drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung temporärer Dateien in hplip
Name: |
Unsichere Verwendung temporärer Dateien in hplip |
|
ID: |
FEDORA-2011-11199 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 14 |
|
Datum: |
So, 11. September 2011, 09:49 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2722 |
|
Applikationen: |
HP Linux Imaging and Printing |
|
Originalnachricht |
Name : hplip Product : Fedora 14 Version : 3.11.7 Release : 2.fc14 URL : http://hplip.sourceforge.net/ Summary : HP Linux Imaging and Printing Project Description : The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals.
------------------------------------------------------------------------------- - Update Information:
This update fixes a temporary file vulnerability in the fax support of HPLIP when debugging is enabled. This update adds support for some new printers and fixes several issues. ------------------------------------------------------------------------------- - ChangeLog:
* Thu Aug 18 2011 Tim Waugh <twaugh@redhat.com> 3.11.7-2 - Create debugging files securely (CVE-2011-2722, bug #725830). * Mon Jul 25 2011 Jiri Popelka <jpopelka@redhat.com> 3.11.7-1 - 3.11.7 * Tue Jun 28 2011 Tim Waugh <twaugh@redhat.com> 3.11.5-4 - Added Device ID for HP LaserJet Professional P1606dn (bug #708472). - Update IEEE 1284 Device IDs in hpijs.drv from hpcups.drv. * Fri Jun 10 2011 Tim Waugh <twaugh@redhat.com> 3.11.5-3 - Re-create installed hpcups PPDs unconditionally (bug #712241). * Thu May 19 2011 Jiri Popelka <jpopelka@redhat.com> 3.11.5-2 - Main package requires wget to avoid misleading errors about network connectivity (bug #705843). * Thu May 12 2011 Jiri Popelka <jpopelka@redhat.com> 3.11.5-1 - 3.11.5 * Thu Mar 31 2011 Tim Waugh <twaugh@redhat.com> 3.11.3a-1 - 3.11.3a. * Fri Mar 18 2011 Jiri Popelka <jpopelka@redhat.com> 3.11.3-1 - 3.11.3 (new hpps filter) * Tue Mar 1 2011 Jiri Popelka <jpopelka@redhat.com> 3.11.1-3 - Avoid KeyError in ui4/wifisetupdialog.py (bug #680939). - Corrected IEEE 1284 Device IDs: LaserJet 1300 (bug #670548) LaserJet 3390 (bug #678565) LaserJet P1505 (bug #680951) * Fri Feb 4 2011 Tim Waugh <twaugh@redhat.com> - 3.11.1-2 - Fixed typo causing ";marker-supply-low-warning" state reason to be reported by hpijs (bug #675151). * Mon Jan 24 2011 Jiri Popelka <jpopelka@redhat.com> 3.11.1-1 - 3.11.1 * Mon Jan 17 2011 Tim Waugh <twaugh@redhat.com> - 3.10.9-14 - Applied patch to fix CVE-2010-4267, remote stack overflow vulnerability (bug #670252). * Wed Jan 12 2011 Tim Waugh <twaugh@redhat.com> - 3.10.9-13 - Removed unused hpcac filter to avoid unnecessary perl dependency. * Wed Jan 12 2011 Tim Waugh <twaugh@redhat.com> - 3.10.9-12 - Removed duplicate pstotiff files. * Wed Jan 12 2011 Tim Waugh <twaugh@redhat.com> - 3.10.9-11 - Fixed "CUPS Web Interface" button (bug #633899). - Set mimedir explicitly via configure. * Wed Jan 5 2011 Jiri Popelka <jpopelka@redhat.com> 3.10.9-10 - Catch GError exception when notification showing failed (bug #665577). * Wed Dec 15 2010 Tim Waugh <twaugh@redhat.com> - 3.10.9-9 - Enable D-Bus threading (and require pygobject2) (bug #600932). - Fixed incorrect signal name in setup dialog (bug #653626). - Another missing newline in filter output (Ubuntu #418053). - Prevent hpaio segfaulting on invalid URIs (bug #649092). - Catch D-Bus exceptions in fax dialog (bug #645316). * Fri Dec 3 2010 Jiri Popelka <jpopelka@redhat.com> 3.10.9-8 - Corrected IEEE 1284 Device IDs: HP Color LaserJet CP2025dn (bug #651509). HP Color LaserJet CM3530 MFP (bug #659381). * Fri Dec 3 2010 Jiri Popelka <jpopelka@redhat.com> 3.10.9-7 - Corrected IEEE 1284 Device IDs: HP LaserJet 4050/4100/2100 Series/2420/4200/4300/4350/5100/8000 M3027 MFP/M3035 MFP/P3005/P3010/P4014/P4515 (bug #659039). HP Color LaserJet 2500/2550 series/3700/4550/4600/4650/4700/5550 CP1515n/CP3525/CP4520/CM2320nf MFP (bug #659040). HP Color LaserJet CM4730 MFP (bug #658831). * Fri Nov 12 2010 Tim Waugh <twaugh@redhat.com> - 3.10.9-6 - Call cupsSetUser in cupsext's addPrinter method before connecting so that we can get an authentication callback (bug #538352). - Prevent hp-fab traceback when run as root. * Mon Nov 1 2010 Jiri Popelka <jpopelka@redhat.com> 3.10.9-5 - Don't emit SIGNALs in ui4.setupdialog.SetupDialog the PyQt3 way (bug #623834). * Sun Oct 24 2010 Jiri Popelka <jpopelka@redhat.com> 3.10.9-4 - Avoid UnicodeDecodeError in printsettingstoolbox.py (bug #645739). * Mon Oct 18 2010 Tim Waugh <twaugh@redhat.com> - 3.10.9-3 - Fixed traceback on error condition in device.py (bug #628125). - Fixed bogus low ink warnings from hpijs driver (bug #643643). * Thu Oct 14 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.9-2 - Fixed utils.addgroup() to return array instead of string (bug #642771). * Mon Oct 4 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.9-1 - 3.10.9. * Thu Sep 30 2010 Tim Waugh <twaugh@redhat.com> - 3.10.6-7 - More fixes from package review: - Avoided another macro in comment. - Use python_sitearch macro throughout. * Wed Sep 29 2010 jkeating - 3.10.6-5.1 - Rebuilt for gcc bug 634757 * Mon Sep 20 2010 Jiri Popelka <jpopelka@redhat.com> - 3.10.6-5 - Increased timeouts for curl, wget, ping for high latency networks (bug #635388). * Sat Sep 18 2010 Dan Horák <dan[at]danny.cz> - 3.10.6-4 - drop the ExcludeArch for s390(x) * Wed Sep 15 2010 Tim Waugh <twaugh@redhat.com> - Fixes from package review: - Main package and hpijs sub-package require cups for directories. - The common sub-package requires udev for directories. - The libs sub-package requires python for directories. - Avoided macro in comment. - The lib sub-package now runs ldconfig for post/postun. - Use python_sitearch macro. * Mon Sep 13 2010 Jiri Popelka <jpopelka@redhat.com> - Added IEEE 1284 Device ID for HP LaserJet 4000 (bug #633227). ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #725830 - CVE-2011-2722 hplip: insecure temporary file handling https://bugzilla.redhat.com/show_bug.cgi?id=725830 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update hplip' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|