From the Red Hat bug at URL:
Sebastian Krahmer reported a flaw in how hplip discovered SNMP devices. If
certain hplip commands were run that queried SNMP devices, and a malicious user
were able to send crafted SNMP responses, it could cause the running hplip tool
to crash or, possibly, execute arbitrary code with the privileges of the user
running the tool.
Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for
reporting this issue.
Secunia is reporting (http://secunia.com/advisories/42956/) that this affects 3.10.9 as well. There is a patch at https://bugzilla.redhat.com/attachment.cgi?id=468455.
+*hplip-3.10.9-r1 (20 Jan 2011)
+ 20 Jan 2011; Daniel Pielmeier <firstname.lastname@example.org> +hplip-3.10.9-r1.ebuild,
+ Revision bump to fix security bug #352085.
I have added a new revision including the patch from Red Hat.
(In reply to comment #1)
> I have added a new revision including the patch from Red Hat.
Great, thank you.
Arches, please test and mark stable:
Target keywords : "amd64 ppc ppc64 x86"
Stack-based buffer overflow in the hpmud_get_pml function in
io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP)
1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted SNMP response with a large length value.
x86 stable, last one so update the whiteboard
Thanks, everyone. GLSA request filed.
Thanks guys. No vulnerable version left in the tree.
Nothing left to do for printing.
This issue was resolved and addressed in
GLSA 201203-17 at http://security.gentoo.org/glsa/glsa-201203-17.xml
by GLSA coordinator Sean Amoss (ackle).