Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 527
Alerts This Week
Warning Icon 1 527

openSUSE hplip Critical Escalation Privileges Denial Service 2026-2222-1

suse
Calendar Grey June 2, 2026
Scroller Suse
Critical update installed for hplip addressing three issues including denial of service and code execution risks.
An update that solves three vulnerabilities and has five security fixes can now be installed.

Summary

## This update for hplip fixes the following issues Security issues: * CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation (bsc#1266031). * CVE-2026-8631: escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path (bsc#1266023). * CVE-2026-8632: escalation of privileges and/or arbitrary code execution via operating system command injection (bsc#1266024). * Unauthenticated remote (LAN) denial-of-service in the SLP parser (ReDoS). (bsc#1245358) * URI parameter injection via unsanitized USB serial number. (bsc#1209401) Non security issues: * Can't set up fax for HP OfficeJet 3830 (bsc#1257529). * hplip requires foomatic-filters which does not exist in Leap 16

References

* bsc#1209401

* bsc#1234745

* bsc#1245358

* bsc#1250481

* bsc#1257529

* bsc#1266023

* bsc#1266024

* bsc#1266031

Cross-

* CVE-2025-43023

* CVE-2026-8631

* CVE-2026-8632

CVSS scores:

* CVE-2025-43023 ( SUSE ): 7.5

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-43023 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-43023 ( NVD ): 5.9

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-43023 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2026-8631 ( SUSE ): 9.3

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2222-1
Release Date: 2026-06-02T08:40:55Z
Rating: critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.