| 1 |
type: security |
| 2 |
subject: Updated hplip package fixes security vulnerabilities |
| 3 |
CVE: |
| 4 |
- CVE-2013-6402 |
| 5 |
- CVE-2013-6427 |
| 6 |
src: |
| 7 |
3: |
| 8 |
core: |
| 9 |
- hplip-3.12.9-6.3.mga3 |
| 10 |
description: | |
| 11 |
It was discovered that the HPLIP Polkit daemon incorrectly handled |
| 12 |
temporary files. A local attacker could possibly use this issue to |
| 13 |
overwrite arbitrary files. (CVE-2013-6402) |
| 14 |
|
| 15 |
It was discovered that HPLIP contained an upgrade tool that would download |
| 16 |
code in an unsafe fashion. If a remote attacker were able to perform a |
| 17 |
man-in-the-middle attack, this flaw could be exploited to execute arbitrary |
| 18 |
code. (CVE-2013-6427) |
| 19 |
|
| 20 |
Additionnally, this update should fix issues regarding wireless connection |
| 21 |
to printer hplip after 3.12.9 and prior to version 3.12.11 had issues with |
| 22 |
setting up wireless connection to printers due to internal code changes |
| 23 |
which had not been applied consistently. |
| 24 |
references: |
| 25 |
- https://bugs.mageia.org/show_bug.cgi?id=11809 |
| 26 |
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876 |
| 27 |
- https://bugs.launchpad.net/hplip/+bug/1048754 |
| 28 |
ID: MGASA-2014-0033 |
Parent Directory
| 
Revision Log