Red Hat Product Errata RHSA-2013:0133 - Security Advisory

Issued:: 2013-01-08
Updated:: 2013-01-08

RHSA-2013:0133 - Security Advisory

Overview
Updated Packages

Synopsis

Low: hplip3 security and bug fix update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated hplip3 packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for
Hewlett-Packard (HP) printers and multifunction peripherals.

It was found that the HP CUPS (Common UNIX Printing System) fax filter in
HPLIP created a temporary file in an insecure way. A local attacker could
use this flaw to perform a symbolic link attack, overwriting arbitrary
files accessible to a process using the fax filter (such as the
hp3-sendfax tool). (CVE-2011-2722)

This update also fixes the following bug:

Previous modifications of the hplip3 package to allow it to be installed

alongside the original hplip package introduced several problems to fax
support; for example, the hp-sendfax utility could become unresponsive.
These problems have been fixed with this update. (BZ#501834)

All users of hplip3 are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 501834 - hplip hp-sendfax PyQt combination is broken
BZ - 725830 - CVE-2011-2722 hplip: insecure temporary file handling

CVEs

CVE-2011-2722

References

https://access.redhat.com/security/updates/classification/#low

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
hplip3-3.9.8-15.el5.src.rpm	SHA-256: 678df971702fee5568b24bee66dcb7b7dc9f9408a42f18a04ed1183eaf1b771c
x86_64
hpijs3-3.9.8-15.el5.x86_64.rpm	SHA-256: 5ee7c959014fd1590f1f509c5bd808d91026ac3cbe8765a05e0c59d548fd731e
hplip3-3.9.8-15.el5.x86_64.rpm	SHA-256: 193941204c02139bae99ee207696dfc2f17d5d6c324148cc830cd31e4c02590d
hplip3-common-3.9.8-15.el5.x86_64.rpm	SHA-256: 6914ba1a02c87a7c5b94173f3e05badf93fe4af72f4c9b7870df65f04c9c96aa
hplip3-debuginfo-3.9.8-15.el5.x86_64.rpm	SHA-256: 393ad9d93b435acd3cc63b603c0c6167d257b8885d2edcbfad0d9c536ad00af1
hplip3-gui-3.9.8-15.el5.x86_64.rpm	SHA-256: 4bc5115e000abd8510e5cacba6f09edd6f5e344168381dc1c13c5a8683ec7e0b
hplip3-libs-3.9.8-15.el5.x86_64.rpm	SHA-256: 97e3ea963a06efa733f039b68bd835d701790c0ac22160308b8d83d2d12454f6
libsane-hpaio3-3.9.8-15.el5.x86_64.rpm	SHA-256: 3cecfef118a3a989407552685a425e3f6e16e529a573c2200fb9f060931e8c69
ia64
hpijs3-3.9.8-15.el5.ia64.rpm	SHA-256: f900e5fbacca524dcb07b30ff8692d7f9e4e8f388df4935cc7c9ee77b22c7c51
hplip3-3.9.8-15.el5.ia64.rpm	SHA-256: 27b09363a6f8b023c6d1309c1b5f4f0792f4510f8de4963afe6a422ecd67e508
hplip3-common-3.9.8-15.el5.ia64.rpm	SHA-256: 2227a6ff0a0f303fc8913d44ee304a8195353f7203da85b740c3960e035924a6
hplip3-debuginfo-3.9.8-15.el5.ia64.rpm	SHA-256: e9c429ef9f04563f5ec979b3ee9881af5fd59c5eb1ef0305477483ec091b4092
hplip3-gui-3.9.8-15.el5.ia64.rpm	SHA-256: 9c0c4dbac0223b1360e9d19f9c5d13e3d6e4f80988fab68072af6148cbd9979f
hplip3-libs-3.9.8-15.el5.ia64.rpm	SHA-256: 7a7cdf8e5ddbeee2fad45551dfe1350049abb00fec7704c43cb5037923c3e313
libsane-hpaio3-3.9.8-15.el5.ia64.rpm	SHA-256: 89cee90d0866f2ee1a230dd5fc54c86633c18f2b2c6cf5651269a835a1d59d91
i386
hpijs3-3.9.8-15.el5.i386.rpm	SHA-256: a1a755bba75d7a59876c1249eaacaf6eeec8dd277f4fe76f25f5739345b5bee5
hplip3-3.9.8-15.el5.i386.rpm	SHA-256: c8136c0fa5ea54d38d53aae3c02bcb671baeba07ee452e790c8239061d1ae65e
hplip3-common-3.9.8-15.el5.i386.rpm	SHA-256: f86cdac6f8bdc5f6085a51da8dca9afbef5fc6999fd7347f282cb405b63501d4
hplip3-debuginfo-3.9.8-15.el5.i386.rpm	SHA-256: fe2eb0285b2b10fb34b3c54e1548b6addb9c2894bda1c01ada8c36756173f8b7
hplip3-gui-3.9.8-15.el5.i386.rpm	SHA-256: f671dd1c6beb59feec59ea9badd6496c86751dece1a6f5200b8d4be9b7115c6c
hplip3-libs-3.9.8-15.el5.i386.rpm	SHA-256: 006b85f902953c70f29b0b230b8cecd8d2bd6ec10cb651d23fa7a56592ac00fd
libsane-hpaio3-3.9.8-15.el5.i386.rpm	SHA-256: ecde01653d49058c573e8b327b7b2ba50842fc10991adb2dac4becc26f5efd33

Red Hat Enterprise Linux Workstation 5

SRPM
hplip3-3.9.8-15.el5.src.rpm	SHA-256: 678df971702fee5568b24bee66dcb7b7dc9f9408a42f18a04ed1183eaf1b771c
x86_64
hpijs3-3.9.8-15.el5.x86_64.rpm	SHA-256: 5ee7c959014fd1590f1f509c5bd808d91026ac3cbe8765a05e0c59d548fd731e
hplip3-3.9.8-15.el5.x86_64.rpm	SHA-256: 193941204c02139bae99ee207696dfc2f17d5d6c324148cc830cd31e4c02590d
hplip3-common-3.9.8-15.el5.x86_64.rpm	SHA-256: 6914ba1a02c87a7c5b94173f3e05badf93fe4af72f4c9b7870df65f04c9c96aa
hplip3-debuginfo-3.9.8-15.el5.x86_64.rpm	SHA-256: 393ad9d93b435acd3cc63b603c0c6167d257b8885d2edcbfad0d9c536ad00af1
hplip3-gui-3.9.8-15.el5.x86_64.rpm	SHA-256: 4bc5115e000abd8510e5cacba6f09edd6f5e344168381dc1c13c5a8683ec7e0b
hplip3-libs-3.9.8-15.el5.x86_64.rpm	SHA-256: 97e3ea963a06efa733f039b68bd835d701790c0ac22160308b8d83d2d12454f6
libsane-hpaio3-3.9.8-15.el5.x86_64.rpm	SHA-256: 3cecfef118a3a989407552685a425e3f6e16e529a573c2200fb9f060931e8c69
i386
hpijs3-3.9.8-15.el5.i386.rpm	SHA-256: a1a755bba75d7a59876c1249eaacaf6eeec8dd277f4fe76f25f5739345b5bee5
hplip3-3.9.8-15.el5.i386.rpm	SHA-256: c8136c0fa5ea54d38d53aae3c02bcb671baeba07ee452e790c8239061d1ae65e
hplip3-common-3.9.8-15.el5.i386.rpm	SHA-256: f86cdac6f8bdc5f6085a51da8dca9afbef5fc6999fd7347f282cb405b63501d4
hplip3-debuginfo-3.9.8-15.el5.i386.rpm	SHA-256: fe2eb0285b2b10fb34b3c54e1548b6addb9c2894bda1c01ada8c36756173f8b7
hplip3-gui-3.9.8-15.el5.i386.rpm	SHA-256: f671dd1c6beb59feec59ea9badd6496c86751dece1a6f5200b8d4be9b7115c6c
hplip3-libs-3.9.8-15.el5.i386.rpm	SHA-256: 006b85f902953c70f29b0b230b8cecd8d2bd6ec10cb651d23fa7a56592ac00fd
libsane-hpaio3-3.9.8-15.el5.i386.rpm	SHA-256: ecde01653d49058c573e8b327b7b2ba50842fc10991adb2dac4becc26f5efd33

Red Hat Enterprise Linux Desktop 5

SRPM
hplip3-3.9.8-15.el5.src.rpm	SHA-256: 678df971702fee5568b24bee66dcb7b7dc9f9408a42f18a04ed1183eaf1b771c
x86_64
hpijs3-3.9.8-15.el5.x86_64.rpm	SHA-256: 5ee7c959014fd1590f1f509c5bd808d91026ac3cbe8765a05e0c59d548fd731e
hplip3-3.9.8-15.el5.x86_64.rpm	SHA-256: 193941204c02139bae99ee207696dfc2f17d5d6c324148cc830cd31e4c02590d
hplip3-common-3.9.8-15.el5.x86_64.rpm	SHA-256: 6914ba1a02c87a7c5b94173f3e05badf93fe4af72f4c9b7870df65f04c9c96aa
hplip3-debuginfo-3.9.8-15.el5.x86_64.rpm	SHA-256: 393ad9d93b435acd3cc63b603c0c6167d257b8885d2edcbfad0d9c536ad00af1
hplip3-gui-3.9.8-15.el5.x86_64.rpm	SHA-256: 4bc5115e000abd8510e5cacba6f09edd6f5e344168381dc1c13c5a8683ec7e0b
hplip3-libs-3.9.8-15.el5.x86_64.rpm	SHA-256: 97e3ea963a06efa733f039b68bd835d701790c0ac22160308b8d83d2d12454f6
libsane-hpaio3-3.9.8-15.el5.x86_64.rpm	SHA-256: 3cecfef118a3a989407552685a425e3f6e16e529a573c2200fb9f060931e8c69
i386
hpijs3-3.9.8-15.el5.i386.rpm	SHA-256: a1a755bba75d7a59876c1249eaacaf6eeec8dd277f4fe76f25f5739345b5bee5
hplip3-3.9.8-15.el5.i386.rpm	SHA-256: c8136c0fa5ea54d38d53aae3c02bcb671baeba07ee452e790c8239061d1ae65e
hplip3-common-3.9.8-15.el5.i386.rpm	SHA-256: f86cdac6f8bdc5f6085a51da8dca9afbef5fc6999fd7347f282cb405b63501d4
hplip3-debuginfo-3.9.8-15.el5.i386.rpm	SHA-256: fe2eb0285b2b10fb34b3c54e1548b6addb9c2894bda1c01ada8c36756173f8b7
hplip3-gui-3.9.8-15.el5.i386.rpm	SHA-256: f671dd1c6beb59feec59ea9badd6496c86751dece1a6f5200b8d4be9b7115c6c
hplip3-libs-3.9.8-15.el5.i386.rpm	SHA-256: 006b85f902953c70f29b0b230b8cecd8d2bd6ec10cb651d23fa7a56592ac00fd
libsane-hpaio3-3.9.8-15.el5.i386.rpm	SHA-256: ecde01653d49058c573e8b327b7b2ba50842fc10991adb2dac4becc26f5efd33

Red Hat Enterprise Linux for Power, big endian 5

SRPM
hplip3-3.9.8-15.el5.src.rpm	SHA-256: 678df971702fee5568b24bee66dcb7b7dc9f9408a42f18a04ed1183eaf1b771c
ppc
hpijs3-3.9.8-15.el5.ppc.rpm	SHA-256: 544f4715115b22f7ab17fe562bf9a27ff67b0893740ac6ab6f2858fbd8c185f6
hplip3-3.9.8-15.el5.ppc.rpm	SHA-256: 5ae23aa2f5253eb52acf54d9a95a968f7ce4212addbea49bd6d2c24d9a490744
hplip3-common-3.9.8-15.el5.ppc.rpm	SHA-256: 8e443b151fc6a3c712f8e4e3cf9e61e86cb6ca6a3f8c91213f7121114c29bcb7
hplip3-debuginfo-3.9.8-15.el5.ppc.rpm	SHA-256: 28f89a2d161523744cdd985496026ad6c35ce3d515870d6d5bc6fb3e5658beb1
hplip3-gui-3.9.8-15.el5.ppc.rpm	SHA-256: fccee1c5b2d63ee84ef05a76b9bc609f7c1a0e79ac42a6af476c7d66ef31829b
hplip3-libs-3.9.8-15.el5.ppc.rpm	SHA-256: 1abf8f10d69e402366a97ab0c33cd4e5c3c8ec6fe4d134d1f8940374cd6a0a36
libsane-hpaio3-3.9.8-15.el5.ppc.rpm	SHA-256: 69d807c6cabad0d55ce52eaa90d739a9499eb2befa557da4855c04e4700b7389

Red Hat Enterprise Linux Server from RHUI 5

SRPM
hplip3-3.9.8-15.el5.src.rpm	SHA-256: 678df971702fee5568b24bee66dcb7b7dc9f9408a42f18a04ed1183eaf1b771c
x86_64
hpijs3-3.9.8-15.el5.x86_64.rpm	SHA-256: 5ee7c959014fd1590f1f509c5bd808d91026ac3cbe8765a05e0c59d548fd731e
hplip3-3.9.8-15.el5.x86_64.rpm	SHA-256: 193941204c02139bae99ee207696dfc2f17d5d6c324148cc830cd31e4c02590d
hplip3-common-3.9.8-15.el5.x86_64.rpm	SHA-256: 6914ba1a02c87a7c5b94173f3e05badf93fe4af72f4c9b7870df65f04c9c96aa
hplip3-debuginfo-3.9.8-15.el5.x86_64.rpm	SHA-256: 393ad9d93b435acd3cc63b603c0c6167d257b8885d2edcbfad0d9c536ad00af1
hplip3-gui-3.9.8-15.el5.x86_64.rpm	SHA-256: 4bc5115e000abd8510e5cacba6f09edd6f5e344168381dc1c13c5a8683ec7e0b
hplip3-libs-3.9.8-15.el5.x86_64.rpm	SHA-256: 97e3ea963a06efa733f039b68bd835d701790c0ac22160308b8d83d2d12454f6
libsane-hpaio3-3.9.8-15.el5.x86_64.rpm	SHA-256: 3cecfef118a3a989407552685a425e3f6e16e529a573c2200fb9f060931e8c69
i386
hpijs3-3.9.8-15.el5.i386.rpm	SHA-256: a1a755bba75d7a59876c1249eaacaf6eeec8dd277f4fe76f25f5739345b5bee5
hplip3-3.9.8-15.el5.i386.rpm	SHA-256: c8136c0fa5ea54d38d53aae3c02bcb671baeba07ee452e790c8239061d1ae65e
hplip3-common-3.9.8-15.el5.i386.rpm	SHA-256: f86cdac6f8bdc5f6085a51da8dca9afbef5fc6999fd7347f282cb405b63501d4
hplip3-debuginfo-3.9.8-15.el5.i386.rpm	SHA-256: fe2eb0285b2b10fb34b3c54e1548b6addb9c2894bda1c01ada8c36756173f8b7
hplip3-gui-3.9.8-15.el5.i386.rpm	SHA-256: f671dd1c6beb59feec59ea9badd6496c86751dece1a6f5200b8d4be9b7115c6c
hplip3-libs-3.9.8-15.el5.i386.rpm	SHA-256: 006b85f902953c70f29b0b230b8cecd8d2bd6ec10cb651d23fa7a56592ac00fd
libsane-hpaio3-3.9.8-15.el5.i386.rpm	SHA-256: ecde01653d49058c573e8b327b7b2ba50842fc10991adb2dac4becc26f5efd33

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation