FS#38083 - [hplip] CVE-2013-6427
Attached to Project:
Arch Linux
Opened by RbN (RbN) - Monday, 09 December 2013, 20:18 GMT
Last edited by Andreas Radke (AndyRTR) - Wednesday, 11 December 2013, 16:52 GMT
Opened by RbN (RbN) - Monday, 09 December 2013, 20:18 GMT
Last edited by Andreas Radke (AndyRTR) - Wednesday, 11 December 2013, 16:52 GMT
|
Details
Description:
hplip provide by default a hp-upgrade script to upgrade itself. The upgrade is done by a) downloading a binary via http b) executing it It introduces obvious security problems and untracked files (from pacman) in FS. [0] openSUSE bug (+ links to other bugs worth-looking) [1] CVE attribution Resolution : delete this file or patch it as openSUSE does [2] Ressources: [0] https://bugzilla.novell.com/show_bug.cgi?id=853405 [1] http://openwall.com/lists/oss-security/2013/12/05/1 [2] http://bugzillafiles.novell.org/attachment.cgi?id=570200 |
This task depends upon
Closed by Andreas Radke (AndyRTR)
Wednesday, 11 December 2013, 16:52 GMT
Reason for closing: Fixed
Additional comments about closing: 3.13.11-2
Wednesday, 11 December 2013, 16:52 GMT
Reason for closing: Fixed
Additional comments about closing: 3.13.11-2