Test ID:	1.3.6.1.4.1.25623.1.0.871040
Category:	Red Hat Local Security Checks
Title:	RedHat Update for hplip RHSA-2013:1274-01
Summary:	The remote host is missing an update for the 'hplip'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'hplip' package(s) announced via the referenced advisory. Vulnerability Insight: The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project (HPLIP), which provides drivers for Hewlett-Packard printers and multi-function peripherals. HPLIP communicated with PolicyKit for authorization via a D-Bus API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies HPLIP to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4325) All users of hplip are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: hplip on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4325 DSA-2829 http://www.debian.org/security/2013/dsa-2829 RHSA-2013:1274 http://rhn.redhat.com/errata/RHSA-2013-1274.html USN-1956-1 http://www.ubuntu.com/usn/USN-1956-1 https://bugzilla.redhat.com/show_bug.cgi?id=1002375 https://bugzilla.redhat.com/show_bug.cgi?id=1006674 openSUSE-SU-2013:1617 http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.html openSUSE-SU-2013:1620 http://lists.opensuse.org/opensuse-updates/2013-11/msg00000.html
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.