Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

SUSE hplip Critical Denial of Service Escalation Issues 2026-2228-1

suse
Calendar Grey June 4, 2026
Scroller Suse
Critical security update for hplip addressing three vulnerabilities and ensuring secure installations.
An update that solves three vulnerabilities and has three security fixes can now be installed.

Summary

## This update for hplip fixes the following issues Security issues: * CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation (bsc#1266031). * CVE-2026-8631: escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path (bsc#1266023). * CVE-2026-8632: escalation of privileges and/or arbitrary code execution via operating system command injection (bsc#1266024). * hplip: unauthenticated remote (LAN) denial-of-service in the SLP parser (ReDoS) (bsc#1245358). Non security issues: * Can't set up fax for HP OfficeJet 3830 (bsc#1257529). * hplip requires foomatic-filters which does not exist in Leap 16 (bsc#1250481). * Update to HPLIP 3.26.4. ## Patch Instructions:

References

* bsc#1245358

* bsc#1250481

* bsc#1257529

* bsc#1266023

* bsc#1266024

* bsc#1266031

Cross-

* CVE-2025-43023

* CVE-2026-8631

* CVE-2026-8632

CVSS scores:

* CVE-2025-43023 ( SUSE ): 7.5

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-43023 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-43023 ( NVD ): 5.9

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-43023 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2026-8631 ( SUSE ): 9.3

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2228-1
Release Date: 2026-06-03T08:07:01Z
Rating: critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.