Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 494080 - <net-print/hplip-3.14.10: Man-in-the-middle vulnerability, arbitrary code execution (CVE-2013-6427)
Summary: <net-print/hplip-3.14.10: Man-in-the-middle vulnerability, arbitrary code exe...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [noglsa]
Keywords:
Depends on: 497722
Blocks:
  Show dependency tree
 
Reported: 2013-12-12 18:45 UTC by GLSAMaker/CVETool Bot
Modified: 2016-03-22 09:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2013-12-12 18:45:09 UTC
CVE-2013-6427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6427):
  upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing
  (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which
  allows man-in-the-middle attackers to execute arbitrary code by gaining
  control over the client-server data stream.


@maintainers: okay to stable 3.11.1-r1? (We can hold off a bit to see if a fix for bug 492712 comes along)
Comment 1 Daniel Pielmeier gentoo-dev 2014-01-10 19:57:46 UTC
> @maintainers: okay to stable 3.11.1-r1? (We can hold off a bit to see if a
> fix for bug 492712 comes along)

3.11.1-r1 does not fix this issue, but I have committed 3.14.1 which should. Stabilization for 3.13.9 is currently in the works (bug #484474). I will close this one and open a new one for 3.14.1.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-03-22 09:48:20 UTC
Over 2 years old and package has been stabilized for quite some time.