Oval Definition:oval:com.redhat.rhsa:def:20131274
Revision Date:2013-09-19Version:637
Title:RHSA-2013:1274: hplip security update (Important)
Description:The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project (HPLIP), which provides drivers for Hewlett-Packard printers and multi-function peripherals.

  • HPLIP communicated with PolicyKit for authorization via a D-Bus API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies HPLIP to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4325)

    All users of hplip are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2013-4325
    CVE-2013-4325
    RHSA-2013:1274
    RHSA-2013:1274-00
    RHSA-2013:1274-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • hpijs is earlier than 1:3.12.4-4.el6_4.1
  • AND hpijs is signed with Red Hat redhatrelease2 key
  • hplip is earlier than 0:3.12.4-4.el6_4.1
  • AND hplip is signed with Red Hat redhatrelease2 key
  • hplip-common is earlier than 0:3.12.4-4.el6_4.1
  • AND hplip-common is signed with Red Hat redhatrelease2 key
  • hplip-gui is earlier than 0:3.12.4-4.el6_4.1
  • AND hplip-gui is signed with Red Hat redhatrelease2 key
  • hplip-libs is earlier than 0:3.12.4-4.el6_4.1
  • AND hplip-libs is signed with Red Hat redhatrelease2 key
  • libsane-hpaio is earlier than 0:3.12.4-4.el6_4.1
  • AND libsane-hpaio is signed with Red Hat redhatrelease2 key
    • BACK