CentOS Update For Hpijs CESA-2013:1274 Centos6 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project (HPLIP), which provides drivers for Hewlett-Packard printers and multi-function peripherals. HPLIP communicated with PolicyKit for authorization via a D-Bus API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies HPLIP to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4325) All users of hplip are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Affected

hpijs on CentOS 6

References

http://lists.centos.org/pipermail/centos-announce/2013-September/019947.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4325
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CentOS Security Advisory CESA-2009:0295 (net-snmp)
CentOS Security Advisory CESA-2009:1140 (ruby)
CentOS Security Advisory CESA-2009:1123 (gstreamer-plugins-good)
CentOS Security Advisory CESA-2009:1451 (freeradius)
CentOS Security Advisory CESA-2009:0010 (squirrelmail)

CentOS Update for hpijs CESA-2013:1274 centos6

Take action and discover your vulnerabilities