Matt Zimmerman

**Name of the Vulnerable Software and Affected Versions** HP Linux Imaging and Printing (HPLIP) versions 2.7.7 through 2.8.2 **Description** The issue allows local users to change the ownership of arbitrary files via manipulations before an HPLIP installation or upgrade by an administrator. This is related to the product's attempt to correct the ownership of its configuration files within home directories. **Recommendations** For HP Linux Imaging and Printing (HPLIP) versions 2.7.7 through 2.8.2, consider restricting access to the `hplip.postinst` script until a patch is available. As a temporary workaround, avoid running the HPLIP installation or upgrade as an administrator until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** netpbm versions 9.25 and earlier netpbm versions prior to 9.12-r4 **Description** The issue affects the netpbm package, allowing for potential disruption of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely or locally, depending on the specific vulnerability. The problem is related to the improper creation of temporary files, which can enable local users to overwrite arbitrary files. **Recommendations** For netpbm versions 9.25 and earlier, update to a version later than 9.25 to resolve the issue. For netpbm versions prior to 9.12-r4, update to a version later than 9.12-r4 to resolve the issue. As a temporary workaround, consider restricting access to the netpbm package to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kdbg versions 1.1.0 through 1.2.8 **Description** The issue allows local users to execute arbitrary commands due to a lack of permission checks for the .kdbgrc file. This can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be performed locally. **Recommendations** For Kdbg versions 1.1.0 through 1.2.8, consider restricting access to the .kdbgrc file to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.