Mailinglist Archive: opensuse (1108 mails)

< Previous Next >
Re: [opensuse] Fax vulnerability
On 2018-08-16 18:05, Marcus Meissner wrote:
Hi,

On Thu, Aug 16, 2018 at 11:34:16AM -0400, ken wrote:
It the past few days it's been announced that there is a vulnerability
in many "fax machines" (more accurately, all-in-one printers with fax
capabilities).  I've tracked down and downloaded a tarball, but have
found very little info about it. The contents of the tarball look like a
mix of a website and a python program with some C code and printer
drivers and other stuff thrown in.  Should I start wading through all
that, or will there be an update coming out from Suse?  I've got an HP
OfficeJet, if that plays a role.

We have not looked into it as it seemed specific to HP Printers.

What
https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/
describes seems to be vulnerabilities in HP printer implementation of libjpeg.

This is software we do not ship (its not opensource), so SUSE is not affected.

It appears to be a firmware patch for the printer itself. So, hplip
should not be affected.

<https://support.hp.com/us-en/document/c06097712>


Can the idea affect fax software, such as Hylafax? I don't know.

--
Cheers / Saludos,

Carlos E. R.
(from 42.3 x86_64 "Malachite" at Telcontar)

< Previous Next >
References