drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in hplip
Name: |
Ausführen beliebiger Kommandos in hplip |
|
ID: |
FEDORA-2011-0525 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 13 |
|
Datum: |
Mi, 26. Januar 2011, 23:03 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4267 |
|
Applikationen: |
HP Linux Imaging and Printing |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-0525 2011-01-18 20:51:41 ------------------------------------------------------------------------------- -
Name : hplip Product : Fedora 13 Version : 3.10.9 Release : 14.fc13 URL : http://hplip.sourceforge.net/ Summary : HP Linux Imaging and Printing Project Description : The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals.
------------------------------------------------------------------------------- - Update Information:
Applied patch to fix CVE-2010-4267, remote stack overflow vulnerability (bug #670252). ------------------------------------------------------------------------------- - ChangeLog:
* Mon Jan 17 2011 Tim Waugh <twaugh@redhat.com> - 3.10.9-14 - Applied patch to fix CVE-2010-4267, remote stack overflow vulnerability (bug #670252). * Wed Jan 12 2011 Tim Waugh <twaugh@redhat.com> - 3.10.9-13 - Removed unused hpcac filter to avoid unnecessary perl dependency. * Wed Jan 12 2011 Tim Waugh <twaugh@redhat.com> - 3.10.9-12 - Removed duplicate pstotiff files. * Wed Jan 12 2011 Tim Waugh <twaugh@redhat.com> - 3.10.9-11 - Fixed "CUPS Web Interface" button (bug #633899). - Set mimedir explicitly via configure. * Wed Jan 5 2011 Jiri Popelka <jpopelka@redhat.com> 3.10.9-10 - Catch GError exception when notification showing failed (bug #665577). * Wed Dec 15 2010 Tim Waugh <twaugh@redhat.com> - 3.10.9-9 - Enable D-Bus threading (and require pygobject2) (bug #600932). - Fixed incorrect signal name in setup dialog (bug #653626). - Another missing newline in filter output (Ubuntu #418053). - Prevent hpaio segfaulting on invalid URIs (bug #649092). - Catch D-Bus exceptions in fax dialog (bug #645316). * Fri Dec 3 2010 Jiri Popelka <jpopelka@redhat.com> 3.10.9-8 - Corrected IEEE 1284 Device IDs: HP Color LaserJet CP2025dn (bug #651509). HP Color LaserJet CM3530 MFP (bug #659381). * Fri Dec 3 2010 Jiri Popelka <jpopelka@redhat.com> 3.10.9-7 - Corrected IEEE 1284 Device IDs: HP LaserJet 4050/4100/2100 Series/2420/4200/4300/4350/5100/8000 M3027 MFP/M3035 MFP/P3005/P3010/P4014/P4515 (bug #659039). HP Color LaserJet 2500/2550 series/3700/4550/4600/4650/4700/5550 CP1515n/CP3525/CP4520/CM2320nf MFP (bug #659040). HP Color LaserJet CM4730 MFP (bug #658831). * Fri Nov 12 2010 Tim Waugh <twaugh@redhat.com> - 3.10.9-6 - Call cupsSetUser in cupsext's addPrinter method before connecting so that we can get an authentication callback (bug #538352). - Prevent hp-fab traceback when run as root. * Mon Nov 1 2010 Jiri Popelka <jpopelka@redhat.com> 3.10.9-5 - Don't emit SIGNALs in ui4.setupdialog.SetupDialog the PyQt3 way (bug #623834). * Sun Oct 24 2010 Jiri Popelka <jpopelka@redhat.com> 3.10.9-4 - Avoid UnicodeDecodeError in printsettingstoolbox.py (bug #645739). * Mon Oct 18 2010 Tim Waugh <twaugh@redhat.com> - 3.10.9-3 - Fixed traceback on error condition in device.py (bug #628125). - Fixed bogus low ink warnings from hpijs driver (bug #643643). * Thu Oct 14 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.9-2 - Fixed utils.addgroup() to return array instead of string (bug #642771). * Mon Oct 4 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.9-1 - 3.10.9. * Wed Sep 22 2010 Tim Waugh <twaugh@redhat.com> - More fixes from package review: - Avoided another macro in comment. - Use python_sitearch macro throughout. * Mon Sep 20 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.6-5 - Increased timeouts for curl, wget, ping for high latency networks (bug #635388). * Wed Sep 15 2010 Tim Waugh <twaugh@redhat.com> - Fixes from package review: - Main package and hpijs sub-package require cups for directories. - The common sub-package requires udev for directories. - The libs sub-package requires python for directories. - Avoided macro in comment. - The lib sub-package now runs ldconfig for post/postun. - Use python_sitearch macro. * Mon Sep 13 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.6-4 - Added IEEE 1284 Device ID for HP LaserJet 4000 (bug #633227). * Fri Aug 20 2010 Tim Waugh <twaugh@redhat.com> - 3.10.6-3 - Added another SNMP quirk for an OfficeJet Pro 8500 variant. * Thu Aug 12 2010 Tim Waugh <twaugh@redhat.com> - 3.10.6-2 - Use correct fax PPD name for Qt3 UI. * Tue Jul 27 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.6-1 - 3.10.6. - Changed shebang /usr/bin/env python -> /usr/bin/python (bug #618351). - Corrected IEEE 1284 Device IDs: - HP Color LaserJet CP1518ni (bug #613689). - HP Color LaserJet 2600n (bug #613712). * Thu Jun 24 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.5-7 - Added COPYING to common sub-package. * Thu Jun 24 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.5-6 - Main package requires explicit version of hplip-libs. * Thu Jun 17 2010 Tim Waugh <twaugh@redhat.com> - 3.10.5-5 - Fixed marker-supply attributes in hpijs (bug #605269). * Wed Jun 9 2010 Tim Waugh <twaugh@redhat.com> - 3.10.5-4 - Mark SNMP quirks in PPD for HP OfficeJet Pro 8500 (bug #581825). * Mon Jun 7 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.5-3 - hplip-gui requires libsane-hpaio * Thu Jun 3 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.5-2 - Fix ImageableArea for Laserjet 8150/9000 (#596298) * Mon May 17 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.5-1 - 3.10.5. No longer need tray-icon-crash.patch - Increase the timeout for system tray availability checking (bug #569969). * Wed May 12 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.2-16 - Prevent segfault in cupsext when opening PPD file (bug #572775). * Wed May 12 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.2-15 - Added/corrected more IEEE 1284 Device IDs: - HP LaserJet 4250 (bug #585499). - HP Color LaserJet 2605dn (bug #583953). - HP LaserJet P1007 (bug #585272). * Wed May 12 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.2-14 - Wait for max 30s to see if a system tray becomes available (bug #569969). * Wed Apr 28 2010 Tim Waugh <twaugh@redhat.com> - 3.10.2-13 - Clear old printer-state-reasons we used to manage (bug #510926). * Tue Apr 27 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.2-12 - Added missing newline to string argument in dbglog() call (bug #585275). ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #662740 - CVE-2010-4267 hplip: remote stack overflow vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=662740 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update hplip' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|