1 |
type: security |
2 |
subject: Updated hplip package fixes security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2013-6402 |
5 |
- CVE-2013-6427 |
6 |
src: |
7 |
3: |
8 |
core: |
9 |
- hplip-3.12.9-6.3.mga3 |
10 |
description: | |
11 |
It was discovered that the HPLIP Polkit daemon incorrectly handled |
12 |
temporary files. A local attacker could possibly use this issue to |
13 |
overwrite arbitrary files. (CVE-2013-6402) |
14 |
|
15 |
It was discovered that HPLIP contained an upgrade tool that would download |
16 |
code in an unsafe fashion. If a remote attacker were able to perform a |
17 |
man-in-the-middle attack, this flaw could be exploited to execute arbitrary |
18 |
code. (CVE-2013-6427) |
19 |
|
20 |
Additionnally, this update should fix issues regarding wireless connection |
21 |
to printer hplip after 3.12.9 and prior to version 3.12.11 had issues with |
22 |
setting up wireless connection to printers due to internal code changes |
23 |
which had not been applied consistently. |
24 |
references: |
25 |
- https://bugs.mageia.org/show_bug.cgi?id=11809 |
26 |
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876 |
27 |
- https://bugs.launchpad.net/hplip/+bug/1048754 |
28 |
ID: MGASA-2014-0033 |