Alerts This Week
Warning Icon 1 848
Alerts This Week
Warning Icon 1 848

openSUSE HPLIP Critical Escalation DoS Advisory SUSE-2026-2380-1

suse
Calendar Grey June 12, 2026
Dist Suse Esm H88
Critical security update for HPLIP in openSUSE addressing three vulnerabilities with multiple fixes available.
An update that solves three vulnerabilities and has five security fixes can now be installed.

Summary

## This update for hplip fixes the following issues Update to HPLIP 3.26.4: Security issues: * CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation (bsc#1266031). * CVE-2026-8631: escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path (bsc#1266023). * CVE-2026-8632: escalation of privileges and/or arbitrary code execution via operating system command injection (bsc#1266024). * unauthenticated remote (LAN) denial-of-service in the SLP parser (ReDoS) (bsc#1245358). * URI parameter injection via unsanitized USB serial number (bsc#1209401). Non security issues: * Can't set up fax for HP OfficeJet 3830 (bsc#1257529).

Topics%20covered

Topics Covered

security advisory denial of service critical code execution privilege escalation OpenSUSE

References

* bsc#1209401

* bsc#1234745

* bsc#1245358

* bsc#1250481

* bsc#1257529

* bsc#1266023

* bsc#1266024

* bsc#1266031

Cross-

* CVE-2025-43023

* CVE-2026-8631

* CVE-2026-8632

CVSS scores:

* CVE-2025-43023 ( SUSE ): 7.5

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-43023 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-43023 ( NVD ): 5.9

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-43023 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2026-8631 ( SUSE ): 9.3

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2380-1
Release Date: 2026-06-11T16:15:35Z
Rating: critical

Topics%20covered

Topics Covered

security advisory denial of service critical code execution privilege escalation OpenSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here