1.51. hplip

Updated hplip packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for Hewlett-Packard printers and multifunction peripherals, and tools for installing, using, and configuring them.

A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially-crafted SNMP responses, it could cause those HPLIP tools to crash or, possibly, execute arbitrary code with the privileges of the user running them. (CVE-2010-4267)

Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.

Users of hplip should upgrade to these updated packages, which contain a backported patch to correct this issue.