Marc Schoenefeld of the Red Hat Security Response Team discovered a
vulnerability in the hplip alert-mailing functionality that could allow
a local attacker to elevate their privileges by using specially-crafted
packets to trigger alert mails that are sent by the root account
(CVE-2008-2940).

Another vulnerability was discovered by Marc Schoenefeld in the hpssd
message parser that could allow a local attacker to stop the hpssd
process by sending specially-craftd packets, causing a denial of
service (CVE-2008-2941).

The updated packages have been patched to correct these issues.