USN-708-1: HPLIP vulnerability

Ubuntu Security Notice USN-708-1

13th January, 2009

hplip vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.10

Software description

  • hplip

Details

It was discovered that an installation script in the HPLIP package would
change permissions on the hplip config files located in user's home directories.
A local user could exploit this and change permissions on arbitrary files
upon an HPLIP installation or upgrade, which could lead to root privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 7.10:
hplip 2.7.7.dfsg.1-0ubuntu5.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the
necessary changes.

References

CVE-2009-0122