Bug#499842: marked as done (CVE-2008-2940/-2941: security issues in hplip)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 21 May 2010 17:48:14 +1000
with message-id <201005211748.16708.msp@debian.org>
and subject line Fwd: Bug#499842: CVE-2008-2940/-2941: security issues in hplip
has caused the Debian Bug report #499842,
regarding CVE-2008-2940/-2941: security issues in hplip
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
499842: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499842
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: CVE-2008-2940/-2941: security issues in hplip
• From: Stefan Fritsch <sf@sfritsch.de>
• Date: Tue, 23 Sep 2008 00:11:27 +0200
• Message-id: <200809230011.27690.sf@sfritsch.de>

Package: hplip
Version: 1.6.10-3
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for hplip.

CVE-2008-2940[0]:
| The alert-mailing implementation in HP Linux Imaging and Printing
| (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail
| messages from the root account via vectors related to the setalerts
| message, and lack of validation of the device URI associated with an
| event message.

CVE-2008-2941[1]:
| The hpssd message parser in hpssd.py in HP Linux Imaging and
| Printing (HPLIP) 1.6.7 allows local users to cause a denial of
| service (process stop) via a crafted packet, as demonstrated by
| sending "msg=0" to TCP port 2207.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2940
    http://security-tracker.debian.net/tracker/CVE-2008-2940
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2941
    http://security-tracker.debian.net/tracker/CVE-2008-2941

--- End Message ---

--- Begin Message ---

• To: 499842-done@bugs.debian.org
• Subject: Fwd: Bug#499842: CVE-2008-2940/-2941: security issues in hplip
• From: Mark Purcell <msp@debian.org>
• Date: Fri, 21 May 2010 17:48:14 +1000
• Message-id: <201005211748.16708.msp@debian.org>

Package: hplip
Version: 2.8.6-1

----------  Forwarded Message  ----------

Subject: Bug#499842: CVE-2008-2940/-2941: security issues in hplip
Date: Saturday 04 October 2008, 04:40:29
From: Stefan Fritsch <sf@sfritsch.de>
To: 499842@bugs.debian.org
CC: control@bugs.debian.org

fixed 499842 2.8.6-1
thanks

Both issues affect 1.6.10-3etch1 in etch.

Of the three patches, this one

https://bugzilla.redhat.com/attachment.cgi?id=312880

introduces a new config file /etc/hp/alerts.conf . I am not sure if 
this is good for a stable security update, but it may be ok if the 
feature is nearly never used. Maybe the maintainer could comment?


The code in lenny (2.8.6) is quite different. AFAICS, hpssd does not 
open any listening socket anymore so CVE-2008-2941 is not an issue. 
And the alert email code seems to be commented out, therefore 
CVE-2008-2940 is also an non-issue.





-----------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part.

--- End Message ---