687d52410343071b49d1df6ba066d255a8dee754d2e03
Size: 57.74 kB
Asianux Server 3 for x86_64
- hpijs-1.6.7-4.1.4.1AXS3.x86_64.rpm
MD5: 687add50c38066b53081858148f98c61
SHA-256: af5c6b9b780b350a42362a02af8f2d35e712055b19243f0a5e73f075214935fa
Size: 285.31 kB - hplip-1.6.7-4.1.4.1AXS3.x86_64.rpm
MD5: d76d3f5680a4acf41be170f949813780
SHA-256: 712b65a85cd609f28ff0b2dbad6e92e7a2a17d2bd4e753af8c4599e92cce2ebe
Size: 7.81 MB - libsane-hpaio-1.6.7-4.1.4.1AXS3.x86_64.rpm
MD5: 6454a1a4bdb46e91a2320112fb015def
SHA-256: c23e64dd1468cb5491a5f364a9b4c899ca578a4ed9992de482c3d79d350ca315
Size: 57.63 kB