Ubuntu Security Notice USN-674-1
19th November, 2008
hplip vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.04 LTS
- Ubuntu 7.10
- Ubuntu 6.06 LTS
Software description
- hplip
Details
It was discovered that the hpssd tool of hplip did not validate
privileges in the alert-mailing function. A local attacker could
exploit this to gain privileges and send e-mail messages from the
account of the hplip user. This update alters hplip behaviour by
preventing users from setting alerts and by moving alert configuration
to a root-controlled /etc/hp/alerts.conf file. (CVE-2008-2940)
It was discovered that the hpssd tool of hplip did not correctly
handle certain commands. A local attacker could use a specially
crafted packet to crash hpssd, leading to a denial of service.
(CVE-2008-2941)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 8.04 LTS:
- hplip 2.8.2-0ubuntu8.1
- Ubuntu 7.10:
- hplip 2.7.7.dfsg.1-0ubuntu5.1
- Ubuntu 6.06 LTS:
- hplip 0.9.7-4ubuntu1.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.