Synopsis

Important: hplip security update

Type/Severity

Security Advisory: Important

Topic

An updated hplip package to correct a security flaw is now available for Red
Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The hplip (Hewlett-Packard Linux Imaging and Printing Project) package
provides drivers for HP printers and multi-function peripherals.

Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user
input. A local attacker could send a specially crafted request to the hpssd
daemon, possibly allowing them to run arbitrary commands as the root user.
(CVE-2007-5208). On Red Hat Enterprise Linux 5, the SELinux targeted
policy for hpssd which is enabled by default, blocks the ability to exploit
this issue to run arbitrary code.

Users of hplip are advised to upgrade to this updated package, which
contains backported patches to resolve this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 319921 - CVE-2007-5208 hplip arbitrary command execution

CVEs

• CVE-2007-5208

References

• http://www.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux Server 5

SRPM
hplip-1.6.7-4.1.el5_0.3.src.rpm	SHA-256: ed08ae77e5ebd0995e3c9bd78828a18eed4327273251e40848ecbc40f70ec601
x86_64
hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm	SHA-256: 28bed49db821d84af2b2b2ab63640091ac2164f92f0e1e4027e39ebbf43badd2
hplip-1.6.7-4.1.el5_0.3.x86_64.rpm	SHA-256: 87cb1ba9dfc70efe06194c28f8627d26292d3a8385c283e869d029492d78c0b7
libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm	SHA-256: 43c55744f5efb64e95d72a5ca82a42fbe58653eb0bc9a0111dd07810931ad7ff
ia64
hpijs-1.6.7-4.1.el5_0.3.ia64.rpm	SHA-256: d0fc7f38d919041068e4a50d69e8de85540f0e719cd40bedfb744fd69dd55e21
hplip-1.6.7-4.1.el5_0.3.ia64.rpm	SHA-256: 24989ac33a1561fc167652eea974fb8c7461a66c491fce24114ef6eb582bd023
libsane-hpaio-1.6.7-4.1.el5_0.3.ia64.rpm	SHA-256: c4f2e4d1c3a88624b8e9b436b69eb5a153f63aa3de1842afa8055d0caff2a39f
i386
hpijs-1.6.7-4.1.el5_0.3.i386.rpm	SHA-256: c9cfaf72d3d4476e7bf6a6fabd38487b072b9a3f2c17eb009937710433d1b9ed
hplip-1.6.7-4.1.el5_0.3.i386.rpm	SHA-256: f517b4e5dbf3e4bd56928d5a5e6d3b6e99946e7a8ada58554153c651dcec672e
libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm	SHA-256: 4e910ec17fc6fa51ab7378f298716a647efc5902e1ceaf74dd238583e7e55a68

Red Hat Enterprise Linux Workstation 5

SRPM
hplip-1.6.7-4.1.el5_0.3.src.rpm	SHA-256: ed08ae77e5ebd0995e3c9bd78828a18eed4327273251e40848ecbc40f70ec601
x86_64
hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm	SHA-256: 28bed49db821d84af2b2b2ab63640091ac2164f92f0e1e4027e39ebbf43badd2
hplip-1.6.7-4.1.el5_0.3.x86_64.rpm	SHA-256: 87cb1ba9dfc70efe06194c28f8627d26292d3a8385c283e869d029492d78c0b7
libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm	SHA-256: 43c55744f5efb64e95d72a5ca82a42fbe58653eb0bc9a0111dd07810931ad7ff
i386
hpijs-1.6.7-4.1.el5_0.3.i386.rpm	SHA-256: c9cfaf72d3d4476e7bf6a6fabd38487b072b9a3f2c17eb009937710433d1b9ed
hplip-1.6.7-4.1.el5_0.3.i386.rpm	SHA-256: f517b4e5dbf3e4bd56928d5a5e6d3b6e99946e7a8ada58554153c651dcec672e
libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm	SHA-256: 4e910ec17fc6fa51ab7378f298716a647efc5902e1ceaf74dd238583e7e55a68

Red Hat Enterprise Linux Desktop 5

SRPM
hplip-1.6.7-4.1.el5_0.3.src.rpm	SHA-256: ed08ae77e5ebd0995e3c9bd78828a18eed4327273251e40848ecbc40f70ec601
x86_64
hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm	SHA-256: 28bed49db821d84af2b2b2ab63640091ac2164f92f0e1e4027e39ebbf43badd2
hplip-1.6.7-4.1.el5_0.3.x86_64.rpm	SHA-256: 87cb1ba9dfc70efe06194c28f8627d26292d3a8385c283e869d029492d78c0b7
libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm	SHA-256: 43c55744f5efb64e95d72a5ca82a42fbe58653eb0bc9a0111dd07810931ad7ff
i386
hpijs-1.6.7-4.1.el5_0.3.i386.rpm	SHA-256: c9cfaf72d3d4476e7bf6a6fabd38487b072b9a3f2c17eb009937710433d1b9ed
hplip-1.6.7-4.1.el5_0.3.i386.rpm	SHA-256: f517b4e5dbf3e4bd56928d5a5e6d3b6e99946e7a8ada58554153c651dcec672e
libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm	SHA-256: 4e910ec17fc6fa51ab7378f298716a647efc5902e1ceaf74dd238583e7e55a68

Red Hat Enterprise Linux for Power, big endian 5

SRPM
hplip-1.6.7-4.1.el5_0.3.src.rpm	SHA-256: ed08ae77e5ebd0995e3c9bd78828a18eed4327273251e40848ecbc40f70ec601
ppc
hpijs-1.6.7-4.1.el5_0.3.ppc.rpm	SHA-256: f4b5c238d9b7d8c1b404d48a2616ad590b1a4edfb5b2782c12aa250907c928ee
hplip-1.6.7-4.1.el5_0.3.ppc.rpm	SHA-256: d57c124dd134aa14c3c4f9999c9e605042aac70edd55bd1fdad85317c70882bc
libsane-hpaio-1.6.7-4.1.el5_0.3.ppc.rpm	SHA-256: 87da162e73395110fdf263324c28ae4c5365f506cd39966d52e555030f588361

Red Hat Enterprise Linux Server from RHUI 5

SRPM
hplip-1.6.7-4.1.el5_0.3.src.rpm	SHA-256: ed08ae77e5ebd0995e3c9bd78828a18eed4327273251e40848ecbc40f70ec601
x86_64
hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm	SHA-256: 28bed49db821d84af2b2b2ab63640091ac2164f92f0e1e4027e39ebbf43badd2
hplip-1.6.7-4.1.el5_0.3.x86_64.rpm	SHA-256: 87cb1ba9dfc70efe06194c28f8627d26292d3a8385c283e869d029492d78c0b7
libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm	SHA-256: 43c55744f5efb64e95d72a5ca82a42fbe58653eb0bc9a0111dd07810931ad7ff
i386
hpijs-1.6.7-4.1.el5_0.3.i386.rpm	SHA-256: c9cfaf72d3d4476e7bf6a6fabd38487b072b9a3f2c17eb009937710433d1b9ed
hplip-1.6.7-4.1.el5_0.3.i386.rpm	SHA-256: f517b4e5dbf3e4bd56928d5a5e6d3b6e99946e7a8ada58554153c651dcec672e
libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm	SHA-256: 4e910ec17fc6fa51ab7378f298716a647efc5902e1ceaf74dd238583e7e55a68