Low CentOS hplip3 Update

Metadata

low
1.2
hpijs3-3.9.8-15.el5.i386.rpm, hpijs3-3.9.8-15.el5.x86_64.rpm, hplip3-3.9.8-15.el5.i386.rpm, hplip3-3.9.8-15.el5.src.rpm, hplip3-3.9.8-15.el5.x86_64.rpm, hplip3-common-3.9.8-15.el5.i386.rpm, hplip3-common-3.9.8-15.el5.x86_64.rpm, hplip3-gui-3.9.8-15.el5.i386.rpm, hplip3-gui-3.9.8-15.el5.x86_64.rpm, hplip3-libs-3.9.8-15.el5.i386.rpm, hplip3-libs-3.9.8-15.el5.x86_64.rpm, libsane-hpaio3-3.9.8-15.el5.i386.rpm, libsane-hpaio3-3.9.8-15.el5.x86_64.rpm
CVE-2011-2722
rhn.redhat.com, lists.centos.org, lists.centos.org
2013-01-09
2017-07-27 19:04
Low CentOS hplip Update
CVE-2011-2722 hplip
CVE-2011-2722
2017-04-01 19:06
2017-01-05 20:10

Description


Updated hplip3 packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for
Hewlett-Packard (HP) printers and multifunction peripherals.

It was found that the HP CUPS (Common UNIX Printing System) fax filter in
HPLIP created a temporary file in an insecure way. A local attacker could
use this flaw to perform a symbolic link attack, overwriting arbitrary
files accessible to a process using the fax filter (such as the
hp3-sendfax tool). (CVE-2011-2722)

This update also fixes the following bug:

* Previous modifications of the hplip3 package to allow it to be installed
alongside the original hplip package introduced several problems to fax
support; for example, the hp-sendfax utility could become unresponsive.
These problems have been fixed with this update. (BZ#501834)

All users of hplip3 are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
5 hpijs3 hpijs3-3.9.8-15.el5.i386.rpm
hpijs3 hpijs3-3.9.8-15.el5.x86_64.rpm
hplip3 hplip3-3.9.8-15.el5.i386.rpm
hplip3 hplip3-3.9.8-15.el5.src.rpm
hplip3 hplip3-3.9.8-15.el5.x86_64.rpm
hplip3-common hplip3-common-3.9.8-15.el5.i386.rpm
hplip3-common hplip3-common-3.9.8-15.el5.x86_64.rpm
hplip3-gui hplip3-gui-3.9.8-15.el5.i386.rpm
hplip3-gui hplip3-gui-3.9.8-15.el5.x86_64.rpm
hplip3-libs hplip3-libs-3.9.8-15.el5.i386.rpm
hplip3-libs hplip3-libs-3.9.8-15.el5.x86_64.rpm
libsane-hpaio3 libsane-hpaio3-3.9.8-15.el5.i386.rpm
libsane-hpaio3 libsane-hpaio3-3.9.8-15.el5.x86_64.rpm