Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in HPLIP
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in HPLIP
ID: USN-1956-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04
Datum: Mi, 18. September 2013, 18:43
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4325
Applikationen: HP Linux Imaging and Printing

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============3679534073950777808==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig48FF06B3631AD6E2ACB24C64"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig48FF06B3631AD6E2ACB24C64
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1956-1
September 18, 2013

hplip vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

HPLIP could be tricked into bypassing polkit authorizations.

Software Description:
- hplip: HP Linux Printing and Imaging System (HPLIP)

Details:

It was discovered that HPLIP was using polkit in an unsafe manner. A local
attacker could possibly use this issue to bypass intended polkit
authorizations.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
hplip 3.13.3-1ubuntu0.1

Ubuntu 12.10:
hplip 3.12.6-3ubuntu4.1

Ubuntu 12.04 LTS:
hplip 3.12.2-1ubuntu3.2

Ubuntu 10.04 LTS:
hplip 3.10.2-2ubuntu2.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1956-1
CVE-2013-4325

Package Information:
https://launchpad.net/ubuntu/+source/hplip/3.13.3-1ubuntu0.1
https://launchpad.net/ubuntu/+source/hplip/3.12.6-3ubuntu4.1
https://launchpad.net/ubuntu/+source/hplip/3.12.2-1ubuntu3.2
https://launchpad.net/ubuntu/+source/hplip/3.10.2-2ubuntu2.3



--------------enig48FF06B3631AD6E2ACB24C64
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJSOcGHAAoJEGVp2FWnRL6TrT4P/RGYRTWRgmFOZksNZlnhfAIk
Qa5Q5ykvknr3XsiW2ihjMRPllrDFGIfneCOGOuys8ixR3zhtb0s224G7z1shOGd3
M7o/0lvMq+TZi5acM2OHj69mFjEfC5USr2y7RzvFpzCRCQdXxxgGPMmeajcRi7uC
SxSqOdzYqAUqhS7yb6pUgDHVQ+2ojXRq9bPEPQxb1XvEavjkzlufBL+kHpiPyZFT
suAbdO2/65FmdHbO5LaEhVVFexmo94SIAvD2LjgbQVLy5esdCZfarj499B+u3QG5
bOkX3qKYF0BoGwmZtC+k+h/yE6ra2LVOKBM+VQYBF52I/bexPW8eAdC1m3yUVkPd
CJQUkj1Vcn6cjqrBVf6zWN3UwG8LuwHnE228NQth8AZuqmoh9n2ypUEr5DotWNVp
sZhKSdSVQPUBwqSMUGFqNtxLJzyfFy8YiBBrH3zdtr0wgdvwpFvsyhkZ8U6r5a2f
4NyZwYR3Yi4Cs6nYpAkrbCOrsdTEV5EVc85PYRHZ5w0W4w+q+7CTScwsPgbPMlF0
V7j6XTHfwhR38Xg4FffMYNHznD5sIj8U6h1UzdPpwpZkGIYXXuEaXHan2mueJkJa
wjMXmvtRgv3S6SANGoD3RLWf3qPd1KV3B7BhAEaGR0K+D43ikCSUKBDq1EwDD9rS
uadVK4gHEchGR7qJ6ZpC
=Ve8O
-----END PGP SIGNATURE-----

--------------enig48FF06B3631AD6E2ACB24C64--


--===============3679534073950777808==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============3679534073950777808==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung