Mdz

**Name of the Vulnerable Software and Affected Versions** HP Linux Imaging and Printing (HPLIP) versions 2.7.7 through 2.8.2 **Description** The issue allows local users to change the ownership of arbitrary files via manipulations before an HPLIP installation or upgrade by an administrator. This is related to the product's attempt to correct the ownership of its configuration files within home directories. **Recommendations** For HP Linux Imaging and Printing (HPLIP) versions 2.7.7 through 2.8.2, consider restricting access to the `hplip.postinst` script until a patch is available. As a temporary workaround, avoid running the HPLIP installation or upgrade as an administrator until the issue is resolved.