Bug 2924 - [UPDATE REQUEST] [UPSTREAM UPDATE] hplip
: [UPDATE REQUEST] [UPSTREAM UPDATE] hplip
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-18 14:44 MSD by Andrew Lukoshko
Modified: 2013-11-19 12:24 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2013-10-18 14:44:45 MSD
HPLIP communicated with PolicyKit for authorization via a D-Bus API that is
vulnerable to a race condition. This could lead to intended PolicyKit
authorizations being bypassed. This update modifies HPLIP to communicate
with PolicyKit via a different API that is not vulnerable to the race
condition. (CVE-2013-4325)

http://rhn.redhat.com/errata/RHSA-2013-1274.html

https://abf.rosalinux.ru/build_lists/1335782
https://abf.rosalinux.ru/build_lists/1335783
Comment 1 Vladimir Potapov 2013-10-25 10:06:46 MSD
Page not found
Comment 3 Vladimir Potapov 2013-11-16 12:08:03 MSK
hplip-3.12.4-4.res6.1
********************** RHEL Advisory **************************
HPLIP communicated with PolicyKit for authorization via a D-Bus API that is
vulnerable to a race condition. This could lead to intended PolicyKit
authorizations being bypassed. This update modifies HPLIP to communicate
with PolicyKit via a different API that is not vulnerable to the race
condition. (CVE-2013-4325)
***************************************************************
QA Verified