Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0033)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2014.0033

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2014-0033)

Zusammenfassung: The remote host is missing an update for the 'hplip' package(s) announced via the MGASA-2014-0033 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'hplip' package(s) announced via the MGASA-2014-0033 advisory.

Vulnerability Insight:
It was discovered that the HPLIP Polkit daemon incorrectly handled
temporary files. A local attacker could possibly use this issue to
overwrite arbitrary files. (CVE-2013-6402)

It was discovered that HPLIP contained an upgrade tool that would download
code in an unsafe fashion. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to execute arbitrary
code. (CVE-2013-6427)

Additionally, this update should fix issues regarding wireless connection
to printer hplip after 3.12.9 and prior to version 3.12.11 had issues with
setting up wireless connection to printers due to internal code changes
which had not been applied consistently.

Affected Software/OS:
'hplip' package(s) on Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-6402
DSA-2829
http://www.debian.org/security/2013/dsa-2829
USN-2085-1
http://www.ubuntu.com/usn/USN-2085-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876
https://bugzilla.novell.com/show_bug.cgi?id=852368
https://security-tracker.debian.org/tracker/CVE-2013-6402
openSUSE-SU-2014:0127
http://lists.opensuse.org/opensuse-updates/2014-01/msg00087.html
openSUSE-SU-2014:0146
http://lists.opensuse.org/opensuse-updates/2014-01/msg00098.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-6427
[oss-security] 20131204 Re: CVE needed for hplip insecure auto update feature?
http://openwall.com/lists/oss-security/2013/12/05/2
https://bugzilla.novell.com/show_bug.cgi?id=853405

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0033
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0033)
Zusammenfassung:	The remote host is missing an update for the 'hplip' package(s) announced via the MGASA-2014-0033 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'hplip' package(s) announced via the MGASA-2014-0033 advisory. Vulnerability Insight: It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. (CVE-2013-6402) It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code. (CVE-2013-6427) Additionally, this update should fix issues regarding wireless connection to printer hplip after 3.12.9 and prior to version 3.12.11 had issues with setting up wireless connection to printers due to internal code changes which had not been applied consistently. Affected Software/OS: 'hplip' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6402 DSA-2829 http://www.debian.org/security/2013/dsa-2829 USN-2085-1 http://www.ubuntu.com/usn/USN-2085-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876 https://bugzilla.novell.com/show_bug.cgi?id=852368 https://security-tracker.debian.org/tracker/CVE-2013-6402 openSUSE-SU-2014:0127 http://lists.opensuse.org/opensuse-updates/2014-01/msg00087.html openSUSE-SU-2014:0146 http://lists.opensuse.org/opensuse-updates/2014-01/msg00098.html Common Vulnerability Exposure (CVE) ID: CVE-2013-6427 [oss-security] 20131204 Re: CVE needed for hplip insecure auto update feature? http://openwall.com/lists/oss-security/2013/12/05/2 https://bugzilla.novell.com/show_bug.cgi?id=853405
Copyright	Copyright (C) 2022 Greenbone AG