RedHat Update For Hplip RHSA-2013:1274-01 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project (HPLIP), which provides drivers for Hewlett-Packard printers and multi-function peripherals. HPLIP communicated with PolicyKit for authorization via a D-Bus API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies HPLIP to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4325) All users of hplip are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Affected

hplip on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6)

References

https://www.redhat.com/archives/rhsa-announce/2013-September/msg00033.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4325
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

RedHat Update for hplip RHSA-2013:1274-01

Take action and discover your vulnerabilities