Mandriva Linux Security Advisory : hplip (MDVSA-2014:023)
Medium Nessus Plugin ID 72135
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated hplip packages fix security vulnerabilities :
It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files (CVE-2013-6402).
It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code (CVE-2013-6427).
SolutionUpdate the affected packages.