Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-674-2: HPLIP vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-674-2: HPLIP vulnerabilities
# 1  
Old 11-24-2008
USN-674-2: HPLIP vulnerabilities
Referenced CVEs:
CVE-2008-2940, CVE-2008-2941


Description:
===========================================================Ubuntu Security Notice USN-674-2 November 24, 2008hplip vulnerabilitiesCVE-2008-2940, CVE-2008-2941===========================================================A security issue affects the following Ubuntu releases:Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 7.10: hplip 2.7.7.dfsg.1-0ubuntu5.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:USN-674-1 provided packages to fix vulnerabilities in HPLIP. Due to aninternal archive problem, the updates for Ubuntu 7.10 would not installproperly. This update provides fixed packages for Ubuntu 7.10.We apologize for the inconvenience.Original advisory details: It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behaviour by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. (CVE-2008-2940) It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service. (CVE-2008-2941)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT MOJAVE

erb

ERB(1)							 Ruby Programmer's Reference Guide						    ERB(1)

NAME

     erb -- Ruby Templating

SYNOPSIS

     erb [--version] [-UPdnvx] [-E ext[:int]] [-S level] [-T mode] [-r library] [--] [file ...]

DESCRIPTION

     erb is a command line front-end for ERB library, which is an implementation of eRuby.

     ERB provides an easy to use but powerful templating system for Ruby.  Using ERB, actual Ruby code can be added to any plain text document for
     the purposes of generating document information details and/or flow control.

     erb is a part of Ruby.

OPTIONS

     --version	    Prints the version of erb.

     -E external[:internal]
     --encoding external[:internal]
		    Specifies the default value(s) for external encodings and internal encoding. Values should be separated with colon (:).

		    You can omit the one for internal encodings, then the value (Encoding.default_internal) will be nil.

     -P 	    Evaluates lines starting with % as Ruby code and removes the tailing EOLs.

     -S level	    Specifies the safe level in which eRuby script will run.

     -T mode	    Specifies trim mode (default 0).  mode can be one of

			  0	  EOL remains after the embedded ruby script is evaluated.

			  1	  EOL is removed if the line ends with %>.

			  2	  EOL is removed if the line starts with <% and ends with %>.

			  -	  EOL is removed if the line ends with -%>.  And leading whitespaces are removed if the erb directive starts with
				  <%-.

     -U 	    can be one of Sets the default value for internal encodings (Encoding.default_internal) to UTF-8.

     -d
     --debug	    Turns on debug mode.  $DEBUG will be set to true.

     -h
     --help	    Prints a summary of the options.

     -n 	    Used with -x.  Prepends the line number to each line in the output.

     -v 	    Enables verbose mode.  $VERBOSE will be set to true.

     -x 	    Converts the eRuby script into Ruby script and prints it without line numbers.

EXAMPLES

     Here is an eRuby script

	   <?xml version="1.0" ?>
	   <% require 'prime' -%>
	   <erb-example>
	     <calc><%= 1+1 %></calc>
	     <var><%= __FILE__ %></var>
	     <library><%= Prime.each(10).to_a.join(", ") %></library>
	   </erb-example>

     Command
	   % erb -T - example.erb
     prints

	   <?xml version="1.0" ?>
	   <erb-example>
	     <calc>2</calc>
	     <var>example.erb</var>
	     <library>2, 3, 5, 7</library>
	   </erb-example>

SEE ALSO

     ruby(1).

     And see ri(1) documentation for ERB class.

REPORTING BUGS

     o	 Security vulnerabilities should be reported via an email to security@ruby-lang.org.  Reported problems will be published after being
	 fixed.

     o	 Other bugs and feature requests can be reported via the Ruby Issue Tracking System (http://bugs.ruby-lang.org).  Do not report security
	 vulnerabilities via this system because it publishes the vulnerabilities immediately.

AUTHORS

     Written by Masatoshi SEKI.

UNIX
								 November 15, 2012							      UNIX