News

Wednesday, January 14, 2009

ubuntu-security-announce Digest, Vol 52, Issue 5

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-708-1] HPLIP vulnerability (Marc Deslauriers)


----------------------------------------------------------------------

Message: 1
Date: Tue, 13 Jan 2009 15:50:26 -0500
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Subject: [USN-708-1] HPLIP vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <1231879826.11166.22.camel@mdlinux.technorage.com>
Content-Type: text/plain; charset="us-ascii"

===========================================================
Ubuntu Security Notice USN-708-1 January 13, 2009
hplip vulnerability
https://launchpad.net/bugs/191299
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
hplip 2.7.7.dfsg.1-0ubuntu5.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that an installation script in the HPLIP package would
change permissions on the hplip config files located in user's home directories.
A local user could exploit this and change permissions on arbitrary files
upon an HPLIP installation or upgrade, which could lead to root privileges.


Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3.diff.gz
Size/MD5: 149462 e8b5cb18aff082738bfcfe069eb873f5
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3.dsc
Size/MD5: 1064 531e707f0cbace5f1eb82039e409c306
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1.orig.tar.gz
Size/MD5: 14361049 ae5165d46413db8119979f5b3345f7a5

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-data_2.7.7.dfsg.1-0ubuntu5.3_all.deb
Size/MD5: 6898006 691895b0f8e5fc93bcb86d47d11da1af
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-doc_2.7.7.dfsg.1-0ubuntu5.3_all.deb
Size/MD5: 4146918 d4e0b928aacc84bbe2a05862050a5963
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-gui_2.7.7.dfsg.1-0ubuntu5.3_all.deb
Size/MD5: 117628 91f0c9d09f2520e76b3a3e6cde4abd63
http://security.ubuntu.com/ubuntu/pool/universe/h/hplip/hpijs-ppds_2.7.7+2.7.7.dfsg.1-0ubuntu5.3_all.deb
Size/MD5: 480134 59604754cef89d7b5ae128ecf20f44da

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.7+2.7.7.dfsg.1-0ubuntu5.3_amd64.deb
Size/MD5: 341576 918813fb4741326051c7480ffeae9a9a
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_2.7.7.dfsg.1-0ubuntu5.3_amd64.deb
Size/MD5: 770122 ccef78fc8a55b4e94318931964e9e97b
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3_amd64.deb
Size/MD5: 302856 f2a47e27a69aa016334a1ffdac105be1

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.7+2.7.7.dfsg.1-0ubuntu5.3_i386.deb
Size/MD5: 334690 dd891b2df494fd1fbc46abd25b9ef7db
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_2.7.7.dfsg.1-0ubuntu5.3_i386.deb
Size/MD5: 747250 4676694a4d20445e64f3f4dc91aaa44c
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3_i386.deb
Size/MD5: 290282 921463222e2b642fb5bc16083d8b70ac

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/h/hplip/hpijs_2.7.7+2.7.7.dfsg.1-0ubuntu5.3_lpia.deb
Size/MD5: 337798 9c060add246bb5212706b9dd0d92cc51
http://ports.ubuntu.com/pool/main/h/hplip/hplip-dbg_2.7.7.dfsg.1-0ubuntu5.3_lpia.deb
Size/MD5: 926096 af4481ea010212486ea621103329cf13
http://ports.ubuntu.com/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3_lpia.deb
Size/MD5: 290082 f26b9fc31e3457719b3102b3a9c77b5b

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.7+2.7.7.dfsg.1-0ubuntu5.3_powerpc.deb
Size/MD5: 348258 66f9714865cad898e10e98ef83f6e443
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_2.7.7.dfsg.1-0ubuntu5.3_powerpc.deb
Size/MD5: 784504 0c76dac215474fc62900aea547168387
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3_powerpc.deb
Size/MD5: 319006 52d13211d1681fe90b74951dc204a788

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hpijs_2.7.7+2.7.7.dfsg.1-0ubuntu5.3_sparc.deb
Size/MD5: 332756 a3411ca114399f0359b949462e0313ab
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip-dbg_2.7.7.dfsg.1-0ubuntu5.3_sparc.deb
Size/MD5: 717210 401d1050417a9a8608198088abb9e305
http://security.ubuntu.com/ubuntu/pool/main/h/hplip/hplip_2.7.7.dfsg.1-0ubuntu5.3_sparc.deb
Size/MD5: 289370 f92c0c0f6a2f2ccef18d3874db728bf7


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20090113/e216c5b3/attachment-0001.pgp

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 52, Issue 5
*******************************************************

No comments:

Blog Archive