FS#38083 : [hplip] CVE-2013-6427

FS#38083 - [hplip] CVE-2013-6427

Attached to Project: Arch Linux
Opened by RbN (RbN) - Monday, 09 December 2013, 20:18 GMT
Last edited by Andreas Radke (AndyRTR) - Wednesday, 11 December 2013, 16:52 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Andreas Radke (AndyRTR) Tom Gundersen (tomegun)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
hplip provide by default a hp-upgrade script to upgrade itself. The upgrade is done by
a) downloading a binary via http
b) executing it
It introduces obvious security problems and untracked files (from pacman) in FS.

[0] openSUSE bug (+ links to other bugs worth-looking)
[1] CVE attribution

Resolution :
delete this file or patch it as openSUSE does [2]

Ressources:
[0] https://bugzilla.novell.com/show_bug.cgi?id=853405
[1] http://openwall.com/lists/oss-security/2013/12/05/1
[2] http://bugzillafiles.novell.org/attachment.cgi?id=570200

This task depends upon

Closed by Andreas Radke (AndyRTR)
Wednesday, 11 December 2013, 16:52 GMT
Reason for closing: Fixed
Additional comments about closing: 3.13.11-2

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#38083 - [hplip] CVE-2013-6427

Details

Loading...