Updated hplip package fixes security vulnerabilitiesPublication date: 05 Feb 2014
Affected Mageia releases : 3
CVE: CVE-2013-6402 , CVE-2013-6427
It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. (CVE-2013-6402) It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code. (CVE-2013-6427) Additionnally, this update should fix issues regarding wireless connection to printer hplip after 3.12.9 and prior to version 3.12.11 had issues with setting up wireless connection to printers due to internal code changes which had not been applied consistently.