hplip-3.16.10-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10083-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z hplip-3.16.10-1.1 on GA media These are all security issues fixed in the hplip-3.16.10-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10083 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2004-0801/ SUSE CVE CVE-2004-0801 page https://www.suse.com/security/cve/CVE-2010-4267/ SUSE CVE CVE-2010-4267 page https://www.suse.com/security/cve/CVE-2011-2697/ SUSE CVE CVE-2011-2697 page https://www.suse.com/security/cve/CVE-2011-2722/ SUSE CVE CVE-2011-2722 page https://www.suse.com/security/cve/CVE-2013-4325/ SUSE CVE CVE-2013-4325 page https://www.suse.com/security/cve/CVE-2013-6402/ SUSE CVE CVE-2013-6402 page https://www.suse.com/security/cve/CVE-2013-6427/ SUSE CVE CVE-2013-6427 page https://www.suse.com/security/cve/CVE-2015-0839/ SUSE CVE CVE-2015-0839 page openSUSE Tumbleweed hplip-3.16.10-1.1 hplip-devel-3.16.10-1.1 hplip-hpijs-3.16.10-1.1 hplip-sane-3.16.10-1.1 hplip-3.16.10-1.1 as a component of openSUSE Tumbleweed hplip-devel-3.16.10-1.1 as a component of openSUSE Tumbleweed hplip-hpijs-3.16.10-1.1 as a component of openSUSE Tumbleweed hplip-sane-3.16.10-1.1 as a component of openSUSE Tumbleweed Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands. CVE-2004-0801 openSUSE Tumbleweed:hplip-3.16.10-1.1 openSUSE Tumbleweed:hplip-devel-3.16.10-1.1 openSUSE Tumbleweed:hplip-hpijs-3.16.10-1.1 openSUSE Tumbleweed:hplip-sane-3.16.10-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2004-0801.html CVE-2004-0801 https://bugzilla.suse.com/59233 SUSE Bug 59233 https://bugzilla.suse.com/698451 SUSE Bug 698451 https://bugzilla.suse.com/704608 SUSE Bug 704608 https://bugzilla.suse.com/852368 SUSE Bug 852368 https://bugzilla.suse.com/957531 SUSE Bug 957531 Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value. CVE-2010-4267 openSUSE Tumbleweed:hplip-3.16.10-1.1 openSUSE Tumbleweed:hplip-devel-3.16.10-1.1 openSUSE Tumbleweed:hplip-hpijs-3.16.10-1.1 openSUSE Tumbleweed:hplip-sane-3.16.10-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4267.html CVE-2010-4267 https://bugzilla.suse.com/336658 SUSE Bug 336658 https://bugzilla.suse.com/808355 SUSE Bug 808355 foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file. CVE-2011-2697 openSUSE Tumbleweed:hplip-3.16.10-1.1 openSUSE Tumbleweed:hplip-devel-3.16.10-1.1 openSUSE Tumbleweed:hplip-hpijs-3.16.10-1.1 openSUSE Tumbleweed:hplip-sane-3.16.10-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2697.html CVE-2011-2697 https://bugzilla.suse.com/59233 SUSE Bug 59233 https://bugzilla.suse.com/698451 SUSE Bug 698451 https://bugzilla.suse.com/704608 SUSE Bug 704608 https://bugzilla.suse.com/852368 SUSE Bug 852368 https://bugzilla.suse.com/957531 SUSE Bug 957531 The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file. CVE-2011-2722 openSUSE Tumbleweed:hplip-3.16.10-1.1 openSUSE Tumbleweed:hplip-devel-3.16.10-1.1 openSUSE Tumbleweed:hplip-hpijs-3.16.10-1.1 openSUSE Tumbleweed:hplip-sane-3.16.10-1.1 moderate 1.2 AV:L/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2722.html CVE-2011-2722 https://bugzilla.suse.com/59233 SUSE Bug 59233 https://bugzilla.suse.com/698451 SUSE Bug 698451 https://bugzilla.suse.com/704608 SUSE Bug 704608 https://bugzilla.suse.com/713717 SUSE Bug 713717 https://bugzilla.suse.com/808355 SUSE Bug 808355 The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process. CVE-2013-4325 openSUSE Tumbleweed:hplip-3.16.10-1.1 openSUSE Tumbleweed:hplip-devel-3.16.10-1.1 openSUSE Tumbleweed:hplip-hpijs-3.16.10-1.1 openSUSE Tumbleweed:hplip-sane-3.16.10-1.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4325.html CVE-2013-4325 https://bugzilla.suse.com/808355 SUSE Bug 808355 https://bugzilla.suse.com/836931 SUSE Bug 836931 https://bugzilla.suse.com/836932 SUSE Bug 836932 https://bugzilla.suse.com/836937 SUSE Bug 836937 https://bugzilla.suse.com/852368 SUSE Bug 852368 https://bugzilla.suse.com/864716 SUSE Bug 864716 base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. CVE-2013-6402 openSUSE Tumbleweed:hplip-3.16.10-1.1 openSUSE Tumbleweed:hplip-devel-3.16.10-1.1 openSUSE Tumbleweed:hplip-hpijs-3.16.10-1.1 openSUSE Tumbleweed:hplip-sane-3.16.10-1.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6402.html CVE-2013-6402 https://bugzilla.suse.com/852368 SUSE Bug 852368 upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream. CVE-2013-6427 openSUSE Tumbleweed:hplip-3.16.10-1.1 openSUSE Tumbleweed:hplip-devel-3.16.10-1.1 openSUSE Tumbleweed:hplip-hpijs-3.16.10-1.1 openSUSE Tumbleweed:hplip-sane-3.16.10-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6427.html CVE-2013-6427 https://bugzilla.suse.com/852368 SUSE Bug 852368 https://bugzilla.suse.com/853405 SUSE Bug 853405 https://bugzilla.suse.com/900460 SUSE Bug 900460 https://bugzilla.suse.com/933191 SUSE Bug 933191 The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads. CVE-2015-0839 openSUSE Tumbleweed:hplip-3.16.10-1.1 openSUSE Tumbleweed:hplip-devel-3.16.10-1.1 openSUSE Tumbleweed:hplip-hpijs-3.16.10-1.1 openSUSE Tumbleweed:hplip-sane-3.16.10-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0839.html CVE-2015-0839 https://bugzilla.suse.com/933191 SUSE Bug 933191