Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#38083 - [hplip] CVE-2013-6427

Attached to Project: Arch Linux
Opened by RbN (RbN) - Monday, 09 December 2013, 20:18 GMT
Last edited by Andreas Radke (AndyRTR) - Wednesday, 11 December 2013, 16:52 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Andreas Radke (AndyRTR)
Tom Gundersen (tomegun)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
hplip provide by default a hp-upgrade script to upgrade itself. The upgrade is done by
a) downloading a binary via http
b) executing it
It introduces obvious security problems and untracked files (from pacman) in FS.

[0] openSUSE bug (+ links to other bugs worth-looking)
[1] CVE attribution

Resolution :
delete this file or patch it as openSUSE does [2]

Ressources:
[0] https://bugzilla.novell.com/show_bug.cgi?id=853405
[1] http://openwall.com/lists/oss-security/2013/12/05/1
[2] http://bugzillafiles.novell.org/attachment.cgi?id=570200
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Wednesday, 11 December 2013, 16:52 GMT
Reason for closing:  Fixed
Additional comments about closing:  3.13.11-2

Loading...