Alerts This Week
Warning Icon 1 848
Alerts This Week
Warning Icon 1 848

openSUSE HPLIP Severe Code Execution Denial of Service 2026-2380-1

opensuse
Calendar Grey June 12, 2026
Dist Opensuse Esm H88
Critical update for openSUSE hplip resolves three security issues including escalation of privileges and service denial.
An update that solves three vulnerabilities and has five security fixes can now be installed.

Description

This update for hplip fixes the following issues

Update to HPLIP 3.26.4:

Security issues:

* CVE-2025-43023: weak code signing DSA key used to generate package

signatures can lead to key spoofing and malicious software installation

(bsc#1266031).

* CVE-2026-8631: escalation of privileges and/or arbitrary code execution via

an integer overflow in the hpcups processing path (bsc#1266023).

* CVE-2026-8632: escalation of privileges and/or arbitrary code execution via

operating system command injection (bsc#1266024).

* unauthenticated remote (LAN) denial-of-service in the SLP parser (ReDoS)

(bsc#1245358).

* URI parameter injection via unsanitized USB serial number (bsc#1209401).

Non security issues:

* Can't set up fax for HP OfficeJet 3830 (bsc#1257529).

* hplip requires foomatic-filters which does not exist in Leap 16

(bsc#1250481).

Changes:

* Add support for the following new printers:

* HP LaserJet Pro MFP 3106sdw

* HP LaserJet Pro MFP...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service critical code execution OpenSUSE hplip

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4

zypper in -t patch SUSE-2026-2380=1

* SUSE Linux Enterprise Server 15 SP4 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2380=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4

zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2380=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4

zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2380=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5

zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2380=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5

zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2380=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2380=1

* SUSE Linux...

Read the Full Advisory

Package List

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)

* hplip-debugsource-3.26.4-150400.3.22.1

* hplip-devel-3.26.4-150400.3.22.1

* hplip-udev-rules-3.26.4-150400.3.22.1

* hplip-sane-3.26.4-150400.3.22.1

* hplip-sane-debuginfo-3.26.4-150400.3.22.1

* hplip-hpijs-3.26.4-150400.3.22.1

* hplip-3.26.4-150400.3.22.1

* hplip-scan-utils-3.26.4-150400.3.22.1

* hplip-debuginfo-3.26.4-150400.3.22.1

* hplip-scan-utils-debuginfo-3.26.4-150400.3.22.1

* hplip-hpijs-debuginfo-3.26.4-150400.3.22.1

* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)

* hplip-debugsource-3.26.4-150400.3.22.1

* hplip-devel-3.26.4-150400.3.22.1

* hplip-udev-rules-3.26.4-150400.3.22.1

* hplip-sane-debuginfo-3.26.4-150400.3.22.1

* hplip-sane-3.26.4-150400.3.22.1

* hplip-hpijs-3.26.4-150400.3.22.1

* hplip-3.26.4-150400.3.22.1

* hplip-debuginfo-3.26.4-150400.3.22.1

* hplip-hpijs-debuginfo-3.26.4-150400.3.22.1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64

x86_64)

*...

Read the Full Advisory

References

* bsc#1209401

* bsc#1234745

* bsc#1245358

* bsc#1250481

* bsc#1257529

* bsc#1266023

* bsc#1266024

* bsc#1266031

## References:

* https://www.suse.com/security/cve/CVE-2025-43023.html

* https://www.suse.com/security/cve/CVE-2026-8631.html

* https://www.suse.com/security/cve/CVE-2026-8632.html

* https://bugzilla.suse.com/show_bug.cgi?id=1209401

* https://bugzilla.suse.com/show_bug.cgi?id=1234745

* https://bugzilla.suse.com/show_bug.cgi?id=1245358

* https://bugzilla.suse.com/show_bug.cgi?id=1250481

* https://bugzilla.suse.com/show_bug.cgi?id=1257529

* https://bugzilla.suse.com/show_bug.cgi?id=1266023

* https://bugzilla.suse.com/show_bug.cgi?id=1266024

* https://bugzilla.suse.com/show_bug.cgi?id=1266031

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2380-1
Release Date: 2026-06-11T16:15:35Z
Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5

Topics%20covered

Topics Covered

security advisory denial of service critical code execution OpenSUSE hplip

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here