==Description== hpssd allows unprivileged local users to trigger alert mails by sending specially crafted packets
Created attachment 312878 [details] hplip-validate-uri.patch This is the first of two patches to address this problem. This patch performs validation on the device URI when handling an 'event' message, and improves the validation code.
Created attachment 312880 [details] hplip-static-alerts-table.patch This is the second patch, which implements a static alerts table, stored in /etc/hp/alerts.conf. The 'setalerts' message now has no effect.
Lifting embargo
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0818.html