Advisories » MGASA-2015-0336

Updated hplip packages fix CVE-2015-0839

Publication date: 08 Sep 2015
Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-0839

Description

Updated hplip packages fix security vulnerability:

It was reported that the hp-plugin utility, included in the hplip package,
downloads a binary driver and verifies it via a key specified by the key's
short ID. A man-in-the-middle attacker could use this flaw to generate a key
with the expected short ID and trick a user into downloading a malicious
binary (CVE-2015-0839).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16498
• https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0839

SRPMS

5/core

• hplip-3.14.6-8.1.mga5

4/core

• hplip-3.13.9-4.1.mga4