Upstream information

CVE-2013-6427 at MITRE

Description

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 852368 [RESOLVED / FIXED], 853405 [RESOLVED / FIXED], 900460 [RESOLVED], 933191 [CONFIRMED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • hplip >= 3.14.6-3.14
  • hplip-hpijs >= 3.14.6-3.14
  • hplip-sane >= 3.14.6-3.14
Patchnames:
SUSE Linux Enterprise Desktop 12 GA hplip
SUSE Linux Enterprise Desktop 12 SP1
  • hplip >= 3.14.6-3.14
  • hplip-hpijs >= 3.14.6-3.14
  • hplip-sane >= 3.14.6-3.14
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA hplip
SUSE Linux Enterprise Desktop 12 SP2
  • hplip >= 3.14.6-3.14
  • hplip-hpijs >= 3.14.6-3.14
  • hplip-sane >= 3.14.6-3.14
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA hplip
SUSE Linux Enterprise Desktop 12 SP3
  • hplip >= 3.16.11-1.33
  • hplip-hpijs >= 3.16.11-1.33
  • hplip-sane >= 3.16.11-1.33
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA hplip
SUSE Linux Enterprise Module for Basesystem 15
  • hplip-devel >= 3.17.9-3.38
  • hplip-hpijs >= 3.17.9-3.38
  • hplip-sane >= 3.17.9-3.38
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA hplip-devel
SUSE Linux Enterprise Module for Desktop Applications 15
  • hplip >= 3.17.9-3.38
Patchnames:
SUSE Linux Enterprise Module for Desktop Applications 15 GA hplip
SUSE Linux Enterprise Server 12
  • hplip >= 3.14.6-3.5
  • hplip-hpijs >= 3.14.6-3.5
  • hplip-sane >= 3.14.6-3.5
Patchnames:
SUSE Linux Enterprise Server 12 GA hplip
SUSE Linux Enterprise Server 12 SP1
  • hplip >= 3.14.6-3.14
  • hplip-hpijs >= 3.14.6-3.14
  • hplip-sane >= 3.14.6-3.14
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA hplip
SUSE Linux Enterprise Server 12 SP2
  • hplip >= 3.14.6-3.5
  • hplip-hpijs >= 3.14.6-3.5
  • hplip-sane >= 3.14.6-3.5
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA hplip
SUSE Linux Enterprise Server 12 SP3
  • hplip >= 3.16.11-1.33
  • hplip-hpijs >= 3.16.11-1.33
  • hplip-sane >= 3.16.11-1.33
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA hplip
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • hplip >= 3.14.6-3.5
  • hplip-hpijs >= 3.14.6-3.5
  • hplip-sane >= 3.14.6-3.5
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA hplip
SUSE Linux Enterprise Software Development Kit 12
  • hplip-devel >= 3.14.6-3.14
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA hplip-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • hplip-devel >= 3.14.6-3.14
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA hplip-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • hplip-devel >= 3.14.6-3.5
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA hplip-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • hplip-devel >= 3.16.11-1.33
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA hplip-devel
openSUSE 12.3
  • hplip >= 3.12.11-2.9.2
  • hplip-debuginfo >= 3.12.11-2.9.2
  • hplip-debugsource >= 3.12.11-2.9.2
  • hplip-hpijs >= 3.12.11-2.9.2
  • hplip-hpijs-debuginfo >= 3.12.11-2.9.2
  • hplip-sane >= 3.12.11-2.9.2
  • hplip-sane-debuginfo >= 3.12.11-2.9.2
Patchnames:
openSUSE-2014-80
openSUSE 13.1
  • hplip >= 3.13.10-4.2
  • hplip-debuginfo >= 3.13.10-4.2
  • hplip-debugsource >= 3.13.10-4.2
  • hplip-hpijs >= 3.13.10-4.2
  • hplip-hpijs-debuginfo >= 3.13.10-4.2
  • hplip-sane >= 3.13.10-4.2
  • hplip-sane-debuginfo >= 3.13.10-4.2
Patchnames:
openSUSE-2014-80
openSUSE Leap 15.0
  • hplip-hpijs >= 3.17.9-lp150.3.2
Patchnames:
openSUSE Leap 15.0 GA hplip-hpijs
openSUSE Leap 42.1
  • hplip >= 3.14.6-3.10
  • hplip-hpijs >= 3.14.6-3.10
  • hplip-sane >= 3.14.6-3.10
Patchnames:
openSUSE Leap 42.1 GA hplip
openSUSE Leap 42.2
  • hplip >= 3.16.5-1.5
  • hplip-hpijs >= 3.16.5-1.5
  • hplip-sane >= 3.16.5-1.5
Patchnames:
openSUSE Leap 42.2 GA hplip
openSUSE Leap 42.3
  • hplip >= 3.16.11-1.3
  • hplip-hpijs >= 3.16.11-1.3
  • hplip-sane >= 3.16.11-1.3
Patchnames:
openSUSE Leap 42.3 GA hplip
openSUSE Tumbleweed
  • hplip >= 3.16.10-1.1
  • hplip-devel >= 3.16.10-1.1
  • hplip-hpijs >= 3.16.10-1.1
  • hplip-sane >= 3.16.10-1.1
Patchnames:
openSUSE Tumbleweed GA hplip