Linux Compatible
  • News
    • Channels
    • Archive
    • Search
    • Submit
  • Articles
    • Categories
  • Knowledgebase
  • Compatibility
    • Search
  • Links
  • Forums
  • Twitter
Advertisement

Latest News
[ Windows | Linux | Apple ]

· Dune HD PRO 4K Premium Compact Media Player Review and more
· Gigabyte Aorus X470 Gaming 7 Wifi Review and more
· Libreoffice and Libsdl2-image Updates for Debian 8/9
· Chromium and Cfitsio Updates for openSUSE
· MySQL-5.5 Security Update for Debian 8
· AMD 2nd Gen Ryzen Reviews and more
· Windows 10 Insider Preview Build 17650 released
· MySQL and Libreoffice Updates for Debian 7 LTS
· Apache and OpenSSL Security Update for Ubuntu Linux
· MySQL 8.0.11 released

Upcoming News
· Samsung 860 Pro SSD Review @ Vortez
· Raijintek Orcus 240 @ TechPowerUp
· Team Group Cardea Zero 240 GB @ TechPowerUp
· Guru3D Rig of the Month - January 2018
· Cooler Master MK750 Review @ Vortez
· Seagate Skyhawk 10TB SATA III HDD Review
· Vulkan Continues To Show Its Gaming Strength On Low-End Hardware
· Seagate IronWolf ST12000VN0007 12TB Hard Drive Review @ APH Networks
· Sennheiser Game One @ TechPowerUp
· be quiet! Straight Power 11 1000W Power Supply Review

Linux Compatibility
· Brother DCP-L2540DN
· Sound Blaster E5
· WD Elements 500GB external hard drive
· Canon D660U Flatbad scanner
· Umax Astra 4500 USB Scanner
· Logitech QuickCam Pro 4000
· Dell Latitude E6420
· Creative Sound Blaster Z
· Photosmart 5520
· TB-5300 Slimline Design Tablet

New Forum Topics
· Dale
by: Dale Blinco
on: 2018-02-05 00:26
1 replies, 1202 views

· modem driver needed
by: jongiffen777
on: 2017-12-13 11:11
1 replies, 2376 views

· Need a decent browser for XP Pro!
by: percy
on: 2017-12-05 11:02
2 replies, 4265 views

· Comodo Time Machine + Faronics Deep Freeze
by: Jabberwocky
on: 2017-11-15 23:17
1 replies, 2868 views

· Linux compatablity
by: ibme
on: 2017-10-04 18:05
1 replies, 4784 views

News Channels
· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android
· Oracle Linux
· Arch Linux

What's New
Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Linux Compatible » News » October 2007 » RHSA-2007:0960-01 Important: hplip security update

RHSA-2007:0960-01 Important: hplip security update

Posted by Bob on: 10/11/2007 07:30 PM [ Print | 0 comment(s) ]

A new update is available for Red Hat Enterprise Linux. Here the announcement:




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: hplip security update
Advisory ID: RHSA-2007:0960-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0960.html
Issue date: 2007-10-11
Updated on: 2007-10-11
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-5208
- ---------------------------------------------------------------------

1. Summary:

An updated hplip package to correct a security flaw is now available for Red
Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64

3. Problem description:

The hplip (Hewlett-Packard Linux Imaging and Printing Project) package
provides drivers for HP printers and multi-function peripherals.

Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user
input. A local attacker could send a specially crafted request to the hpssd
daemon, possibly allowing them to run arbitrary commands as the root user.
(CVE-2007-5208). On Red Hat Enterprise Linux 5, the SELinux targeted
policy for hpssd which is enabled by default, blocks the ability to exploit
this issue to run arbitrary code.

Users of hplip are advised to upgrade to this updated package, which
contains backported patches to resolve this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

319921 - CVE-2007-5208 hplip arbitrary command execution

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/hplip-1.6.7-4.1.el5_0.3.src.rpm
c5f2b2ce887ac95075ba475d45baac01 hplip-1.6.7-4.1.el5_0.3.src.rpm

i386:
4be2c867b1246aeed68d0844596d787c hpijs-1.6.7-4.1.el5_0.3.i386.rpm
7afd906783f52fe1fa197fc1f3856715 hplip-1.6.7-4.1.el5_0.3.i386.rpm
5742b8afde9f3b3cb0d55c2921ba2e9a hplip-debuginfo-1.6.7-4.1.el5_0.3.i386.rpm
da6f95abff9164ef5bae0047158c15b0 libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm

x86_64:
747e4df638df0a43104e0836d229d079 hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm
a9eef76431a904c7bc8f306e133e496f hplip-1.6.7-4.1.el5_0.3.x86_64.rpm
1bbd3357075d96b2ed3d6126a7714032 hplip-debuginfo-1.6.7-4.1.el5_0.3.x86_64.rpm
2b58cb4d8adf686133f691888887cbbf libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/hplip-1.6.7-4.1.el5_0.3.src.rpm
c5f2b2ce887ac95075ba475d45baac01 hplip-1.6.7-4.1.el5_0.3.src.rpm

i386:
4be2c867b1246aeed68d0844596d787c hpijs-1.6.7-4.1.el5_0.3.i386.rpm
7afd906783f52fe1fa197fc1f3856715 hplip-1.6.7-4.1.el5_0.3.i386.rpm
5742b8afde9f3b3cb0d55c2921ba2e9a hplip-debuginfo-1.6.7-4.1.el5_0.3.i386.rpm
da6f95abff9164ef5bae0047158c15b0 libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm

ia64:
7cf2ec0558c04de7ee684bb67315a752 hpijs-1.6.7-4.1.el5_0.3.ia64.rpm
f43e3af12f7377c05bf629b6a893ba1d hplip-1.6.7-4.1.el5_0.3.ia64.rpm
93f88c75d678539ee3a1efdffee5b8eb hplip-debuginfo-1.6.7-4.1.el5_0.3.ia64.rpm
d40d9655bbb0774cae895de6fd93c63e libsane-hpaio-1.6.7-4.1.el5_0.3.ia64.rpm

ppc:
4ca6e4a9d3f6abf3d990af0eff16e602 hpijs-1.6.7-4.1.el5_0.3.ppc.rpm
a9793da0ce6476abccdb932bc28807c4 hplip-1.6.7-4.1.el5_0.3.ppc.rpm
b9d06b0bffd5a93252120da08a2691fc hplip-debuginfo-1.6.7-4.1.el5_0.3.ppc.rpm
d4713ab787b5f3fa636a6a6dc2a27caf libsane-hpaio-1.6.7-4.1.el5_0.3.ppc.rpm

x86_64:
747e4df638df0a43104e0836d229d079 hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm
a9eef76431a904c7bc8f306e133e496f hplip-1.6.7-4.1.el5_0.3.x86_64.rpm
1bbd3357075d96b2ed3d6126a7714032 hplip-debuginfo-1.6.7-4.1.el5_0.3.x86_64.rpm
2b58cb4d8adf686133f691888887cbbf libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHDmrcXlSAg2UNWIIRAv3gAJ9lilA7doBsplxy2WXbHIHSnYvc+gCgoRQF
m1qAthSbglekmykuzjq8t50=
=Q+AF
-----END PGP SIGNATURE-----


Bookmark and Share

« BetterZip 1.5.2 · RHSA-2007:0912-01 Important: libvorbis security update »

Linux Compatible » News » October 2007 » RHSA-2007:0960-01 Important: hplip security update
All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2018 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition