Ubuntu Security Notice USN-674-1 - It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behavior by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service.
d2c4d7347624881811ac3d78377e58ca2ac8f982b257415af5e7f2543208a54a