From the Red Hat bug at URL: Sebastian Krahmer reported a flaw in how hplip discovered SNMP devices. If certain hplip commands were run that queried SNMP devices, and a malicious user were able to send crafted SNMP responses, it could cause the running hplip tool to crash or, possibly, execute arbitrary code with the privileges of the user running the tool. Acknowledgements: Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. <-- Secunia is reporting (http://secunia.com/advisories/42956/) that this affects 3.10.9 as well. There is a patch at https://bugzilla.redhat.com/attachment.cgi?id=468455.
+*hplip-3.10.9-r1 (20 Jan 2011) + + 20 Jan 2011; Daniel Pielmeier <billie@gentoo.org> +hplip-3.10.9-r1.ebuild, + +files/hplip-3.10.9-cve-2010-4267.patch: + Revision bump to fix security bug #352085. I have added a new revision including the patch from Red Hat.
(In reply to comment #1) > > I have added a new revision including the patch from Red Hat. > Great, thank you. Arches, please test and mark stable: =net-print/hplip-3.10.9-r1 Target keywords : "amd64 ppc ppc64 x86"
amd64 done
ppc/ppc64 stable
CVE-2010-4267 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4267): Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.
x86 stable, last one so update the whiteboard
Thanks, everyone. GLSA request filed.
Thanks guys. No vulnerable version left in the tree. Nothing left to do for printing.
This issue was resolved and addressed in GLSA 201203-17 at http://security.gentoo.org/glsa/glsa-201203-17.xml by GLSA coordinator Sean Amoss (ackle).