Updated hplip packages fix CVE-2015-0839
Publication date: 08 Sep 2015Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-0839
Description
Updated hplip packages fix security vulnerability: It was reported that the hp-plugin utility, included in the hplip package, downloads a binary driver and verifies it via a key specified by the key's short ID. A man-in-the-middle attacker could use this flaw to generate a key with the expected short ID and trick a user into downloading a malicious binary (CVE-2015-0839).
References
SRPMS
4/core
- hplip-3.13.9-4.1.mga4
5/core
- hplip-3.14.6-8.1.mga5