Alerts This Week
Warning Icon 1 1,082
Alerts This Week
Warning Icon 1 1,082

openSUSE hplip Critical Escalation Privileges Denial Service 2026-2222-1

suse
Calendar Grey June 2, 2026
Dist Suse Esm H88
Critical update installed for hplip addressing three issues including denial of service and code execution risks.
An update that solves three vulnerabilities and has five security fixes can now be installed.

Summary

## This update for hplip fixes the following issues Security issues: * CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation (bsc#1266031). * CVE-2026-8631: escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path (bsc#1266023). * CVE-2026-8632: escalation of privileges and/or arbitrary code execution via operating system command injection (bsc#1266024). * Unauthenticated remote (LAN) denial-of-service in the SLP parser (ReDoS). (bsc#1245358) * URI parameter injection via unsanitized USB serial number. (bsc#1209401) Non security issues: * Can't set up fax for HP OfficeJet 3830 (bsc#1257529). * hplip requires foomatic-filters which does not exist in Leap 16

Topics%20covered

Topics Covered

security advisory denial of service critical OpenSUSE hplip escalation of privileges

References

* bsc#1209401

* bsc#1234745

* bsc#1245358

* bsc#1250481

* bsc#1257529

* bsc#1266023

* bsc#1266024

* bsc#1266031

Cross-

* CVE-2025-43023

* CVE-2026-8631

* CVE-2026-8632

CVSS scores:

* CVE-2025-43023 ( SUSE ): 7.5

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-43023 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-43023 ( NVD ): 5.9

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-43023 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2026-8631 ( SUSE ): 9.3

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2222-1
Release Date: 2026-06-02T08:40:55Z
Rating: critical

Topics%20covered

Topics Covered

security advisory denial of service critical OpenSUSE hplip escalation of privileges

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here