Upstream information

CVE-2013-6427 at MITRE

Description

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.82
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

This issue is currently rated as having moderate severity.

SUSE Bugzilla entries: 852368 [RESOLVED / FIXED], 853405 [RESOLVED / FIXED], 900460 [RESOLVED / ], 933191 [CONFIRMED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • hplip >= 3.12.11-2.9.2
  • hplip-debuginfo >= 3.12.11-2.9.2
  • hplip-debugsource >= 3.12.11-2.9.2
  • hplip-hpijs >= 3.12.11-2.9.2
  • hplip-hpijs-debuginfo >= 3.12.11-2.9.2
  • hplip-sane >= 3.12.11-2.9.2
  • hplip-sane-debuginfo >= 3.12.11-2.9.2
Patchnames:
openSUSE-2014-80
openSUSE 13.1
  • hplip >= 3.13.10-4.2
  • hplip-debuginfo >= 3.13.10-4.2
  • hplip-debugsource >= 3.13.10-4.2
  • hplip-hpijs >= 3.13.10-4.2
  • hplip-hpijs-debuginfo >= 3.13.10-4.2
  • hplip-sane >= 3.13.10-4.2
  • hplip-sane-debuginfo >= 3.13.10-4.2
Patchnames:
openSUSE-2014-80


The following information is the current evaluation information for this security issue. It might neither be accurate nor complete, Use at own risk.
Package/Codestreams planned to be updated:
hplip: SLES-11-SP3,SLES-for-VMware-11-SP3,SLED-11-SP3,SLED-11-SP4,SLES-11-SP4,SLES-12,SLED-12,sle-sdk-12