Advisories ยป MGASA-2015-0336

Updated hplip packages fix CVE-2015-0839

Publication date: 08 Sep 2015
Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-0839

Description

Updated hplip packages fix security vulnerability:

It was reported that the hp-plugin utility, included in the hplip package,
downloads a binary driver and verifies it via a key specified by the key's
short ID. A man-in-the-middle attacker could use this flaw to generate a key
with the expected short ID and trick a user into downloading a malicious
binary (CVE-2015-0839).
                

References

SRPMS

4/core

5/core