발행된 날짜:
2013-02-21
업데이트된 날짜:
2013-02-21

RHSA-2013:0500 - Security Advisory

요약

Low: hplip security, bug fix and enhancement update

유형/심각도

Security Advisory: Low

주제

Updated hplip packages that fix several security issues, multiple bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

설명

The hplip packages contain the Hewlett-Packard Linux Imaging and Printing
Project (HPLIP), which provides drivers for Hewlett-Packard printers and
multi-function peripherals.

Several temporary file handling flaws were found in HPLIP. A local attacker
could use these flaws to perform a symbolic link attack, overwriting
arbitrary files accessible to a process using HPLIP. (CVE-2013-0200,
CVE-2011-2722)

The CVE-2013-0200 issues were discovered by Tim Waugh of Red Hat.

The hplip packages have been upgraded to upstream version 3.12.4, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#731900)

This update also fixes the following bugs:

  • Previously, the hpijs package required the obsolete cupsddk-drivers
    package, which was provided by the cups package. Under certain
    circumstances, this dependency caused hpijs installation to fail. This
    bug has been fixed and hpijs no longer requires cupsddk-drivers.
    (BZ#829453)
  • The configuration of the Scanner Access Now Easy (SANE) back end is
    located in the /etc/sane.d/dll.d/ directory, however, the hp-check
    utility checked only the /etc/sane.d/dll.conf file. Consequently,
    hp-check checked for correct installation, but incorrectly reported a
    problem with the way the SANE back end was installed. With this update,
    hp-check properly checks for installation problems in both locations as
    expected. (BZ#683007)

All users of hplip are advised to upgrade to these updated packages, which
fix these issues and add these enhancements.

솔루션

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

영향을 받는 제품

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386

수정

  • BZ - 683007 - hpaio is in /etc/sane.d/dll.d/hpaio
  • BZ - 725830 - CVE-2011-2722 hplip: insecure temporary file handling
  • BZ - 731900 - Update hplip to newer version for increased hardware support.
  • BZ - 902163 - CVE-2013-0200 hplip: insecure temporary file handling flaws

CVE

참조

Red Hat Enterprise Linux Server 6

SRPM
hplip-3.12.4-4.el6.src.rpm SHA-256: ed83001fdf0cc432b2fa2d8de4540f643c1645ea599de3bfad3fea72cdab9d4d
x86_64
hpijs-3.12.4-4.el6.x86_64.rpm SHA-256: 05e92dacd03a478df3675bdfede66f2d78c47ce46967e6c3dab66e5f036abaa7
hplip-3.12.4-4.el6.x86_64.rpm SHA-256: eabd1e09263a8949e8dabcc6b22f9692eb30310483d1fc6a7b13fbe2d7840f8e
hplip-common-3.12.4-4.el6.x86_64.rpm SHA-256: ddbf6f9a0eb14c5c803063fc42cf05753e3c1eaa4cf942fdff6157d90839342c
hplip-debuginfo-3.12.4-4.el6.i686.rpm SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-debuginfo-3.12.4-4.el6.x86_64.rpm SHA-256: 57c7106e0fc36b175d2571d77d4ae5d4137089e5a52448ee6056afe5c3999165
hplip-gui-3.12.4-4.el6.x86_64.rpm SHA-256: 8b4169fba475325a0098c21d2cdaf20ce207c83d68c73e502e0740fd03f72bf5
hplip-libs-3.12.4-4.el6.i686.rpm SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
hplip-libs-3.12.4-4.el6.x86_64.rpm SHA-256: 41b768d7ea53b61e4770afad949703d9748926afb3037c834f6164d0ffabe83c
libsane-hpaio-3.12.4-4.el6.x86_64.rpm SHA-256: 01b9bb01b6b49e63c8744c93319bfff2ba1446defb42f766cdc3239ebfa9093b
i386
hpijs-3.12.4-4.el6.i686.rpm SHA-256: 476ac0e1adc2442620363f086bae5571f789b25db85d533f942bfa8889059695
hplip-3.12.4-4.el6.i686.rpm SHA-256: 4d7224fc2badac1bf8bf0c0d13c171900808826f1628a7207ffcfb49853eb92e
hplip-common-3.12.4-4.el6.i686.rpm SHA-256: 5a5fc01614137257f8cdd1beb5b9c80bf9d17dcbeda18ba3cf5dd502616702fe
hplip-debuginfo-3.12.4-4.el6.i686.rpm SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-gui-3.12.4-4.el6.i686.rpm SHA-256: bc0301c8c64c98e8f8769059dce1936f74ca673c00398121ca2196bb74cad64a
hplip-libs-3.12.4-4.el6.i686.rpm SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
libsane-hpaio-3.12.4-4.el6.i686.rpm SHA-256: f476cbd699c03b9705391023f6284143e850e26532f7e8f4f74a506ff7a6ab7a

Red Hat Enterprise Linux Workstation 6

SRPM
hplip-3.12.4-4.el6.src.rpm SHA-256: ed83001fdf0cc432b2fa2d8de4540f643c1645ea599de3bfad3fea72cdab9d4d
x86_64
hpijs-3.12.4-4.el6.x86_64.rpm SHA-256: 05e92dacd03a478df3675bdfede66f2d78c47ce46967e6c3dab66e5f036abaa7
hplip-3.12.4-4.el6.x86_64.rpm SHA-256: eabd1e09263a8949e8dabcc6b22f9692eb30310483d1fc6a7b13fbe2d7840f8e
hplip-common-3.12.4-4.el6.x86_64.rpm SHA-256: ddbf6f9a0eb14c5c803063fc42cf05753e3c1eaa4cf942fdff6157d90839342c
hplip-debuginfo-3.12.4-4.el6.i686.rpm SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-debuginfo-3.12.4-4.el6.x86_64.rpm SHA-256: 57c7106e0fc36b175d2571d77d4ae5d4137089e5a52448ee6056afe5c3999165
hplip-gui-3.12.4-4.el6.x86_64.rpm SHA-256: 8b4169fba475325a0098c21d2cdaf20ce207c83d68c73e502e0740fd03f72bf5
hplip-libs-3.12.4-4.el6.i686.rpm SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
hplip-libs-3.12.4-4.el6.x86_64.rpm SHA-256: 41b768d7ea53b61e4770afad949703d9748926afb3037c834f6164d0ffabe83c
libsane-hpaio-3.12.4-4.el6.x86_64.rpm SHA-256: 01b9bb01b6b49e63c8744c93319bfff2ba1446defb42f766cdc3239ebfa9093b
i386
hpijs-3.12.4-4.el6.i686.rpm SHA-256: 476ac0e1adc2442620363f086bae5571f789b25db85d533f942bfa8889059695
hplip-3.12.4-4.el6.i686.rpm SHA-256: 4d7224fc2badac1bf8bf0c0d13c171900808826f1628a7207ffcfb49853eb92e
hplip-common-3.12.4-4.el6.i686.rpm SHA-256: 5a5fc01614137257f8cdd1beb5b9c80bf9d17dcbeda18ba3cf5dd502616702fe
hplip-debuginfo-3.12.4-4.el6.i686.rpm SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-gui-3.12.4-4.el6.i686.rpm SHA-256: bc0301c8c64c98e8f8769059dce1936f74ca673c00398121ca2196bb74cad64a
hplip-libs-3.12.4-4.el6.i686.rpm SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
libsane-hpaio-3.12.4-4.el6.i686.rpm SHA-256: f476cbd699c03b9705391023f6284143e850e26532f7e8f4f74a506ff7a6ab7a

Red Hat Enterprise Linux Desktop 6

SRPM
hplip-3.12.4-4.el6.src.rpm SHA-256: ed83001fdf0cc432b2fa2d8de4540f643c1645ea599de3bfad3fea72cdab9d4d
x86_64
hpijs-3.12.4-4.el6.x86_64.rpm SHA-256: 05e92dacd03a478df3675bdfede66f2d78c47ce46967e6c3dab66e5f036abaa7
hplip-3.12.4-4.el6.x86_64.rpm SHA-256: eabd1e09263a8949e8dabcc6b22f9692eb30310483d1fc6a7b13fbe2d7840f8e
hplip-common-3.12.4-4.el6.x86_64.rpm SHA-256: ddbf6f9a0eb14c5c803063fc42cf05753e3c1eaa4cf942fdff6157d90839342c
hplip-debuginfo-3.12.4-4.el6.i686.rpm SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-debuginfo-3.12.4-4.el6.x86_64.rpm SHA-256: 57c7106e0fc36b175d2571d77d4ae5d4137089e5a52448ee6056afe5c3999165
hplip-gui-3.12.4-4.el6.x86_64.rpm SHA-256: 8b4169fba475325a0098c21d2cdaf20ce207c83d68c73e502e0740fd03f72bf5
hplip-libs-3.12.4-4.el6.i686.rpm SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
hplip-libs-3.12.4-4.el6.x86_64.rpm SHA-256: 41b768d7ea53b61e4770afad949703d9748926afb3037c834f6164d0ffabe83c
libsane-hpaio-3.12.4-4.el6.x86_64.rpm SHA-256: 01b9bb01b6b49e63c8744c93319bfff2ba1446defb42f766cdc3239ebfa9093b
i386
hpijs-3.12.4-4.el6.i686.rpm SHA-256: 476ac0e1adc2442620363f086bae5571f789b25db85d533f942bfa8889059695
hplip-3.12.4-4.el6.i686.rpm SHA-256: 4d7224fc2badac1bf8bf0c0d13c171900808826f1628a7207ffcfb49853eb92e
hplip-common-3.12.4-4.el6.i686.rpm SHA-256: 5a5fc01614137257f8cdd1beb5b9c80bf9d17dcbeda18ba3cf5dd502616702fe
hplip-debuginfo-3.12.4-4.el6.i686.rpm SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-gui-3.12.4-4.el6.i686.rpm SHA-256: bc0301c8c64c98e8f8769059dce1936f74ca673c00398121ca2196bb74cad64a
hplip-libs-3.12.4-4.el6.i686.rpm SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
libsane-hpaio-3.12.4-4.el6.i686.rpm SHA-256: f476cbd699c03b9705391023f6284143e850e26532f7e8f4f74a506ff7a6ab7a

Red Hat Enterprise Linux for Power, big endian 6

SRPM
hplip-3.12.4-4.el6.src.rpm SHA-256: ed83001fdf0cc432b2fa2d8de4540f643c1645ea599de3bfad3fea72cdab9d4d
ppc64
hpijs-3.12.4-4.el6.ppc64.rpm SHA-256: c97d7b44557b2b7d4b52b0080bd237178f6d2f300ab588948504c2915f818993
hplip-3.12.4-4.el6.ppc64.rpm SHA-256: f90064dfe6ae66e651440f318dc44e6f1f66f9a36b98f789b748e0a680d86d07
hplip-common-3.12.4-4.el6.ppc64.rpm SHA-256: 3ba2522c7263241daca41efb6f8dc78896a21fa120992189e13d44aada8c7aca
hplip-debuginfo-3.12.4-4.el6.ppc.rpm SHA-256: 8ed71e312bd397fc3a8c3adfb1ea60eedb0902fed8de1765192f2b0c55997793
hplip-debuginfo-3.12.4-4.el6.ppc64.rpm SHA-256: f0818b736afcb19eaa558f08e58305a31c92e1e59e7a6d60dcec31a9c844d594
hplip-gui-3.12.4-4.el6.ppc64.rpm SHA-256: f40eda9b0dabdc491466817a91d9b665edb7d9aab64efaf9178b5e5de1d7339b
hplip-libs-3.12.4-4.el6.ppc.rpm SHA-256: 8b0301215b33fa59d02ebc52596f834a18a574b9074d6f7b5f39a5ca0e52f014
hplip-libs-3.12.4-4.el6.ppc64.rpm SHA-256: 7a1ea54bb7a3310a94b874b8dc03d28d949f88b665c2af9b89600dcdf8665f4f
libsane-hpaio-3.12.4-4.el6.ppc64.rpm SHA-256: b6c4ee35eb66f73a450ff8cc495682aafe02cd53ce84e8aa98cc935e5c0ae5a4

Red Hat Enterprise Linux Server from RHUI 6

SRPM
hplip-3.12.4-4.el6.src.rpm SHA-256: ed83001fdf0cc432b2fa2d8de4540f643c1645ea599de3bfad3fea72cdab9d4d
x86_64
hpijs-3.12.4-4.el6.x86_64.rpm SHA-256: 05e92dacd03a478df3675bdfede66f2d78c47ce46967e6c3dab66e5f036abaa7
hplip-3.12.4-4.el6.x86_64.rpm SHA-256: eabd1e09263a8949e8dabcc6b22f9692eb30310483d1fc6a7b13fbe2d7840f8e
hplip-common-3.12.4-4.el6.x86_64.rpm SHA-256: ddbf6f9a0eb14c5c803063fc42cf05753e3c1eaa4cf942fdff6157d90839342c
hplip-debuginfo-3.12.4-4.el6.i686.rpm SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-debuginfo-3.12.4-4.el6.x86_64.rpm SHA-256: 57c7106e0fc36b175d2571d77d4ae5d4137089e5a52448ee6056afe5c3999165
hplip-gui-3.12.4-4.el6.x86_64.rpm SHA-256: 8b4169fba475325a0098c21d2cdaf20ce207c83d68c73e502e0740fd03f72bf5
hplip-libs-3.12.4-4.el6.i686.rpm SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
hplip-libs-3.12.4-4.el6.x86_64.rpm SHA-256: 41b768d7ea53b61e4770afad949703d9748926afb3037c834f6164d0ffabe83c
libsane-hpaio-3.12.4-4.el6.x86_64.rpm SHA-256: 01b9bb01b6b49e63c8744c93319bfff2ba1446defb42f766cdc3239ebfa9093b
i386
hpijs-3.12.4-4.el6.i686.rpm SHA-256: 476ac0e1adc2442620363f086bae5571f789b25db85d533f942bfa8889059695
hplip-3.12.4-4.el6.i686.rpm SHA-256: 4d7224fc2badac1bf8bf0c0d13c171900808826f1628a7207ffcfb49853eb92e
hplip-common-3.12.4-4.el6.i686.rpm SHA-256: 5a5fc01614137257f8cdd1beb5b9c80bf9d17dcbeda18ba3cf5dd502616702fe
hplip-debuginfo-3.12.4-4.el6.i686.rpm SHA-256: 47be042ac63c77c6d1972fd461c0c815bfd08222862e53db765e2907a591a071
hplip-gui-3.12.4-4.el6.i686.rpm SHA-256: bc0301c8c64c98e8f8769059dce1936f74ca673c00398121ca2196bb74cad64a
hplip-libs-3.12.4-4.el6.i686.rpm SHA-256: 50588b7ef4643e7db4ba1820e6f9d394683814e053578e407ad8e7d04272f508
libsane-hpaio-3.12.4-4.el6.i686.rpm SHA-256: f476cbd699c03b9705391023f6284143e850e26532f7e8f4f74a506ff7a6ab7a

Red Hat 제품 보안팀 연락처는 secalert@redhat.com입니다. https://access.redhat.com/security/team/contact/에 더 많은 연락처 정보가 있습니다.