CentOS Update For Hpijs CESA-2013:1274 Centos6 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project (HPLIP), which provides drivers for Hewlett-Packard printers and multi-function peripherals. HPLIP communicated with PolicyKit for authorization via a D-Bus API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies HPLIP to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4325) All users of hplip are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Affected

hpijs on CentOS 6

References

http://lists.centos.org/pipermail/centos-announce/2013-September/019947.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4325

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1278 (lftp)
CentOS Security Advisory CESA-2009:0004 (openssl)
CentOS Security Advisory CESA-2009:1179 (bind)
CentOS Security Advisory CESA-2009:1463 (newt)
CentOS Update for apr CESA-2011:0844 centos4 i386

CentOS Update for hpijs CESA-2013:1274 centos6

Take action and discover your vulnerabilities