News

Saturday, October 13, 2007

ubuntu-security-announce Digest, Vol 37, Issue 7

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-530-1] hplip vulnerability (Kees Cook)


----------------------------------------------------------------------

Message: 1
Date: Fri, 12 Oct 2007 11:57:17 -0700
From: Kees Cook <kees@ubuntu.com>
Subject: [USN-530-1] hplip vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20071012185717.GR10703@outflux.net>
Content-Type: text/plain; charset="us-ascii"

===========================================================
Ubuntu Security Notice USN-530-1 October 12, 2007
hplip vulnerability
CVE-2007-5208
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
hplip 1.6.9-0ubuntu2.1

Ubuntu 7.04:
hplip 1.7.3-0ubuntu1.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

It was discovered that the hpssd tool of hplip did not correctly handle
shell meta-characters. A local attacker could exploit this to execute
arbitrary commands as the hplip user.


Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1.diff.gz

Size/MD5: 259212 536df2eefb0b9fbe7265ce08cbcab8c6

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1.dsc

Size/MD5: 867 f3fcef4f5d77e560d6e689dd46bd43cf

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9.orig.tar.gz

Size/MD5: 10018087 38d57f58b48b5b0729d1de507776e7d1

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs-ppds_2.6.9+1.6.9-0ubuntu2.1_all.deb

Size/MD5: 206190 b9b489f0774aa87c39124cb0db13fd31

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-data_1.6.9-0ubuntu2.1_all.deb

Size/MD5: 6275996 6418efb1c032cd56481f644f19b3b61f

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-doc_1.6.9-0ubuntu2.1_all.deb

Size/MD5: 1110706 e0178bd79b82544198aaaf530440383b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.6.9+1.6.9-0ubuntu2.1_amd64.deb

Size/MD5: 353370 6bee9b223495e146322db33ba595a3dd

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.6.9-0ubuntu2.1_amd64.deb

Size/MD5: 852854 0e1c50cf2f59f863fdd9f6921d75e182

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1_amd64.deb

Size/MD5: 558178 4993f82769599490e9afa75716ec676c

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.6.9+1.6.9-0ubuntu2.1_i386.deb

Size/MD5: 345224 d3b9fe0a4f475f27a4a7ed2f489bee5e

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.6.9-0ubuntu2.1_i386.deb

Size/MD5: 825126 12c869a1721ccafc603583d711a01eff

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1_i386.deb

Size/MD5: 547254 dd426a5a7d2c9df72b6ca89e04bb546f

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.6.9+1.6.9-0ubuntu2.1_powerpc.deb

Size/MD5: 358780 4f77e25806dea449159b42eead6a7c99

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.6.9-0ubuntu2.1_powerpc.deb

Size/MD5: 862550 60f526a1953027144f3276425fd8048a

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1_powerpc.deb

Size/MD5: 563708 92351b2f1f6b6e9a8322e79818656c22

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.6.9+1.6.9-0ubuntu2.1_sparc.deb

Size/MD5: 338118 74c15c966e2f094464cd476b3b5682fa

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.6.9-0ubuntu2.1_sparc.deb

Size/MD5: 784194 92b986a25c359122a5f10123306921fd

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1_sparc.deb

Size/MD5: 542478 79ca390d413545ec5038624a40eddea0

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1.diff.gz

Size/MD5: 306365 f41ad069c89422c7cf532b7f0b2298e9

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1.dsc

Size/MD5: 1011 4205e63a16f1218403e403361351779b

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3.orig.tar.gz

Size/MD5: 13556732 6921d256c9efc37446f5d2fad71979f8

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-data_1.7.3-0ubuntu1.1_all.deb

Size/MD5: 6497568 cd98dd4bd54b155e664f6fc988ce3995

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-doc_1.7.3-0ubuntu1.1_all.deb

Size/MD5: 4083742 089dcc3694e3d249188774c4ab6f727c

http://security.ubuntu.com/ubuntu/pool/universe/h/hplip/hpijs-ppds_2.7.2+1.7.3-0ubuntu1.1_all.deb

Size/MD5: 217720 cdf52af0871895a8e4e8a81ada765870

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.2+1.7.3-0ubuntu1.1_amd64.deb

Size/MD5: 382046 6ed6ce7e6fe4301a5322d8cd8dae3744

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.7.3-0ubuntu1.1_amd64.deb

Size/MD5: 902140 20107f7558991ccb6e4a90c283b45aa3

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1_amd64.deb

Size/MD5: 632374 b054a977150ec9f73e6334609ba7c947

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.2+1.7.3-0ubuntu1.1_i386.deb

Size/MD5: 374496 9d99f0b15690bef45e3458ac5190f988

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.7.3-0ubuntu1.1_i386.deb

Size/MD5: 874992 f5a1dc5eb40a50f043b2a2b5f73f9802

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1_i386.deb

Size/MD5: 620606 05a1aab80677a9147b09dc7c27937712

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.2+1.7.3-0ubuntu1.1_powerpc.deb

Size/MD5: 390378 eaec56fad0a69e249b2498eadf818d0d

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.7.3-0ubuntu1.1_powerpc.deb

Size/MD5: 912866 80f008c38bb588d014dcaf598ca76c3f

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1_powerpc.deb

Size/MD5: 646356 e77243f70a0fd1a15c32948d792a5fb9

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.2+1.7.3-0ubuntu1.1_sparc.deb

Size/MD5: 368140 0aebeee7c64bcac5a2ba28cf627b9282

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.7.3-0ubuntu1.1_sparc.deb

Size/MD5: 832520 aa33f0f52142a040f1fc462f634ddd53

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1_sparc.deb

Size/MD5: 615194 e9216b7fc51ebb054961f22a5c4f759f

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20071012/6368de96/attachment-0001.pgp


------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 37, Issue 7
*******************************************************

No comments:

Blog Archive