Mandriva Linux Security Advisory : hplip (MDVSA-2008:169)
High Nessus Plugin ID 36743
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMarc Schoenefeld of the Red Hat Security Response Team discovered a vulnerability in the hplip alert-mailing functionality that could allow a local attacker to elevate their privileges by using specially crafted packets to trigger alert mails that are sent by the root account (CVE-2008-2940).
Another vulnerability was discovered by Marc Schoenefeld in the hpssd message parser that could allow a local attacker to stop the hpssd process by sending specially-craftd packets, causing a denial of service (CVE-2008-2941).
The updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.