Ubuntu Local Security Checks : Ubuntu USN-1051-1 (hplip)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.68936

Category: Ubuntu Local Security Checks

Title: Ubuntu USN-1051-1 (hplip)

Summary: Ubuntu USN-1051-1 (hplip)

Description: The remote host is missing an update to hplip
announced via advisory USN-1051-1.

Details follow:

Sebastian Krahmer discovered that HPLIP incorrectly handled certain long
SNMP responses. A remote attacker could send malicious SNMP replies to
certain HPLIP tools and cause them to crash or possibly execute arbitrary
code.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
hplip 2.8.2-0ubuntu8.2

Ubuntu 9.10:
hplip 3.9.8-1ubuntu2.1

Ubuntu 10.04 LTS:
hplip 3.10.2-2ubuntu2.2

Ubuntu 10.10:
hplip 3.10.6-1ubuntu10.2

In general, a standard system update will make all the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-1051-1

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-4267
https://bugzilla.redhat.com/attachment.cgi?id=468455&action=diff
Debian Security Information: DSA-2152 (Google Search)
http://www.debian.org/security/2011/dsa-2152
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053474.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053472.html
http://security.gentoo.org/glsa/glsa-201203-17.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:013
http://www.redhat.com/support/errata/RHSA-2011-0154.html
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.ubuntu.com/usn/USN-1051-1
BugTraq ID: 45833
http://www.securityfocus.com/bid/45833
http://osvdb.org/70498
http://www.securitytracker.com/id?1024967
http://secunia.com/advisories/42939
http://secunia.com/advisories/42956
http://secunia.com/advisories/43022
http://secunia.com/advisories/43083
http://secunia.com/advisories/43102
http://secunia.com/advisories/43068
http://secunia.com/advisories/48441
http://www.vupen.com/english/advisories/2011/0136
http://www.vupen.com/english/advisories/2011/0160
http://www.vupen.com/english/advisories/2011/0211
http://www.vupen.com/english/advisories/2011/0228
http://www.vupen.com/english/advisories/2011/0243
http://www.vupen.com/english/advisories/2011/0212
XForce ISS Database: hplip-hpmudgetpml-bo(64738)
http://xforce.iss.net/xforce/xfdb/64738

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.68936
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1051-1 (hplip)
Summary:	Ubuntu USN-1051-1 (hplip)
Description:	The remote host is missing an update to hplip announced via advisory USN-1051-1. Details follow: Sebastian Krahmer discovered that HPLIP incorrectly handled certain long SNMP responses. A remote attacker could send malicious SNMP replies to certain HPLIP tools and cause them to crash or possibly execute arbitrary code. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: hplip 2.8.2-0ubuntu8.2 Ubuntu 9.10: hplip 3.9.8-1ubuntu2.1 Ubuntu 10.04 LTS: hplip 3.10.2-2ubuntu2.2 Ubuntu 10.10: hplip 3.10.6-1ubuntu10.2 In general, a standard system update will make all the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-1051-1 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4267 https://bugzilla.redhat.com/attachment.cgi?id=468455&action=diff Debian Security Information: DSA-2152 (Google Search) http://www.debian.org/security/2011/dsa-2152 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053474.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053472.html http://security.gentoo.org/glsa/glsa-201203-17.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:013 http://www.redhat.com/support/errata/RHSA-2011-0154.html SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.ubuntu.com/usn/USN-1051-1 BugTraq ID: 45833 http://www.securityfocus.com/bid/45833 http://osvdb.org/70498 http://www.securitytracker.com/id?1024967 http://secunia.com/advisories/42939 http://secunia.com/advisories/42956 http://secunia.com/advisories/43022 http://secunia.com/advisories/43083 http://secunia.com/advisories/43102 http://secunia.com/advisories/43068 http://secunia.com/advisories/48441 http://www.vupen.com/english/advisories/2011/0136 http://www.vupen.com/english/advisories/2011/0160 http://www.vupen.com/english/advisories/2011/0211 http://www.vupen.com/english/advisories/2011/0228 http://www.vupen.com/english/advisories/2011/0243 http://www.vupen.com/english/advisories/2011/0212 XForce ISS Database: hplip-hpmudgetpml-bo(64738) http://xforce.iss.net/xforce/xfdb/64738
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com