~ubuntu-branches/ubuntu/gutsy/hplip/gutsy-security

Viewing all changes in revision 40.

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2008-11-18 13:39:37 UTC
  • Revision ID: james.westby@ubuntu.com-20081118133937-hdzwtyh4z91yozp0
Tags: 2.7.7.dfsg.1-0ubuntu5.1
* SECURITY UPDATE: privilege escalation using the hplip alert-mailing
  functionality.
  - debian/patches/91_SECURITY_CVE-2008-2940.dpatch: fix handle_event()
    in hpssd.py to validate device-uri parameter and disable
    handle_setalerts(). This fix alters hplip behaviour by preventing
    users from setting alerts and by moving alert configuration to a
    root-controlled /etc/hp/alerts.conf file.
  - CVE-2008-2940
* SECURITY UPDATE: denial of service in hpssd message parser.
  - debian/patches/92_SECURITY_CVE-2008-2941.dpatch: fix handle_event()
    in hpssd.py to correctly validate parameters.
  - CVE-2008-2941

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: