USN-530-1: hplip vulnerability

12 October 2007

hplip vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.04
  • Ubuntu 6.10

Software Description

  • hplip

Details

It was discovered that the hpssd tool of hplip did not correctly handle shell meta-characters. A local attacker could exploit this to execute arbitrary commands as the hplip user.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.04
hplip - 1.7.3-0ubuntu1.1
Ubuntu 6.10
hplip - 1.6.9-0ubuntu2.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References