MGASA-2014-0033

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0033.html

Import Source

https://advisories.mageia.org/MGASA-2014-0033.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0033

Related

Published

2014-02-05T15:27:44Z

Modified

2015-07-09T07:56:53Z

Summary

Updated hplip package fixes security vulnerabilities

Details

It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. (CVE-2013-6402)

It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code. (CVE-2013-6427)

Additionnally, this update should fix issues regarding wireless connection to printer hplip after 3.12.9 and prior to version 3.12.11 had issues with setting up wireless connection to printers due to internal code changes which had not been applied consistently.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / hplip

Package

Name: hplip
Purl: pkg:rpm/mageia/hplip?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.9-6.3.mga3

Ecosystem specific

{
    "section": "core"
}