Prilikom korištenja programskog paketa HPLIP (eng. Hewlett-Packard Linux Imaging and Printing) uočena je sigurnosna ranjivost. Radi se o programskoj podršci za HP pisače, fakseve i skenere. Ranjivost se javlja prilikom traženja novih uređaja pomoću SNMP (eng. Simple Network Management Protocol) protokola. Napadači propust mogu iskoristiti za pokretanje proizvoljnog programskog koda ili izvođenje napada uskraćivanja usluge slanjem posebno oblikovanog SNMP zahtjeva. Izdana je nova, ispravljena inačica paketa pa se svim korisnicima savjetuje njena instalacija.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:013
http://www.mandriva.com/security/
_______________________________________________________________________
Package : hplip
Date : January 19, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in hplip:
A flaw was found in the way certain HPLIP tools discovered devices
using the SNMP protocol. If a user ran certain HPLIP tools that search
for supported devices using SNMP, and a malicious user is able to send
specially-crafted SNMP responses, it could cause those HPLIP tools
to crash or, possibly, execute arbitrary code with the privileges of
the user running them (CVE-2010-4267).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4267
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
8214d304ea3600384ac1294a68f97f7d
2009.0/i586/hplip-3.9.2-0.3mdv2009.0.i586.rpm
d22709aa65a201f2c4dc12d8d62dcc3e
2009.0/i586/hplip-doc-3.9.2-0.3mdv2009.0.i586.rpm
8ffd86cae73deaf3ab7e1923b03acbdf
2009.0/i586/hplip-gui-3.9.2-0.3mdv2009.0.i586.rpm
3dd9bb27f26f86f616554ab10457604a
2009.0/i586/hplip-hpijs-3.9.2-0.3mdv2009.0.i586.rpm
6d669b42e440c17cd00a85180907d963
2009.0/i586/hplip-hpijs-ppds-3.9.2-0.3mdv2009.0.i586.rpm
89bf042640cfeecf86e291bc58982c12
2009.0/i586/hplip-model-data-3.9.2-0.3mdv2009.0.i586.rpm
ee41d05b0155ba083cd7947695c36150
2009.0/i586/libhpip0-3.9.2-0.3mdv2009.0.i586.rpm
5777267dbf4eca32d6767b861296ba1d
2009.0/i586/libhpip0-devel-3.9.2-0.3mdv2009.0.i586.rpm
374c44a32f6b37ade9a484f3ec8887b9
2009.0/i586/libsane-hpaio1-3.9.2-0.3mdv2009.0.i586.rpm
049c49a5f2d9cba781afe22481304c11
2009.0/SRPMS/hplip-3.9.2-0.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
3ef81309b167606ac368bb2c0290fa92
2009.0/x86_64/hplip-3.9.2-0.3mdv2009.0.x86_64.rpm
de41283d4fee8451e4d924d716a1994a
2009.0/x86_64/hplip-doc-3.9.2-0.3mdv2009.0.x86_64.rpm
4ffe7768ececd74971f9878e61f7faff
2009.0/x86_64/hplip-gui-3.9.2-0.3mdv2009.0.x86_64.rpm
43207cac141d48058a5dc480e7a55e5f
2009.0/x86_64/hplip-hpijs-3.9.2-0.3mdv2009.0.x86_64.rpm
2a832e8e0601bc2d22db0aa920b6c753
2009.0/x86_64/hplip-hpijs-ppds-3.9.2-0.3mdv2009.0.x86_64.rpm
c72502af75c91df338f5aae608a7c843
2009.0/x86_64/hplip-model-data-3.9.2-0.3mdv2009.0.x86_64.rpm
8d14ef97d6f5119bd6df1175b2effb95
2009.0/x86_64/lib64hpip0-3.9.2-0.3mdv2009.0.x86_64.rpm
e96200416f5138cdb9c3dad20f8aa18e
2009.0/x86_64/lib64hpip0-devel-3.9.2-0.3mdv2009.0.x86_64.rpm
bf19e9363033d581e63ff38e4c3a202f
2009.0/x86_64/lib64sane-hpaio1-3.9.2-0.3mdv2009.0.x86_64.rpm
049c49a5f2d9cba781afe22481304c11
2009.0/SRPMS/hplip-3.9.2-0.3mdv2009.0.src.rpm
Mandriva Linux 2010.0:
e41cc08c0aa166ecc33ba4e8ba1a0790
2010.0/i586/hplip-3.9.8-8.1mdv2010.0.i586.rpm
d7f1c043dc344c6f72b6023752e33c55
2010.0/i586/hplip-doc-3.9.8-8.1mdv2010.0.i586.rpm
11cb78c08a6572a3c85ba7cd9b381006
2010.0/i586/hplip-gui-3.9.8-8.1mdv2010.0.i586.rpm
389035fbf8a167024d7547046c3fc3be
2010.0/i586/hplip-hpijs-3.9.8-8.1mdv2010.0.i586.rpm
f1185f4e52788e77d66a98ed0d3a2ae7
2010.0/i586/hplip-hpijs-ppds-3.9.8-8.1mdv2010.0.i586.rpm
28978f3b95bfb597ce203b366a6c621f
2010.0/i586/hplip-model-data-3.9.8-8.1mdv2010.0.i586.rpm
28a60a47e8fd1287ec3729b1402e1818
2010.0/i586/libhpip0-3.9.8-8.1mdv2010.0.i586.rpm
92b20ede62c9c771f58f2ac4038f0753
2010.0/i586/libhpip0-devel-3.9.8-8.1mdv2010.0.i586.rpm
bed73b20763f3866948e5ad820dd930c
2010.0/i586/libsane-hpaio1-3.9.8-8.1mdv2010.0.i586.rpm
7ea9d7ad0947ac1b4b8ae84b67825a0a
2010.0/SRPMS/hplip-3.9.8-8.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
7c9fc99ce28d02ce207a8b6c0b8101e0
2010.0/x86_64/hplip-3.9.8-8.1mdv2010.0.x86_64.rpm
4eab6a380849afe2c4f1ab59d146b0e4
2010.0/x86_64/hplip-doc-3.9.8-8.1mdv2010.0.x86_64.rpm
250043b36f3a1acc91708c509f8b6aa1
2010.0/x86_64/hplip-gui-3.9.8-8.1mdv2010.0.x86_64.rpm
996b02e6542d4ef9bd52d02211d34dd0
2010.0/x86_64/hplip-hpijs-3.9.8-8.1mdv2010.0.x86_64.rpm
48c2dd200290cfd5f95af097f709af0a
2010.0/x86_64/hplip-hpijs-ppds-3.9.8-8.1mdv2010.0.x86_64.rpm
35ed1a7bbfa6db12b549d67ecf828e2f
2010.0/x86_64/hplip-model-data-3.9.8-8.1mdv2010.0.x86_64.rpm
6cd5642a0f3964ee06202c7195b11589
2010.0/x86_64/lib64hpip0-3.9.8-8.1mdv2010.0.x86_64.rpm
56f68349234debbf6dd87fe930f27b54
2010.0/x86_64/lib64hpip0-devel-3.9.8-8.1mdv2010.0.x86_64.rpm
b219aa46fbe78c8b9229e50113a941e4
2010.0/x86_64/lib64sane-hpaio1-3.9.8-8.1mdv2010.0.x86_64.rpm
7ea9d7ad0947ac1b4b8ae84b67825a0a
2010.0/SRPMS/hplip-3.9.8-8.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
470a46ff48e003514e3e7de1b16148e6
2010.1/i586/hplip-3.10.2-5.1mdv2010.2.i586.rpm
07ce6b09c09543f3d217f1e517f55391
2010.1/i586/hplip-doc-3.10.2-5.1mdv2010.2.i586.rpm
0426e952bf1586e26fd602b06f8d7320
2010.1/i586/hplip-gui-3.10.2-5.1mdv2010.2.i586.rpm
8781da9d946ae56692b517f5960656d2
2010.1/i586/hplip-hpijs-3.10.2-5.1mdv2010.2.i586.rpm
1c43a61ed3ec16b24789062939435a86
2010.1/i586/hplip-hpijs-ppds-3.10.2-5.1mdv2010.2.i586.rpm
c417b14637e30fec5b1426b4b943a118
2010.1/i586/hplip-model-data-3.10.2-5.1mdv2010.2.i586.rpm
bc442c6d44ff336ea40c1d02b1d4c4c8
2010.1/i586/libhpip0-3.10.2-5.1mdv2010.2.i586.rpm
fd427f25b9d8e4a949cdf572558d73f8
2010.1/i586/libhpip0-devel-3.10.2-5.1mdv2010.2.i586.rpm
541f1a880503fd80227492fa7a62887c
2010.1/i586/libsane-hpaio1-3.10.2-5.1mdv2010.2.i586.rpm
a24cb6ad4cad2126dd0981b40ece0a32
2010.1/SRPMS/hplip-3.10.2-5.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
0cf5ba5a9fb6a0105c3e018756335bb1
2010.1/x86_64/hplip-3.10.2-5.1mdv2010.2.x86_64.rpm
5f3cd426f6b8fe299f4a5cee1b087190
2010.1/x86_64/hplip-doc-3.10.2-5.1mdv2010.2.x86_64.rpm
a758e7cb12ce3d38e3900afaa030af92
2010.1/x86_64/hplip-gui-3.10.2-5.1mdv2010.2.x86_64.rpm
2842b87a9cfd8554759c8b3f83216549
2010.1/x86_64/hplip-hpijs-3.10.2-5.1mdv2010.2.x86_64.rpm
d5c69f5aa745fe442cad0e9ab3595f57
2010.1/x86_64/hplip-hpijs-ppds-3.10.2-5.1mdv2010.2.x86_64.rpm
69cf2fa947c348ca09ba79277835a29b
2010.1/x86_64/hplip-model-data-3.10.2-5.1mdv2010.2.x86_64.rpm
ff933538fb5354536840637ec0948d79
2010.1/x86_64/lib64hpip0-3.10.2-5.1mdv2010.2.x86_64.rpm
effb912c95ba268754016a73480af09c
2010.1/x86_64/lib64hpip0-devel-3.10.2-5.1mdv2010.2.x86_64.rpm
519c5db5f1d58176dda0039cf10b7663
2010.1/x86_64/lib64sane-hpaio1-3.10.2-5.1mdv2010.2.x86_64.rpm
a24cb6ad4cad2126dd0981b40ece0a32
2010.1/SRPMS/hplip-3.10.2-5.1mdv2010.2.src.rpm
Corporate 4.0:
03d92550d30576b4c1c476a388ed243f
corporate/4.0/i586/hplip-1.6.7-2.3.20060mlcs4.i586.rpm
e028be582856c66c772c49991edccc55
corporate/4.0/i586/hplip-hpijs-1.6.7-2.3.20060mlcs4.i586.rpm
4abc0b0692096d0d9af598409c3eaf70
corporate/4.0/i586/hplip-hpijs-ppds-1.6.7-2.3.20060mlcs4.i586.rpm
89b0d7da7999eca27901dcdcdd0c3634
corporate/4.0/i586/hplip-model-data-1.6.7-2.3.20060mlcs4.i586.rpm
a81f14567a002c03c9b576f4130bf77d
corporate/4.0/i586/libhpip0-1.6.7-2.3.20060mlcs4.i586.rpm
d82f9c10ced965c4365cab90c25d11bd
corporate/4.0/i586/libhpip0-devel-1.6.7-2.3.20060mlcs4.i586.rpm
978eb556c1e2bb5cb86ab49cdb681f74
corporate/4.0/i586/libsane-hpaio1-1.6.7-2.3.20060mlcs4.i586.rpm
fb8f6ba8e4d368e5f5c45d99f405215c
corporate/4.0/SRPMS/hplip-1.6.7-2.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
ac5b9ec658f11d6cf241b466c9dac51d
corporate/4.0/x86_64/hplip-1.6.7-2.3.20060mlcs4.x86_64.rpm
ddedb1a1fd78901189421345d7bf3a52
corporate/4.0/x86_64/hplip-hpijs-1.6.7-2.3.20060mlcs4.x86_64.rpm
916024c9f7bb405520ae1f86df2e5c04
corporate/4.0/x86_64/hplip-hpijs-ppds-1.6.7-2.3.20060mlcs4.x86_64.rpm
54025ca07b6d256722804dc352edc175
corporate/4.0/x86_64/hplip-model-data-1.6.7-2.3.20060mlcs4.x86_64.rpm
c27a679cf14668ffbda4147443d05cec
corporate/4.0/x86_64/lib64hpip0-1.6.7-2.3.20060mlcs4.x86_64.rpm
0fd62b75a59fd8c36c98ad361d071ec6
corporate/4.0/x86_64/lib64hpip0-devel-1.6.7-2.3.20060mlcs4.x86_64.rpm
14d8ece2767b7dd80390e2eae3cc2a1e
corporate/4.0/x86_64/lib64sane-hpaio1-1.6.7-2.3.20060mlcs4.x86_64.rpm
fb8f6ba8e4d368e5f5c45d99f405215c
corporate/4.0/SRPMS/hplip-1.6.7-2.3.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
a06aefe0bbb961a7e9086f0d2a3b09c6 mes5/i586/hplip-3.9.2-0.3mdvmes5.1.i586.rpm
954ff26f47895381ec87e2275cc97a92
mes5/i586/hplip-doc-3.9.2-0.3mdvmes5.1.i586.rpm
89e9c42a35733a9102d9c3e3e5e046e2
mes5/i586/hplip-gui-3.9.2-0.3mdvmes5.1.i586.rpm
cfa5063aee32f7ff46b2310d7ff6b03f
mes5/i586/hplip-hpijs-3.9.2-0.3mdvmes5.1.i586.rpm
65bf90dc23d27e64b419fdd92e1d4c39
mes5/i586/hplip-hpijs-ppds-3.9.2-0.3mdvmes5.1.i586.rpm
62dd5a662f2a876f9995c26796b2dec6
mes5/i586/hplip-model-data-3.9.2-0.3mdvmes5.1.i586.rpm
7a4fa4bad0852a74a761713a36b0c49f
mes5/i586/libhpip0-3.9.2-0.3mdvmes5.1.i586.rpm
59942dd743b392fc8cbaa7a00fddc512
mes5/i586/libhpip0-devel-3.9.2-0.3mdvmes5.1.i586.rpm
bf6dfce0b9c56c6ee95efa41bd1c23e8
mes5/i586/libsane-hpaio1-3.9.2-0.3mdvmes5.1.i586.rpm
9acba40c908b838ef2dbc61ed6b95e44 mes5/SRPMS/hplip-3.9.2-0.3mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
b1a906f4ad7e5a4c443ed440c95e0e07
mes5/x86_64/hplip-3.9.2-0.3mdvmes5.1.x86_64.rpm
bbcf72fdddf01b1e5d5eee61f4373b5c
mes5/x86_64/hplip-doc-3.9.2-0.3mdvmes5.1.x86_64.rpm
36c42a823e73e78766291a8d76f7b5fe
mes5/x86_64/hplip-gui-3.9.2-0.3mdvmes5.1.x86_64.rpm
20c81db73d37763c941f0f064c239fde
mes5/x86_64/hplip-hpijs-3.9.2-0.3mdvmes5.1.x86_64.rpm
d1fd4fa1743b30954c39a1e9e5865957
mes5/x86_64/hplip-hpijs-ppds-3.9.2-0.3mdvmes5.1.x86_64.rpm
de05671a4d16ff0f761938e11f4b00fc
mes5/x86_64/hplip-model-data-3.9.2-0.3mdvmes5.1.x86_64.rpm
15a728fb93ae5fb57b7f083cafd59e54
mes5/x86_64/lib64hpip0-3.9.2-0.3mdvmes5.1.x86_64.rpm
8efcab4cb06cf477169eb2698f840ee4
mes5/x86_64/lib64hpip0-devel-3.9.2-0.3mdvmes5.1.x86_64.rpm
c582ac9835e04b9532164abf5b325e1f
mes5/x86_64/lib64sane-hpaio1-3.9.2-0.3mdvmes5.1.x86_64.rpm
9acba40c908b838ef2dbc61ed6b95e44 mes5/SRPMS/hplip-3.9.2-0.3mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNNvelmqjQ0CJFipgRApJbAJ9ItXvsDNbUG4JI9UXdkKO5rJ0ZPgCcCZ85
V7CNl7GosfO/iYlOpk0EfCU=
=yErj
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke