BugTraq
[security bulletin] HPSBPI03546 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Enterprise Printers, Remote Disclosure of Information Mar 03 2016 11:41PM
HP Security Alert (hp-security-alert hp com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0503035
3

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05030353
Version: 1

HPSBPI03546 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Enterprise
Printers, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon
as possible.

Release Date: 2016-03-02
Last Updated: 2016-03-02

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY

A potential security vulnerability has been identified with certain HP LaserJet
Printers and MFPs, and certain HP OfficeJet Enterprise printers and MFPs, which
could be exploited remotely to allow disclosure of information.

References:

* CVE-2016-2244 (PSR-2016-0021)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

Please refer to the RESOLUTION below for a list of impacted products.

BACKGROUND

For a PGP signed version of this security bulletin please write to:
security-alert (at) hp (dot) com [email concealed]

CVSS 2.0 Base Metrics
========================================================================
========
Reference Base Vector Base Score

CVE-2016-2244 (PSR-2016-0021) (AV:N/AC:L/Au:N/C:N/I:C/A:N) 7.8
========================================================================
========

RESOLUTION

HP has provided firmware updates for impacted printers as listed in the table
below. To obtain the updated firmware, go to www.hp.com and follow these steps:

1. Under support, select "Download Drivers".

2. Enter the appropriate product name listed in the table below into the
search field.

3. Click on "Find my product".

4. Click on the appropriate product.

5. Under "Operating Systems" select the applicable operating system from the
list.

6. Select the appropriate firmware update under "Firmware", click "Download".

Firmware Updates Table

Affect Product (Model Affected Affected Resolution Firmware
Numbers) Firmware Firmware Version (Bundle)
Bundle Version

HP Color LaserJet 3.6.3 2307497_543950
Enterprise M651 3.6.4 2307619_547160 2307851_000048
(CZ255A, CZ256A, CZ257A, 3.7 2307781_551200 (3.7.01)
CZ258A) 3.7.1 2307884_553037
3.7.2 2307939_554654

3.6.3 2307497_543953
HP Color LaserJet 3.6.4 2307619_547145 2307851_000051
Enterprise M750 3.7 2307781_551203 (3.7.01)
(D3L08A, D3L09A, D3L10A) 3.7.1 2307884_553040
3.7.2 2307939_554657

3.6.3 2307497_543947
HP Color LaserJet M680 3.6.4 2307619_547157 2307851_000059
(CZ249A, CZ250A, CA251A) 3.7 2307781_551196 (3.7.01)
3.7.1 2307884_553034
3.7.2 2307939_554651

3.6.3 2307497_543957
HP LaserJet Enterprise 500 3.6.4 2307619_547167 2307851_000056
color MFP M575dn 3.7 2307781_551207 (3.7.01)
(CD644A, CD645A) 3.7.1 2307884_553044
3.7.2 2307939_554662

3.6.3 2307497_543945
HP LaserJet Enterprise 500 3.6.4 2307619_547155 2307851_000043
MFP M525f 3.7 2307781_551195 (3.7.01)
(CF116A, CF117A) 3.7.1 2307884_553032
3.7.2 2307939_554649

3.6.3 2307497_543961
HP LaserJet Enterprise 600 3.6.4 2307619_547168 2307851_000040
M601 3.7 2307781_551208 (3.7.01)
(CE989A, CE990A) 3.7.1 2307884_553045
3.7.2 2307939_554664

3.6.3 2307497_543961
HP LaserJet Enterprise 600 3.6.4 2307619_547168 2307851_000040
M602 3.7 2307781_551208 (3.7.01)
(CE991A, CE992A, CE993A) 3.7.1 2307884_553045
3.7.2 2307939_554664

3.6.3 2307497_543961
HP LaserJet Enterprise 600 3.6.4 2307619_547168 2307851_000040
M603xh 3.7 2307781_551208 (3.7.01)
(CE994A, CE995A, CE996A) 3.7.1 2307884_553045
3.7.2 2307939_554664

3.6.3 2307497_543958
HP LaserJet Enterprise 700 3.6.4 2307619_547166 2307851_000055
color MFP M775 series 3.7 2307781_551206 (3.7.01)
(CC522A, CC523A, CC524A) 3.7.1 2307884_553043
3.7.2 2307939_554660

3.6.3 2307497_543955
HP LaserJet Enterprise 700 3.6.4 2307619_547165 2307851_000053
M712xh 3.7 2307781_551205 (3.7.01)
(CF235A, CF236A, CF238A) 3.7.1 2307884_553042
3.7.2 2307939_554659

3.6.3 2307497_543951
HP LaserJet Enterprise 800 3.6.4 2307619_547161 2307851_000049
color M855 3.7 2307781_551201 (3.7.01)
(A2W77A, A2W78A, A2W79A) 3.7.1 2307884_553038
3.7.2 2307939_554655

HP LaserJet Enterprise 800 3.6.3 2307497_543946
color MFP M880 3.6.4 2307619_547156 2307851_000058
(A2W76A, A2W75A, D7P70A, 3.7 2307781_551196 (3.7.01)
D7P71A) 3.7.1 2307884_553033
3.7.2 2307939_554650

3.6.3 2307497_543964
HP LaserJet Enterprise 3.6.4 2307619_547169 2307851_000057
Color 500 M551 Series 3.7 2307781_551209 (3.7.01)
(CF081A,CF082A,CF083A) 3.7.1 2307884_553046
3.7.2 2307939_554665

3.6.3 2307497_543957
HP LaserJet Enterprise 3.6.4 2307619_547167 2307851_000056
Color flow MFP M575c 3.7 2307781_551207 (3.7.01)
(CD646A) 3.7.1 2307884_553044
3.7.2 2307939_554662

3.6.3 2307497_543948
HP LaserJet Enterprise 3.6.4 2307619_547158 2307851_000046
flow M830z MFP 3.7 2307781_551198 (3.7.01)
(CF367A) 3.7.1 2307884_553035
3.7.2 2307939_554652

3.6.3 2307497_543945
HP LaserJet Enterprise 3.6.4 2307619_547155 2307851_000043
flow MFP M525c 3.7 2307781_551195 (3.7.01)
(CF118A) 3.7.1 2307884_553032
3.7.2 2307939_554649

3.6.3 2307497_543943
HP LaserJet Enterprise 3.6.4 2307619_547153 2307851_000041
Flow MFP M630z 3.7 2307781_551193 (3.7.01)
(B3G85A) 3.7.1 2307884_553030
3.7.2 2307939_554647

3.6.3 2307497_543952
HP LaserJet Enterprise 3.6.4 2307619_547163 2307851_000035
M806 3.7 2307781_551202 (3.7.01)
(CZ244A, CZ245A) 3.7.1 2307884_553039
3.7.2 2307939_554656

3.6.3 2307497_543943
HP LaserJet Enterprise MFP 3.6.4 2307619_547153 2307851_000041
M630 3.7 2307781_551193 (3.7.01)
(J7X28A) 3.7.1 2307884_553030
3.7.2 2307939_554647

HP LaserJet Enterprise MFP 3.6.3 2307497_543954
M725 3.6.4 2307619_547164 2307851_000054
(CF066A, CF067A, CF068A, 3.7 2307781_551204 (3.7.01)
CF069A) 3.7.1 2307884_553041
3.7.2 2307939_554658

3.6.3 2307497_543944
HP OfficeJet Enterprise 3.6.4 2307619_547154 2307851_000039
Color MFP X585 3.7 2307781_551194 (3.7.01)
(B5L04A, B5L05A, B5L07A) 3.7.1 2307884_553031
3.7.2 2307939_554648

3.6.3 2307497_543949
HP OfficeJet Enterprise 3.6.4 2307619_547159 2307851_000047
Color X555 3.7 2307781_551199 (3.7.01)
(C2S11A, C2S12A) 3.7.1 2307884_553036
3.7.2 2307939_554653

System management and security procedures must be reviewed frequently to
maintain system integrity. HP is continually reviewing and enhancing the
security features of software products to provide customers with current secure
solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the
attention of users of the affected HP products the important security
information contained in this Bulletin. HP recommends that all users determine
the applicability of this information to their individual situations and take
appropriate action. HP does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently, HP will not be
responsible for any damages resulting from user's use or disregard of the
information provided in this Bulletin. To the extent permitted by law, HP
disclaims all warranties, either express or implied, including the warranties
of merchantability and fitness for a particular purpose, title and
non-infringement."

REVISION HISTORY

Version:1 (rev.1) ? 01 March 2016 Initial release

Copyright 2016 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or its
affiliates, subcontractors or suppliers will be liable for incidental,special
or consequential damages including downtime cost; lost profits;damages relating
to the procurement of substitute products or services; or damages for loss of
data, or software restoration. The information in this document is subject to
change without notice. Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard Company in the
United States and other countries. Other product and company names mentioned
herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJW2MrgAAoJEPRuzn0I+N3Z+uMQAJ3Z2s5H1BllX7uvcKCeqSfb
Y4Lcbd1rWDJiBPaej2fRR97fxVLBO9QTZKEhghTcehpIBfIjLcSR2PxaT8z0RC5C
y8lTUFkU4IXXgWd58Pk21jUsFAHuQHQSpSYBQx+7/8ekturguwxlMgxjIJkWWnpU
79pUMCzCR1Q9jLaDNv4hmHCGo42L7Qn/4Kr5PQxWZ19OzdBOtNA5Kk2/DsLR6Q6u
tKuBwlh+QMW9rFRenAKrfkZfyA3AeyUy/i4YR2Ghww8GXJzDoyjfFQWzdWJhs9UL
LYzymXnkNe74BhthPAkyCQqbunpXOstNWYpG36uSImrNvOs6sOMWUj5saiAT1Znv
MLiUMCUXZkadGwavXdWtHBUR7aDARyOPxg6F31XzcgV6bqjKzSUAYGI3WYVf6Jk3
pXrmW49no3y1luXHz6MDlTBKL09aZu9kCOpT555kH1hOu+mAMs0UBY72kDUF3839
+Mcb1R71mYGYR93jAmAXvJ51J2axlN0J7FF7o4mxowfrXPFTapqQF8s90IOhDtLk
CQlSCSAD+NV0edzPy0zT77whx8GFIn5+DyEQ9tLfUq9Dl/e4DZWEKya9Q2UfTobJ
tFG8VHUsXmk29rFYWk4gViO8OITq8p5A3mjmQ1R4NbQ4KbJJolHoK1PO/7VLHY5W
UaJxLGryGjM699Yk6htj
=zguU
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus