-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:013 http://www.mandriva.com/security/ _______________________________________________________________________ Package : hplip Date : January 19, 2011 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in hplip: A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially-crafted SNMP responses, it could cause those HPLIP tools to crash or, possibly, execute arbitrary code with the privileges of the user running them (CVE-2010-4267). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4267 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 8214d304ea3600384ac1294a68f97f7d 2009.0/i586/hplip-3.9.2-0.3mdv2009.0.i586.rpm d22709aa65a201f2c4dc12d8d62dcc3e 2009.0/i586/hplip-doc-3.9.2-0.3mdv2009.0.i586.rpm 8ffd86cae73deaf3ab7e1923b03acbdf 2009.0/i586/hplip-gui-3.9.2-0.3mdv2009.0.i586.rpm 3dd9bb27f26f86f616554ab10457604a 2009.0/i586/hplip-hpijs-3.9.2-0.3mdv2009.0.i586.rpm 6d669b42e440c17cd00a85180907d963 2009.0/i586/hplip-hpijs-ppds-3.9.2-0.3mdv2009.0.i586.rpm 89bf042640cfeecf86e291bc58982c12 2009.0/i586/hplip-model-data-3.9.2-0.3mdv2009.0.i586.rpm ee41d05b0155ba083cd7947695c36150 2009.0/i586/libhpip0-3.9.2-0.3mdv2009.0.i586.rpm 5777267dbf4eca32d6767b861296ba1d 2009.0/i586/libhpip0-devel-3.9.2-0.3mdv2009.0.i586.rpm 374c44a32f6b37ade9a484f3ec8887b9 2009.0/i586/libsane-hpaio1-3.9.2-0.3mdv2009.0.i586.rpm 049c49a5f2d9cba781afe22481304c11 2009.0/SRPMS/hplip-3.9.2-0.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 3ef81309b167606ac368bb2c0290fa92 2009.0/x86_64/hplip-3.9.2-0.3mdv2009.0.x86_64.rpm de41283d4fee8451e4d924d716a1994a 2009.0/x86_64/hplip-doc-3.9.2-0.3mdv2009.0.x86_64.rpm 4ffe7768ececd74971f9878e61f7faff 2009.0/x86_64/hplip-gui-3.9.2-0.3mdv2009.0.x86_64.rpm 43207cac141d48058a5dc480e7a55e5f 2009.0/x86_64/hplip-hpijs-3.9.2-0.3mdv2009.0.x86_64.rpm 2a832e8e0601bc2d22db0aa920b6c753 2009.0/x86_64/hplip-hpijs-ppds-3.9.2-0.3mdv2009.0.x86_64.rpm c72502af75c91df338f5aae608a7c843 2009.0/x86_64/hplip-model-data-3.9.2-0.3mdv2009.0.x86_64.rpm 8d14ef97d6f5119bd6df1175b2effb95 2009.0/x86_64/lib64hpip0-3.9.2-0.3mdv2009.0.x86_64.rpm e96200416f5138cdb9c3dad20f8aa18e 2009.0/x86_64/lib64hpip0-devel-3.9.2-0.3mdv2009.0.x86_64.rpm bf19e9363033d581e63ff38e4c3a202f 2009.0/x86_64/lib64sane-hpaio1-3.9.2-0.3mdv2009.0.x86_64.rpm 049c49a5f2d9cba781afe22481304c11 2009.0/SRPMS/hplip-3.9.2-0.3mdv2009.0.src.rpm Mandriva Linux 2010.0: e41cc08c0aa166ecc33ba4e8ba1a0790 2010.0/i586/hplip-3.9.8-8.1mdv2010.0.i586.rpm d7f1c043dc344c6f72b6023752e33c55 2010.0/i586/hplip-doc-3.9.8-8.1mdv2010.0.i586.rpm 11cb78c08a6572a3c85ba7cd9b381006 2010.0/i586/hplip-gui-3.9.8-8.1mdv2010.0.i586.rpm 389035fbf8a167024d7547046c3fc3be 2010.0/i586/hplip-hpijs-3.9.8-8.1mdv2010.0.i586.rpm f1185f4e52788e77d66a98ed0d3a2ae7 2010.0/i586/hplip-hpijs-ppds-3.9.8-8.1mdv2010.0.i586.rpm 28978f3b95bfb597ce203b366a6c621f 2010.0/i586/hplip-model-data-3.9.8-8.1mdv2010.0.i586.rpm 28a60a47e8fd1287ec3729b1402e1818 2010.0/i586/libhpip0-3.9.8-8.1mdv2010.0.i586.rpm 92b20ede62c9c771f58f2ac4038f0753 2010.0/i586/libhpip0-devel-3.9.8-8.1mdv2010.0.i586.rpm bed73b20763f3866948e5ad820dd930c 2010.0/i586/libsane-hpaio1-3.9.8-8.1mdv2010.0.i586.rpm 7ea9d7ad0947ac1b4b8ae84b67825a0a 2010.0/SRPMS/hplip-3.9.8-8.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 7c9fc99ce28d02ce207a8b6c0b8101e0 2010.0/x86_64/hplip-3.9.8-8.1mdv2010.0.x86_64.rpm 4eab6a380849afe2c4f1ab59d146b0e4 2010.0/x86_64/hplip-doc-3.9.8-8.1mdv2010.0.x86_64.rpm 250043b36f3a1acc91708c509f8b6aa1 2010.0/x86_64/hplip-gui-3.9.8-8.1mdv2010.0.x86_64.rpm 996b02e6542d4ef9bd52d02211d34dd0 2010.0/x86_64/hplip-hpijs-3.9.8-8.1mdv2010.0.x86_64.rpm 48c2dd200290cfd5f95af097f709af0a 2010.0/x86_64/hplip-hpijs-ppds-3.9.8-8.1mdv2010.0.x86_64.rpm 35ed1a7bbfa6db12b549d67ecf828e2f 2010.0/x86_64/hplip-model-data-3.9.8-8.1mdv2010.0.x86_64.rpm 6cd5642a0f3964ee06202c7195b11589 2010.0/x86_64/lib64hpip0-3.9.8-8.1mdv2010.0.x86_64.rpm 56f68349234debbf6dd87fe930f27b54 2010.0/x86_64/lib64hpip0-devel-3.9.8-8.1mdv2010.0.x86_64.rpm b219aa46fbe78c8b9229e50113a941e4 2010.0/x86_64/lib64sane-hpaio1-3.9.8-8.1mdv2010.0.x86_64.rpm 7ea9d7ad0947ac1b4b8ae84b67825a0a 2010.0/SRPMS/hplip-3.9.8-8.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 470a46ff48e003514e3e7de1b16148e6 2010.1/i586/hplip-3.10.2-5.1mdv2010.2.i586.rpm 07ce6b09c09543f3d217f1e517f55391 2010.1/i586/hplip-doc-3.10.2-5.1mdv2010.2.i586.rpm 0426e952bf1586e26fd602b06f8d7320 2010.1/i586/hplip-gui-3.10.2-5.1mdv2010.2.i586.rpm 8781da9d946ae56692b517f5960656d2 2010.1/i586/hplip-hpijs-3.10.2-5.1mdv2010.2.i586.rpm 1c43a61ed3ec16b24789062939435a86 2010.1/i586/hplip-hpijs-ppds-3.10.2-5.1mdv2010.2.i586.rpm c417b14637e30fec5b1426b4b943a118 2010.1/i586/hplip-model-data-3.10.2-5.1mdv2010.2.i586.rpm bc442c6d44ff336ea40c1d02b1d4c4c8 2010.1/i586/libhpip0-3.10.2-5.1mdv2010.2.i586.rpm fd427f25b9d8e4a949cdf572558d73f8 2010.1/i586/libhpip0-devel-3.10.2-5.1mdv2010.2.i586.rpm 541f1a880503fd80227492fa7a62887c 2010.1/i586/libsane-hpaio1-3.10.2-5.1mdv2010.2.i586.rpm a24cb6ad4cad2126dd0981b40ece0a32 2010.1/SRPMS/hplip-3.10.2-5.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 0cf5ba5a9fb6a0105c3e018756335bb1 2010.1/x86_64/hplip-3.10.2-5.1mdv2010.2.x86_64.rpm 5f3cd426f6b8fe299f4a5cee1b087190 2010.1/x86_64/hplip-doc-3.10.2-5.1mdv2010.2.x86_64.rpm a758e7cb12ce3d38e3900afaa030af92 2010.1/x86_64/hplip-gui-3.10.2-5.1mdv2010.2.x86_64.rpm 2842b87a9cfd8554759c8b3f83216549 2010.1/x86_64/hplip-hpijs-3.10.2-5.1mdv2010.2.x86_64.rpm d5c69f5aa745fe442cad0e9ab3595f57 2010.1/x86_64/hplip-hpijs-ppds-3.10.2-5.1mdv2010.2.x86_64.rpm 69cf2fa947c348ca09ba79277835a29b 2010.1/x86_64/hplip-model-data-3.10.2-5.1mdv2010.2.x86_64.rpm ff933538fb5354536840637ec0948d79 2010.1/x86_64/lib64hpip0-3.10.2-5.1mdv2010.2.x86_64.rpm effb912c95ba268754016a73480af09c 2010.1/x86_64/lib64hpip0-devel-3.10.2-5.1mdv2010.2.x86_64.rpm 519c5db5f1d58176dda0039cf10b7663 2010.1/x86_64/lib64sane-hpaio1-3.10.2-5.1mdv2010.2.x86_64.rpm a24cb6ad4cad2126dd0981b40ece0a32 2010.1/SRPMS/hplip-3.10.2-5.1mdv2010.2.src.rpm Corporate 4.0: 03d92550d30576b4c1c476a388ed243f corporate/4.0/i586/hplip-1.6.7-2.3.20060mlcs4.i586.rpm e028be582856c66c772c49991edccc55 corporate/4.0/i586/hplip-hpijs-1.6.7-2.3.20060mlcs4.i586.rpm 4abc0b0692096d0d9af598409c3eaf70 corporate/4.0/i586/hplip-hpijs-ppds-1.6.7-2.3.20060mlcs4.i586.rpm 89b0d7da7999eca27901dcdcdd0c3634 corporate/4.0/i586/hplip-model-data-1.6.7-2.3.20060mlcs4.i586.rpm a81f14567a002c03c9b576f4130bf77d corporate/4.0/i586/libhpip0-1.6.7-2.3.20060mlcs4.i586.rpm d82f9c10ced965c4365cab90c25d11bd corporate/4.0/i586/libhpip0-devel-1.6.7-2.3.20060mlcs4.i586.rpm 978eb556c1e2bb5cb86ab49cdb681f74 corporate/4.0/i586/libsane-hpaio1-1.6.7-2.3.20060mlcs4.i586.rpm fb8f6ba8e4d368e5f5c45d99f405215c corporate/4.0/SRPMS/hplip-1.6.7-2.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: ac5b9ec658f11d6cf241b466c9dac51d corporate/4.0/x86_64/hplip-1.6.7-2.3.20060mlcs4.x86_64.rpm ddedb1a1fd78901189421345d7bf3a52 corporate/4.0/x86_64/hplip-hpijs-1.6.7-2.3.20060mlcs4.x86_64.rpm 916024c9f7bb405520ae1f86df2e5c04 corporate/4.0/x86_64/hplip-hpijs-ppds-1.6.7-2.3.20060mlcs4.x86_64.rpm 54025ca07b6d256722804dc352edc175 corporate/4.0/x86_64/hplip-model-data-1.6.7-2.3.20060mlcs4.x86_64.rpm c27a679cf14668ffbda4147443d05cec corporate/4.0/x86_64/lib64hpip0-1.6.7-2.3.20060mlcs4.x86_64.rpm 0fd62b75a59fd8c36c98ad361d071ec6 corporate/4.0/x86_64/lib64hpip0-devel-1.6.7-2.3.20060mlcs4.x86_64.rpm 14d8ece2767b7dd80390e2eae3cc2a1e corporate/4.0/x86_64/lib64sane-hpaio1-1.6.7-2.3.20060mlcs4.x86_64.rpm fb8f6ba8e4d368e5f5c45d99f405215c corporate/4.0/SRPMS/hplip-1.6.7-2.3.20060mlcs4.src.rpm Mandriva Enterprise Server 5: a06aefe0bbb961a7e9086f0d2a3b09c6 mes5/i586/hplip-3.9.2-0.3mdvmes5.1.i586.rpm 954ff26f47895381ec87e2275cc97a92 mes5/i586/hplip-doc-3.9.2-0.3mdvmes5.1.i586.rpm 89e9c42a35733a9102d9c3e3e5e046e2 mes5/i586/hplip-gui-3.9.2-0.3mdvmes5.1.i586.rpm cfa5063aee32f7ff46b2310d7ff6b03f mes5/i586/hplip-hpijs-3.9.2-0.3mdvmes5.1.i586.rpm 65bf90dc23d27e64b419fdd92e1d4c39 mes5/i586/hplip-hpijs-ppds-3.9.2-0.3mdvmes5.1.i586.rpm 62dd5a662f2a876f9995c26796b2dec6 mes5/i586/hplip-model-data-3.9.2-0.3mdvmes5.1.i586.rpm 7a4fa4bad0852a74a761713a36b0c49f mes5/i586/libhpip0-3.9.2-0.3mdvmes5.1.i586.rpm 59942dd743b392fc8cbaa7a00fddc512 mes5/i586/libhpip0-devel-3.9.2-0.3mdvmes5.1.i586.rpm bf6dfce0b9c56c6ee95efa41bd1c23e8 mes5/i586/libsane-hpaio1-3.9.2-0.3mdvmes5.1.i586.rpm 9acba40c908b838ef2dbc61ed6b95e44 mes5/SRPMS/hplip-3.9.2-0.3mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: b1a906f4ad7e5a4c443ed440c95e0e07 mes5/x86_64/hplip-3.9.2-0.3mdvmes5.1.x86_64.rpm bbcf72fdddf01b1e5d5eee61f4373b5c mes5/x86_64/hplip-doc-3.9.2-0.3mdvmes5.1.x86_64.rpm 36c42a823e73e78766291a8d76f7b5fe mes5/x86_64/hplip-gui-3.9.2-0.3mdvmes5.1.x86_64.rpm 20c81db73d37763c941f0f064c239fde mes5/x86_64/hplip-hpijs-3.9.2-0.3mdvmes5.1.x86_64.rpm d1fd4fa1743b30954c39a1e9e5865957 mes5/x86_64/hplip-hpijs-ppds-3.9.2-0.3mdvmes5.1.x86_64.rpm de05671a4d16ff0f761938e11f4b00fc mes5/x86_64/hplip-model-data-3.9.2-0.3mdvmes5.1.x86_64.rpm 15a728fb93ae5fb57b7f083cafd59e54 mes5/x86_64/lib64hpip0-3.9.2-0.3mdvmes5.1.x86_64.rpm 8efcab4cb06cf477169eb2698f840ee4 mes5/x86_64/lib64hpip0-devel-3.9.2-0.3mdvmes5.1.x86_64.rpm c582ac9835e04b9532164abf5b325e1f mes5/x86_64/lib64sane-hpaio1-3.9.2-0.3mdvmes5.1.x86_64.rpm 9acba40c908b838ef2dbc61ed6b95e44 mes5/SRPMS/hplip-3.9.2-0.3mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNNvelmqjQ0CJFipgRApJbAJ9ItXvsDNbUG4JI9UXdkKO5rJ0ZPgCcCZ85 V7CNl7GosfO/iYlOpk0EfCU= =yErj -----END PGP SIGNATURE-----