Security Information / 2011 / Security Information -- DSA-2152-1 hplip

Debian Security Advisory

DSA-2152-1 hplip -- buffer overflow

Date Reported:

27 Jan 2011

Affected Packages:

hplip

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 610960.
In Mitre's CVE dictionary: CVE-2010-4267.

More information:

Sebastian Krahmer discovered a buffer overflow in the SNMP discovery code of the HP Linux Printing and Imaging System, which could result in the execution of arbitrary code.

For the stable distribution (lenny), this problem has been fixed in version 2.8.6.b-4+lenny1.

For the testing distribution (squeeze), this problem has been fixed in version 3.10.6-2.

For the unstable distribution (sid), this problem has been fixed in version 3.10.6-2.

For the experimental distribution, this problem has been fixed in version 3.11.1-1.

We recommend that you upgrade your hplip packages.