{"id":"USN-2699-1","summary":"hplip vulnerability","details":"Enrico Zini discovered that HPLIP used a short GPG key ID when downloading\nkeys from the keyserver. An attacker could possibly use this to return a\ndifferent key with a duplicate short key id and perform a machine-in-the-middle\nattack on printer plugin installations.\n","modified":"2026-04-22T09:14:38.058917Z","published":"2015-07-30T16:56:09Z","related":["UBUNTU-CVE-2015-0839"],"upstream":["CVE-2015-0839","UBUNTU-CVE-2015-0839"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2699-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0839"}],"affected":[{"package":{"name":"hplip","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/hplip@3.14.3-0ubuntu3.4?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.14.3-0ubuntu3.4"}]}],"versions":["3.13.9-1","3.13.9-2","3.13.11-1","3.13.11-1ubuntu1","3.13.11-2","3.13.11-2.1","3.14.1-1","3.14.3-0ubuntu1","3.14.3-0ubuntu2","3.14.3-0ubuntu3","3.14.3-0ubuntu3.2"],"ecosystem_specific":{"binaries":[{"binary_name":"hpijs-ppds","binary_version":"3.14.3-0ubuntu3.4"},{"binary_name":"hplip","binary_version":"3.14.3-0ubuntu3.4"},{"binary_name":"hplip-data","binary_version":"3.14.3-0ubuntu3.4"},{"binary_name":"hplip-gui","binary_version":"3.14.3-0ubuntu3.4"},{"binary_name":"libhpmud0","binary_version":"3.14.3-0ubuntu3.4"},{"binary_name":"libsane-hpaio","binary_version":"3.14.3-0ubuntu3.4"},{"binary_name":"printer-driver-hpcups","binary_version":"3.14.3-0ubuntu3.4"},{"binary_name":"printer-driver-hpijs","binary_version":"3.14.3-0ubuntu3.4"},{"binary_name":"printer-driver-postscript-hp","binary_version":"3.14.3-0ubuntu3.4"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0839"}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2699-1.json"}}],"schema_version":"1.7.5"}