Synopsis: Low: hplip3 security and bug fix update
Issue Date: 2013-01-08
CVE Numbers: CVE-2011-2722
It was found that the HP CUPS (Common UNIX Printing System) fax filter in HPLIP
created a temporary file in an insecure way. A local attacker could use this
flaw to perform a symbolic link attack, overwriting arbitrary files accessible
to a process using the fax filter (such as the hp3-sendfax tool).
This update also fixes the following bug:
* Previous modifications of the hplip3 package to allow it to be installed
alongside the original hplip package introduced several problems to fax
support; for example, the hp-sendfax utility could become unresponsive. These
problems have been fixed with this update.
– Scientific Linux Development Team