Security update for hplip
SUSE Security Update: Security update for hplip
hplip was updated to fix three security issues:
*
CVE-2013-0200: Some local file overwrite problems via
predictable /tmp filenames were fixed.
*
CVE-2013-4325: hplip used an insecure polkit DBUS API
(polkit-process subject race condition) which could lead to
local privilege escalation.
*
CVE-2013-6402: hplip uses arbitrary file
creation/overwrite (via hardcoded file name
/tmp/hp-pkservice.log).
Security Issue references:
* CVE-2013-4325
>
* CVE-2013-0200
>
* CVE-2013-6402
>
| Announcement ID: | SUSE-SU-2014:0188-2 |
| Rating: | moderate |
| References: | #808355 #835827 #836937 #852368 |
| Affected Products: |
An update that solves three vulnerabilities and has one errata is now available.
Description:
hplip was updated to fix three security issues:
*
CVE-2013-0200: Some local file overwrite problems via
predictable /tmp filenames were fixed.
*
CVE-2013-4325: hplip used an insecure polkit DBUS API
(polkit-process subject race condition) which could lead to
local privilege escalation.
*
CVE-2013-6402: hplip uses arbitrary file
creation/overwrite (via hardcoded file name
/tmp/hp-pkservice.log).
Security Issue references:
* CVE-2013-4325
* CVE-2013-0200
* CVE-2013-6402
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-hplip-8775 - SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-hplip-8775 - SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-hplip-8775
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):
- hplip-3.11.10-0.6.11.1
- hplip-hpijs-3.11.10-0.6.11.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- hplip-3.11.10-0.6.11.1
- hplip-hpijs-3.11.10-0.6.11.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
- hplip-3.11.10-0.6.11.1
- hplip-hpijs-3.11.10-0.6.11.1
References:
- http://support.novell.com/security/cve/CVE-2013-0200.html
- http://support.novell.com/security/cve/CVE-2013-4325.html
- http://support.novell.com/security/cve/CVE-2013-6402.html
- https://bugzilla.novell.com/808355
- https://bugzilla.novell.com/835827
- https://bugzilla.novell.com/836937
- https://bugzilla.novell.com/852368
- http://download.novell.com/patch/finder/?keywords=a2dac37e61f2ee4ba76c35e24283e75e