[Pkg-hpijs-devel] Bug#499842: CVE-2008-2940/-2941: security issues in hplip
Stefan Fritsch
sf at sfritsch.de
Mon Sep 22 22:11:27 UTC 2008
Package: hplip
Version: 1.6.10-3
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for hplip.
CVE-2008-2940[0]:
| The alert-mailing implementation in HP Linux Imaging and Printing
| (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail
| messages from the root account via vectors related to the setalerts
| message, and lack of validation of the device URI associated with an
| event message.
CVE-2008-2941[1]:
| The hpssd message parser in hpssd.py in HP Linux Imaging and
| Printing (HPLIP) 1.6.7 allows local users to cause a denial of
| service (process stop) via a crafted packet, as demonstrated by
| sending "msg=0" to TCP port 2207.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2940
http://security-tracker.debian.net/tracker/CVE-2008-2940
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2941
http://security-tracker.debian.net/tracker/CVE-2008-2941
More information about the Pkg-hpijs-devel
mailing list