Mandriva Linux Security Advisory 2011-013 - A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially-crafted SNMP responses, it could cause those HPLIP tools to crash or, possibly, execute arbitrary code with the privileges of the user running them.
7d90bc75c36090d2b0896497939ffe430be082a21fe3efc739f35a11a7e477f7
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:013
http://www.mandriva.com/security/
_______________________________________________________________________
Package : hplip
Date : January 19, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in hplip:
A flaw was found in the way certain HPLIP tools discovered devices
using the SNMP protocol. If a user ran certain HPLIP tools that search
for supported devices using SNMP, and a malicious user is able to send
specially-crafted SNMP responses, it could cause those HPLIP tools
to crash or, possibly, execute arbitrary code with the privileges of
the user running them (CVE-2010-4267).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4267
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
8214d304ea3600384ac1294a68f97f7d 2009.0/i586/hplip-3.9.2-0.3mdv2009.0.i586.rpm
d22709aa65a201f2c4dc12d8d62dcc3e 2009.0/i586/hplip-doc-3.9.2-0.3mdv2009.0.i586.rpm
8ffd86cae73deaf3ab7e1923b03acbdf 2009.0/i586/hplip-gui-3.9.2-0.3mdv2009.0.i586.rpm
3dd9bb27f26f86f616554ab10457604a 2009.0/i586/hplip-hpijs-3.9.2-0.3mdv2009.0.i586.rpm
6d669b42e440c17cd00a85180907d963 2009.0/i586/hplip-hpijs-ppds-3.9.2-0.3mdv2009.0.i586.rpm
89bf042640cfeecf86e291bc58982c12 2009.0/i586/hplip-model-data-3.9.2-0.3mdv2009.0.i586.rpm
ee41d05b0155ba083cd7947695c36150 2009.0/i586/libhpip0-3.9.2-0.3mdv2009.0.i586.rpm
5777267dbf4eca32d6767b861296ba1d 2009.0/i586/libhpip0-devel-3.9.2-0.3mdv2009.0.i586.rpm
374c44a32f6b37ade9a484f3ec8887b9 2009.0/i586/libsane-hpaio1-3.9.2-0.3mdv2009.0.i586.rpm
049c49a5f2d9cba781afe22481304c11 2009.0/SRPMS/hplip-3.9.2-0.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
3ef81309b167606ac368bb2c0290fa92 2009.0/x86_64/hplip-3.9.2-0.3mdv2009.0.x86_64.rpm
de41283d4fee8451e4d924d716a1994a 2009.0/x86_64/hplip-doc-3.9.2-0.3mdv2009.0.x86_64.rpm
4ffe7768ececd74971f9878e61f7faff 2009.0/x86_64/hplip-gui-3.9.2-0.3mdv2009.0.x86_64.rpm
43207cac141d48058a5dc480e7a55e5f 2009.0/x86_64/hplip-hpijs-3.9.2-0.3mdv2009.0.x86_64.rpm
2a832e8e0601bc2d22db0aa920b6c753 2009.0/x86_64/hplip-hpijs-ppds-3.9.2-0.3mdv2009.0.x86_64.rpm
c72502af75c91df338f5aae608a7c843 2009.0/x86_64/hplip-model-data-3.9.2-0.3mdv2009.0.x86_64.rpm
8d14ef97d6f5119bd6df1175b2effb95 2009.0/x86_64/lib64hpip0-3.9.2-0.3mdv2009.0.x86_64.rpm
e96200416f5138cdb9c3dad20f8aa18e 2009.0/x86_64/lib64hpip0-devel-3.9.2-0.3mdv2009.0.x86_64.rpm
bf19e9363033d581e63ff38e4c3a202f 2009.0/x86_64/lib64sane-hpaio1-3.9.2-0.3mdv2009.0.x86_64.rpm
049c49a5f2d9cba781afe22481304c11 2009.0/SRPMS/hplip-3.9.2-0.3mdv2009.0.src.rpm
Mandriva Linux 2010.0:
e41cc08c0aa166ecc33ba4e8ba1a0790 2010.0/i586/hplip-3.9.8-8.1mdv2010.0.i586.rpm
d7f1c043dc344c6f72b6023752e33c55 2010.0/i586/hplip-doc-3.9.8-8.1mdv2010.0.i586.rpm
11cb78c08a6572a3c85ba7cd9b381006 2010.0/i586/hplip-gui-3.9.8-8.1mdv2010.0.i586.rpm
389035fbf8a167024d7547046c3fc3be 2010.0/i586/hplip-hpijs-3.9.8-8.1mdv2010.0.i586.rpm
f1185f4e52788e77d66a98ed0d3a2ae7 2010.0/i586/hplip-hpijs-ppds-3.9.8-8.1mdv2010.0.i586.rpm
28978f3b95bfb597ce203b366a6c621f 2010.0/i586/hplip-model-data-3.9.8-8.1mdv2010.0.i586.rpm
28a60a47e8fd1287ec3729b1402e1818 2010.0/i586/libhpip0-3.9.8-8.1mdv2010.0.i586.rpm
92b20ede62c9c771f58f2ac4038f0753 2010.0/i586/libhpip0-devel-3.9.8-8.1mdv2010.0.i586.rpm
bed73b20763f3866948e5ad820dd930c 2010.0/i586/libsane-hpaio1-3.9.8-8.1mdv2010.0.i586.rpm
7ea9d7ad0947ac1b4b8ae84b67825a0a 2010.0/SRPMS/hplip-3.9.8-8.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
7c9fc99ce28d02ce207a8b6c0b8101e0 2010.0/x86_64/hplip-3.9.8-8.1mdv2010.0.x86_64.rpm
4eab6a380849afe2c4f1ab59d146b0e4 2010.0/x86_64/hplip-doc-3.9.8-8.1mdv2010.0.x86_64.rpm
250043b36f3a1acc91708c509f8b6aa1 2010.0/x86_64/hplip-gui-3.9.8-8.1mdv2010.0.x86_64.rpm
996b02e6542d4ef9bd52d02211d34dd0 2010.0/x86_64/hplip-hpijs-3.9.8-8.1mdv2010.0.x86_64.rpm
48c2dd200290cfd5f95af097f709af0a 2010.0/x86_64/hplip-hpijs-ppds-3.9.8-8.1mdv2010.0.x86_64.rpm
35ed1a7bbfa6db12b549d67ecf828e2f 2010.0/x86_64/hplip-model-data-3.9.8-8.1mdv2010.0.x86_64.rpm
6cd5642a0f3964ee06202c7195b11589 2010.0/x86_64/lib64hpip0-3.9.8-8.1mdv2010.0.x86_64.rpm
56f68349234debbf6dd87fe930f27b54 2010.0/x86_64/lib64hpip0-devel-3.9.8-8.1mdv2010.0.x86_64.rpm
b219aa46fbe78c8b9229e50113a941e4 2010.0/x86_64/lib64sane-hpaio1-3.9.8-8.1mdv2010.0.x86_64.rpm
7ea9d7ad0947ac1b4b8ae84b67825a0a 2010.0/SRPMS/hplip-3.9.8-8.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
470a46ff48e003514e3e7de1b16148e6 2010.1/i586/hplip-3.10.2-5.1mdv2010.2.i586.rpm
07ce6b09c09543f3d217f1e517f55391 2010.1/i586/hplip-doc-3.10.2-5.1mdv2010.2.i586.rpm
0426e952bf1586e26fd602b06f8d7320 2010.1/i586/hplip-gui-3.10.2-5.1mdv2010.2.i586.rpm
8781da9d946ae56692b517f5960656d2 2010.1/i586/hplip-hpijs-3.10.2-5.1mdv2010.2.i586.rpm
1c43a61ed3ec16b24789062939435a86 2010.1/i586/hplip-hpijs-ppds-3.10.2-5.1mdv2010.2.i586.rpm
c417b14637e30fec5b1426b4b943a118 2010.1/i586/hplip-model-data-3.10.2-5.1mdv2010.2.i586.rpm
bc442c6d44ff336ea40c1d02b1d4c4c8 2010.1/i586/libhpip0-3.10.2-5.1mdv2010.2.i586.rpm
fd427f25b9d8e4a949cdf572558d73f8 2010.1/i586/libhpip0-devel-3.10.2-5.1mdv2010.2.i586.rpm
541f1a880503fd80227492fa7a62887c 2010.1/i586/libsane-hpaio1-3.10.2-5.1mdv2010.2.i586.rpm
a24cb6ad4cad2126dd0981b40ece0a32 2010.1/SRPMS/hplip-3.10.2-5.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
0cf5ba5a9fb6a0105c3e018756335bb1 2010.1/x86_64/hplip-3.10.2-5.1mdv2010.2.x86_64.rpm
5f3cd426f6b8fe299f4a5cee1b087190 2010.1/x86_64/hplip-doc-3.10.2-5.1mdv2010.2.x86_64.rpm
a758e7cb12ce3d38e3900afaa030af92 2010.1/x86_64/hplip-gui-3.10.2-5.1mdv2010.2.x86_64.rpm
2842b87a9cfd8554759c8b3f83216549 2010.1/x86_64/hplip-hpijs-3.10.2-5.1mdv2010.2.x86_64.rpm
d5c69f5aa745fe442cad0e9ab3595f57 2010.1/x86_64/hplip-hpijs-ppds-3.10.2-5.1mdv2010.2.x86_64.rpm
69cf2fa947c348ca09ba79277835a29b 2010.1/x86_64/hplip-model-data-3.10.2-5.1mdv2010.2.x86_64.rpm
ff933538fb5354536840637ec0948d79 2010.1/x86_64/lib64hpip0-3.10.2-5.1mdv2010.2.x86_64.rpm
effb912c95ba268754016a73480af09c 2010.1/x86_64/lib64hpip0-devel-3.10.2-5.1mdv2010.2.x86_64.rpm
519c5db5f1d58176dda0039cf10b7663 2010.1/x86_64/lib64sane-hpaio1-3.10.2-5.1mdv2010.2.x86_64.rpm
a24cb6ad4cad2126dd0981b40ece0a32 2010.1/SRPMS/hplip-3.10.2-5.1mdv2010.2.src.rpm
Corporate 4.0:
03d92550d30576b4c1c476a388ed243f corporate/4.0/i586/hplip-1.6.7-2.3.20060mlcs4.i586.rpm
e028be582856c66c772c49991edccc55 corporate/4.0/i586/hplip-hpijs-1.6.7-2.3.20060mlcs4.i586.rpm
4abc0b0692096d0d9af598409c3eaf70 corporate/4.0/i586/hplip-hpijs-ppds-1.6.7-2.3.20060mlcs4.i586.rpm
89b0d7da7999eca27901dcdcdd0c3634 corporate/4.0/i586/hplip-model-data-1.6.7-2.3.20060mlcs4.i586.rpm
a81f14567a002c03c9b576f4130bf77d corporate/4.0/i586/libhpip0-1.6.7-2.3.20060mlcs4.i586.rpm
d82f9c10ced965c4365cab90c25d11bd corporate/4.0/i586/libhpip0-devel-1.6.7-2.3.20060mlcs4.i586.rpm
978eb556c1e2bb5cb86ab49cdb681f74 corporate/4.0/i586/libsane-hpaio1-1.6.7-2.3.20060mlcs4.i586.rpm
fb8f6ba8e4d368e5f5c45d99f405215c corporate/4.0/SRPMS/hplip-1.6.7-2.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
ac5b9ec658f11d6cf241b466c9dac51d corporate/4.0/x86_64/hplip-1.6.7-2.3.20060mlcs4.x86_64.rpm
ddedb1a1fd78901189421345d7bf3a52 corporate/4.0/x86_64/hplip-hpijs-1.6.7-2.3.20060mlcs4.x86_64.rpm
916024c9f7bb405520ae1f86df2e5c04 corporate/4.0/x86_64/hplip-hpijs-ppds-1.6.7-2.3.20060mlcs4.x86_64.rpm
54025ca07b6d256722804dc352edc175 corporate/4.0/x86_64/hplip-model-data-1.6.7-2.3.20060mlcs4.x86_64.rpm
c27a679cf14668ffbda4147443d05cec corporate/4.0/x86_64/lib64hpip0-1.6.7-2.3.20060mlcs4.x86_64.rpm
0fd62b75a59fd8c36c98ad361d071ec6 corporate/4.0/x86_64/lib64hpip0-devel-1.6.7-2.3.20060mlcs4.x86_64.rpm
14d8ece2767b7dd80390e2eae3cc2a1e corporate/4.0/x86_64/lib64sane-hpaio1-1.6.7-2.3.20060mlcs4.x86_64.rpm
fb8f6ba8e4d368e5f5c45d99f405215c corporate/4.0/SRPMS/hplip-1.6.7-2.3.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
a06aefe0bbb961a7e9086f0d2a3b09c6 mes5/i586/hplip-3.9.2-0.3mdvmes5.1.i586.rpm
954ff26f47895381ec87e2275cc97a92 mes5/i586/hplip-doc-3.9.2-0.3mdvmes5.1.i586.rpm
89e9c42a35733a9102d9c3e3e5e046e2 mes5/i586/hplip-gui-3.9.2-0.3mdvmes5.1.i586.rpm
cfa5063aee32f7ff46b2310d7ff6b03f mes5/i586/hplip-hpijs-3.9.2-0.3mdvmes5.1.i586.rpm
65bf90dc23d27e64b419fdd92e1d4c39 mes5/i586/hplip-hpijs-ppds-3.9.2-0.3mdvmes5.1.i586.rpm
62dd5a662f2a876f9995c26796b2dec6 mes5/i586/hplip-model-data-3.9.2-0.3mdvmes5.1.i586.rpm
7a4fa4bad0852a74a761713a36b0c49f mes5/i586/libhpip0-3.9.2-0.3mdvmes5.1.i586.rpm
59942dd743b392fc8cbaa7a00fddc512 mes5/i586/libhpip0-devel-3.9.2-0.3mdvmes5.1.i586.rpm
bf6dfce0b9c56c6ee95efa41bd1c23e8 mes5/i586/libsane-hpaio1-3.9.2-0.3mdvmes5.1.i586.rpm
9acba40c908b838ef2dbc61ed6b95e44 mes5/SRPMS/hplip-3.9.2-0.3mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
b1a906f4ad7e5a4c443ed440c95e0e07 mes5/x86_64/hplip-3.9.2-0.3mdvmes5.1.x86_64.rpm
bbcf72fdddf01b1e5d5eee61f4373b5c mes5/x86_64/hplip-doc-3.9.2-0.3mdvmes5.1.x86_64.rpm
36c42a823e73e78766291a8d76f7b5fe mes5/x86_64/hplip-gui-3.9.2-0.3mdvmes5.1.x86_64.rpm
20c81db73d37763c941f0f064c239fde mes5/x86_64/hplip-hpijs-3.9.2-0.3mdvmes5.1.x86_64.rpm
d1fd4fa1743b30954c39a1e9e5865957 mes5/x86_64/hplip-hpijs-ppds-3.9.2-0.3mdvmes5.1.x86_64.rpm
de05671a4d16ff0f761938e11f4b00fc mes5/x86_64/hplip-model-data-3.9.2-0.3mdvmes5.1.x86_64.rpm
15a728fb93ae5fb57b7f083cafd59e54 mes5/x86_64/lib64hpip0-3.9.2-0.3mdvmes5.1.x86_64.rpm
8efcab4cb06cf477169eb2698f840ee4 mes5/x86_64/lib64hpip0-devel-3.9.2-0.3mdvmes5.1.x86_64.rpm
c582ac9835e04b9532164abf5b325e1f mes5/x86_64/lib64sane-hpaio1-3.9.2-0.3mdvmes5.1.x86_64.rpm
9acba40c908b838ef2dbc61ed6b95e44 mes5/SRPMS/hplip-3.9.2-0.3mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNNvelmqjQ0CJFipgRApJbAJ9ItXvsDNbUG4JI9UXdkKO5rJ0ZPgCcCZ85
V7CNl7GosfO/iYlOpk0EfCU=
=yErj
-----END PGP SIGNATURE-----