drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung temporärer Dateien in HPLIP
Name: |
Unsichere Verwendung temporärer Dateien in HPLIP |
|
ID: |
USN-1981-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 |
|
Datum: |
Di, 1. Oktober 2013, 10:58 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0200 |
|
Applikationen: |
HP Linux Imaging and Printing |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0090443451883834867== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="7uKNENVWjb99KkFuXU4CtsKqkL40URKHk"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --7uKNENVWjb99KkFuXU4CtsKqkL40URKHk Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1981-1 September 30, 2013
hplip vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS
Summary:
HPLIP could be made to overwrite files.
Software Description: - hplip: HP Linux Printing and Imaging System (HPLIP)
Details:
It was discovered that HPLIP incorrectly handled temporary files when using the fax capabilities. A local attacker could possibly use this issue to overwrite arbitrary files. This issue only applied to Ubuntu 10.04 LTS. (CVE-2011-2722)
Tim Waugh discovered that HPLIP incorrectly handled temporary files when printing. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS and Ubuntu 12.10, this should be prevented by the Yama link restrictions. (CVE-2013-0200)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: hplip 3.12.6-3ubuntu4.2
Ubuntu 12.04 LTS: hplip 3.12.2-1ubuntu3.3
Ubuntu 10.04 LTS: hplip 3.10.2-2ubuntu2.4
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1981-1 CVE-2011-2722, CVE-2013-0200
Package Information: https://launchpad.net/ubuntu/+source/hplip/3.12.6-3ubuntu4.2 https://launchpad.net/ubuntu/+source/hplip/3.12.2-1ubuntu3.3 https://launchpad.net/ubuntu/+source/hplip/3.10.2-2ubuntu2.4
--7uKNENVWjb99KkFuXU4CtsKqkL40URKHk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJSSchDAAoJEGVp2FWnRL6TNa0P/j7BOOkHNIHlQOeXnovqCveq jOpcvUVsmxKD0MlgRPbUbSih9wlG3gRuZ9tgOhAWrh3zJHrB5sXn7u2ra90n4paY NaF+dnNXGhDcvMSj/I5Y1Iu0Aqnf5LIK7+80jOXt2hKe7lygKvmsAcQZ8ogN0IYr 6UOSzWrsA6lGwyUxKG/boMlVto/u+tzfDSJGWdqIzj2PmUy16dxtJ5VaQX8biqLJ lg9eRCzSeA4xqrWu8zRJLENDamwBD/HMWW97RVPkze9af/6uUxCQQzgbsxT6mUif BMqxUeXVRh+Uxg9c/Dc13YuEbMxElvTnhHNr172lzftXYi0uIePTW+66sFZDS9P1 QLVwa2lQb+8QUEpvX+gedxTPC/mF2ssiagm5HwpXY6zmZW8X7mJKiVeQ+b4iMzrw cvEblQ8VyWdkYA4iP0cwRAVtDDMjN8LlXwMtlLe+AEn6LxH4f7BfFlQzlwLYPdQY UDZ9n1LoZK/QZmvwgEv3/fmLUsbh3hU4BTtiIJwgVUl4KrVCxYgcj3jPpHTQ4sTI cWbU476SNmYi+Wa+aaWXte3505Uy/bn4h9xk7Obopn0omvDfYMv6QknKUxTTopCo Rn45Fc/sNe2uLScglEg7xAZwTw4fJ10upzgG+38yL89tzAKemgOBpG7D4KIin68J cBHrs71/sWOpNDYkykAK =To6a -----END PGP SIGNATURE-----
--7uKNENVWjb99KkFuXU4CtsKqkL40URKHk--
--===============0090443451883834867== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0090443451883834867==--
|
|
|
|