{"id":"MGASA-2014-0033","summary":"Updated hplip package fixes security vulnerabilities","details":"It was discovered that the HPLIP Polkit daemon incorrectly handled\ntemporary files. A local attacker could possibly use this issue to\noverwrite arbitrary files. (CVE-2013-6402)\n\nIt was discovered that HPLIP contained an upgrade tool that would download\ncode in an unsafe fashion. If a remote attacker were able to perform a\nman-in-the-middle attack, this flaw could be exploited to execute arbitrary\ncode. (CVE-2013-6427)\n\nAdditionnally, this update should fix issues regarding wireless connection\nto printer hplip after 3.12.9 and prior to version 3.12.11 had issues with \nsetting up wireless connection to printers due to internal code changes\nwhich had not been applied consistently.\n","modified":"2026-04-16T01:45:48.290632179Z","published":"2014-02-05T15:27:44Z","upstream":["CVE-2013-6402","CVE-2013-6427"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0033.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11809"},{"type":"REPORT","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725876"},{"type":"REPORT","url":"https://bugs.launchpad.net/hplip/+bug/1048754"}],"affected":[{"package":{"name":"hplip","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/hplip?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.9-6.3.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0033.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}