ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-530-1] hplip vulnerability (Kees Cook)
----------------------------------------------------------------------
Message: 1
Date: Fri, 12 Oct 2007 11:57:17 -0700
From: Kees Cook <kees@ubuntu.com>
Subject: [USN-530-1] hplip vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20071012185717.GR10703@outflux.net>
Content-Type: text/plain; charset="us-ascii"
===========================================================
Ubuntu Security Notice USN-530-1 October 12, 2007
hplip vulnerability
CVE-2007-5208
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.10:
hplip 1.6.9-0ubuntu2.1
Ubuntu 7.04:
hplip 1.7.3-0ubuntu1.1
In general, a standard system upgrade is sufficient to affect the
necessary changes.
Details follow:
It was discovered that the hpssd tool of hplip did not correctly handle
shell meta-characters. A local attacker could exploit this to execute
arbitrary commands as the hplip user.
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1.diff.gz
Size/MD5: 259212 536df2eefb0b9fbe7265ce08cbcab8c6
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1.dsc
Size/MD5: 867 f3fcef4f5d77e560d6e689dd46bd43cf
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9.orig.tar.gz
Size/MD5: 10018087 38d57f58b48b5b0729d1de507776e7d1
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs-ppds_2.6.9+1.6.9-0ubuntu2.1_all.deb
Size/MD5: 206190 b9b489f0774aa87c39124cb0db13fd31
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-data_1.6.9-0ubuntu2.1_all.deb
Size/MD5: 6275996 6418efb1c032cd56481f644f19b3b61f
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-doc_1.6.9-0ubuntu2.1_all.deb
Size/MD5: 1110706 e0178bd79b82544198aaaf530440383b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.6.9+1.6.9-0ubuntu2.1_amd64.deb
Size/MD5: 353370 6bee9b223495e146322db33ba595a3dd
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.6.9-0ubuntu2.1_amd64.deb
Size/MD5: 852854 0e1c50cf2f59f863fdd9f6921d75e182
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1_amd64.deb
Size/MD5: 558178 4993f82769599490e9afa75716ec676c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.6.9+1.6.9-0ubuntu2.1_i386.deb
Size/MD5: 345224 d3b9fe0a4f475f27a4a7ed2f489bee5e
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.6.9-0ubuntu2.1_i386.deb
Size/MD5: 825126 12c869a1721ccafc603583d711a01eff
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1_i386.deb
Size/MD5: 547254 dd426a5a7d2c9df72b6ca89e04bb546f
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.6.9+1.6.9-0ubuntu2.1_powerpc.deb
Size/MD5: 358780 4f77e25806dea449159b42eead6a7c99
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.6.9-0ubuntu2.1_powerpc.deb
Size/MD5: 862550 60f526a1953027144f3276425fd8048a
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1_powerpc.deb
Size/MD5: 563708 92351b2f1f6b6e9a8322e79818656c22
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.6.9+1.6.9-0ubuntu2.1_sparc.deb
Size/MD5: 338118 74c15c966e2f094464cd476b3b5682fa
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.6.9-0ubuntu2.1_sparc.deb
Size/MD5: 784194 92b986a25c359122a5f10123306921fd
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.6.9-0ubuntu2.1_sparc.deb
Size/MD5: 542478 79ca390d413545ec5038624a40eddea0
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1.diff.gz
Size/MD5: 306365 f41ad069c89422c7cf532b7f0b2298e9
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1.dsc
Size/MD5: 1011 4205e63a16f1218403e403361351779b
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3.orig.tar.gz
Size/MD5: 13556732 6921d256c9efc37446f5d2fad71979f8
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-data_1.7.3-0ubuntu1.1_all.deb
Size/MD5: 6497568 cd98dd4bd54b155e664f6fc988ce3995
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-doc_1.7.3-0ubuntu1.1_all.deb
Size/MD5: 4083742 089dcc3694e3d249188774c4ab6f727c
http://security.ubuntu.com/ubuntu/pool/universe/h/hplip/hpijs-ppds_2.7.2+1.7.3-0ubuntu1.1_all.deb
Size/MD5: 217720 cdf52af0871895a8e4e8a81ada765870
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.2+1.7.3-0ubuntu1.1_amd64.deb
Size/MD5: 382046 6ed6ce7e6fe4301a5322d8cd8dae3744
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.7.3-0ubuntu1.1_amd64.deb
Size/MD5: 902140 20107f7558991ccb6e4a90c283b45aa3
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1_amd64.deb
Size/MD5: 632374 b054a977150ec9f73e6334609ba7c947
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.2+1.7.3-0ubuntu1.1_i386.deb
Size/MD5: 374496 9d99f0b15690bef45e3458ac5190f988
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.7.3-0ubuntu1.1_i386.deb
Size/MD5: 874992 f5a1dc5eb40a50f043b2a2b5f73f9802
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1_i386.deb
Size/MD5: 620606 05a1aab80677a9147b09dc7c27937712
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.2+1.7.3-0ubuntu1.1_powerpc.deb
Size/MD5: 390378 eaec56fad0a69e249b2498eadf818d0d
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.7.3-0ubuntu1.1_powerpc.deb
Size/MD5: 912866 80f008c38bb588d014dcaf598ca76c3f
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1_powerpc.deb
Size/MD5: 646356 e77243f70a0fd1a15c32948d792a5fb9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.2+1.7.3-0ubuntu1.1_sparc.deb
Size/MD5: 368140 0aebeee7c64bcac5a2ba28cf627b9282
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_1.7.3-0ubuntu1.1_sparc.deb
Size/MD5: 832520 aa33f0f52142a040f1fc462f634ddd53
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_1.7.3-0ubuntu1.1_sparc.deb
Size/MD5: 615194 e9216b7fc51ebb054961f22a5c4f759f
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20071012/6368de96/attachment-0001.pgp
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 37, Issue 7
*******************************************************
No comments:
Post a Comment