Users will have to upgrade their systems

Aug 4, 2015 20:52 GMT  ·  By

A HPLIP vulnerability has been identified and corrected in Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.

HPLIP stands for HP Linux Printing and Imaging System, so it's not exactly a core component. Nevertheless, it looks like HPLIP could have been tricked into downloading a different GPG key when performing printer plugin installations.

"Enrico Zini discovered that HPLIP used a short GPG key ID when downloading keys from the keyserver. An attacker could possibly use this to return a different key with a duplicate short key id and perform a man-in-the-middle attack on printer plugin installations," said the maintainers in the security notification.

For a more detailed description of the issues, you can check out Canonical's security notification. Users should upgrade their Linux distribution in order to correct this issue. The vulnerability can be fixed if you upgrade your system(s) to the latest hplip-data package specific to each distribution. To apply the patch, users can simply run the Update Manager application.

If you don't want to use the Software Updater, you can open a terminal and enter the following commands (you will need to be root):

code
sudo apt-get update
sudo apt-get dist-upgrade