Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorydenial of servicecriticalopenSUSE hplip Critical Escalation Privileges Denial Service 2026-2222-1
An update that solves three vulnerabilities and has five security fixes can now be installed.. # Security update for hplip Announcement ID: SUSE-SU-2026:2222-1 Release Date: 2026-06-02T08:40:55Z Rating: critical References: * bsc#1209401 * bsc#1234745 * bsc#1245358 * bsc#1250481 * bsc#1257529 * bsc#1266023 * bsc#1266024 * bsc#1266031 Cross-References: * CVE-2025-43023 * CVE-2026-8631 * CVE-2026-8632 CVSS scores: * CVE-2025-43023 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43023 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43023 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-43023 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8631 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8631 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8631 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8632 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8632 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8632 ( NVD ): 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities and has five security fixes can now be installed. ## Description: This update for hplip fixes the following issues Security issues: * CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation (bsc#1266031). * CVE-2026-8631: escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path (bsc#1266023). * CVE-2026-8632: escalation of privileges and/or arbitrary code execution via operating system command injection (bsc#1266024). * Unauthenticated remote (LAN) denial-of-service in the SLP parser (ReDoS). (bsc#1245358) * URI parameter injection via unsanitized USB serial number. (bsc#1209401) Non security issues: * Can't set up fax for HP OfficeJet 3830 (bsc#1257529). * hplip requires foomatic-filters which does not exist in Leap 16 (bsc#1250481). * Update to HPLIP 3.26.4 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2222=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2222=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2222=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * hplip-debuginfo-3.26.4-150600.4.9.1 * hplip-debugsource-3.26.4-150600.4.9.1 * hplip-scan-utils-3.26.4-150600.4.9.1 * hplip-3.26.4-150600.4.9.1 *hplip-sane-debuginfo-3.26.4-150600.4.9.1 * hplip-udev-rules-3.26.4-150600.4.9.1 * hplip-sane-3.26.4-150600.4.9.1 * hplip-scan-utils-debuginfo-3.26.4-150600.4.9.1 * hplip-hpijs-debuginfo-3.26.4-150600.4.9.1 * hplip-devel-3.26.4-150600.4.9.1 * hplip-hpijs-3.26.4-150600.4.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * hplip-debuginfo-3.26.4-150600.4.9.1 * hplip-debugsource-3.26.4-150600.4.9.1 * hplip-3.26.4-150600.4.9.1 * hplip-sane-debuginfo-3.26.4-150600.4.9.1 * hplip-udev-rules-3.26.4-150600.4.9.1 * hplip-sane-3.26.4-150600.4.9.1 * hplip-hpijs-debuginfo-3.26.4-150600.4.9.1 * hplip-devel-3.26.4-150600.4.9.1 * hplip-hpijs-3.26.4-150600.4.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * hplip-debuginfo-3.26.4-150600.4.9.1 * hplip-debugsource-3.26.4-150600.4.9.1 * hplip-3.26.4-150600.4.9.1 * hplip-sane-debuginfo-3.26.4-150600.4.9.1 * hplip-udev-rules-3.26.4-150600.4.9.1 * hplip-sane-3.26.4-150600.4.9.1 * hplip-hpijs-debuginfo-3.26.4-150600.4.9.1 * hplip-devel-3.26.4-150600.4.9.1 * hplip-hpijs-3.26.4-150600.4.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-43023.html * https://www.suse.com/security/cve/CVE-2026-8631.html * https://www.suse.com/security/cve/CVE-2026-8632.html * https://bugzilla.suse.com/show_bug.cgi?id=1209401 * https://bugzilla.suse.com/show_bug.cgi?id=1234745 * https://bugzilla.suse.com/show_bug.cgi?id=1245358 * https://bugzilla.suse.com/show_bug.cgi?id=1250481 * https://bugzilla.suse.com/show_bug.cgi?id=1257529 * https://bugzilla.suse.com/show_bug.cgi?id=1266023 * https://bugzilla.suse.com/show_bug.cgi?id=1266024 * https://bugzilla.suse.com/show_bug.cgi?id=1266031 . Critical update installed for hplip addressing three issues including denial of service and code execution risks.. SUSE hplip critical update privileges denial service. . Severity: Critical. LinuxSecurity.com Team
Jun 02, 2026
•Critical
SuSE
202
security advisorydenial of servicecriticalopenSUSE hplip Critical Escalation DoS Update 2026-2222-1
An update that solves three vulnerabilities and has five security fixes can now be installed.. # Security update for hplip Announcement ID: SUSE-SU-2026:2222-1 Release Date: 2026-06-02T08:40:55Z Rating: critical References: * bsc#1209401 * bsc#1234745 * bsc#1245358 * bsc#1250481 * bsc#1257529 * bsc#1266023 * bsc#1266024 * bsc#1266031 Cross-References: * CVE-2025-43023 * CVE-2026-8631 * CVE-2026-8632 CVSS scores: * CVE-2025-43023 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43023 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43023 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-43023 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8631 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8631 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8631 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8632 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8632 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8632 ( NVD ): 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities and has five security fixes can now be installed. ## Description: This update for hplip fixes the following issues Security issues: * CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation (bsc#1266031). * CVE-2026-8631: escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path (bsc#1266023). * CVE-2026-8632: escalation of privileges and/or arbitrary code execution via operating system command injection (bsc#1266024). * Unauthenticated remote (LAN) denial-of-service in the SLP parser (ReDoS). (bsc#1245358) * URI parameter injection via unsanitized USB serial number. (bsc#1209401) Non security issues: * Can't set up fax for HP OfficeJet 3830 (bsc#1257529). * hplip requires foomatic-filters which does not exist in Leap 16 (bsc#1250481). * Update to HPLIP 3.26.4 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2222=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2222=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2222=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * hplip-debuginfo-3.26.4-150600.4.9.1 * hplip-debugsource-3.26.4-150600.4.9.1 * hplip-scan-utils-3.26.4-150600.4.9.1 * hplip-3.26.4-150600.4.9.1 *hplip-sane-debuginfo-3.26.4-150600.4.9.1 * hplip-udev-rules-3.26.4-150600.4.9.1 * hplip-sane-3.26.4-150600.4.9.1 * hplip-scan-utils-debuginfo-3.26.4-150600.4.9.1 * hplip-hpijs-debuginfo-3.26.4-150600.4.9.1 * hplip-devel-3.26.4-150600.4.9.1 * hplip-hpijs-3.26.4-150600.4.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * hplip-debuginfo-3.26.4-150600.4.9.1 * hplip-debugsource-3.26.4-150600.4.9.1 * hplip-3.26.4-150600.4.9.1 * hplip-sane-debuginfo-3.26.4-150600.4.9.1 * hplip-udev-rules-3.26.4-150600.4.9.1 * hplip-sane-3.26.4-150600.4.9.1 * hplip-hpijs-debuginfo-3.26.4-150600.4.9.1 * hplip-devel-3.26.4-150600.4.9.1 * hplip-hpijs-3.26.4-150600.4.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * hplip-debuginfo-3.26.4-150600.4.9.1 * hplip-debugsource-3.26.4-150600.4.9.1 * hplip-3.26.4-150600.4.9.1 * hplip-sane-debuginfo-3.26.4-150600.4.9.1 * hplip-udev-rules-3.26.4-150600.4.9.1 * hplip-sane-3.26.4-150600.4.9.1 * hplip-hpijs-debuginfo-3.26.4-150600.4.9.1 * hplip-devel-3.26.4-150600.4.9.1 * hplip-hpijs-3.26.4-150600.4.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-43023.html * https://www.suse.com/security/cve/CVE-2026-8631.html * https://www.suse.com/security/cve/CVE-2026-8632.html * https://bugzilla.suse.com/show_bug.cgi?id=1209401 * https://bugzilla.suse.com/show_bug.cgi?id=1234745 * https://bugzilla.suse.com/show_bug.cgi?id=1245358 * https://bugzilla.suse.com/show_bug.cgi?id=1250481 * https://bugzilla.suse.com/show_bug.cgi?id=1257529 * https://bugzilla.suse.com/show_bug.cgi?id=1266023 * https://bugzilla.suse.com/show_bug.cgi?id=1266024 * https://bugzilla.suse.com/show_bug.cgi?id=1266031 . # Security update for hplip Announcement ID: SUSE-SU-2026:2222-1 Release Date: 2026-06-02T08:40:55Z . update, solves, three, vulnerabilities, security, fixes, installed. . Severity: Critical. LinuxSecurity.com Team
Jun 02, 2026
•Critical
OpenSUSE
203
security advisorycriticalaccess controlMageia 8: MGASA-2023-0125 Critical: Opencontainers-Runc Access Issues
/sys/fs/cgroup is writable when cgroupns isn't unshared (CVE-2023-25809) Regression that reintroduced CVE-2019-19921 - Incorrect Access Control leading to Escalation of Privileges (CVE-2023-27561) AppArmor/SELinux bypass with symlinked /proc (CVE-2023-28642) . MGASA-2023-0125 - Updated opencontainers-runc packages fix security vulnerability Publication date: 06 Apr 2023 URL: https://advisories.mageia.org/MGASA-2023-0125.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-25809, CVE-2023-27561, CVE-2023-28642 /sys/fs/cgroup is writable when cgroupns isn't unshared (CVE-2023-25809) Regression that reintroduced CVE-2019-19921 - Incorrect Access Control leading to Escalation of Privileges (CVE-2023-27561) AppArmor/SELinux bypass with symlinked /proc (CVE-2023-28642) References: - https://bugs.mageia.org/show_bug.cgi?id=31729 - https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html - https://github.com/opencontainers/runc/issues/3789 - https://www.cve.org/CVERecord?id=CVE-2023-25809 - https://www.cve.org/CVERecord?id=CVE-2023-27561 - https://www.cve.org/CVERecord?id=CVE-2023-28642 SRPMS: - 8/core/opencontainers-runc-1.1.5-1.mga8 . Newly released opencontainers-runc packages address critical security vulnerabilities in Mageia. Announcement date: 06 April 2023.. opencontainers-runc security, Mageia advisory, access control exploit. . Severity: Critical. LinuxSecurity.com Team
Apr 06, 2023
•Critical
Mageia
203
security advisoryinformation disclosuremalformed requestMageia 7: MGASA-2020-0147 Critical: Nghttp2 Malformed Request Exploit
Malformed request header may cause route matchers or access controls to be bypassed, resulting in escalation of privileges or information disclosure (CVE-2019-18802). References: . MGASA-2020-0147 - Updated nghttp2 packages fix security vulnerability Publication date: 01 Apr 2020 URL: https://advisories.mageia.org/MGASA-2020-0147.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-18802 Malformed request header may cause route matchers or access controls to be bypassed, resulting in escalation of privileges or information disclosure (CVE-2019-18802). References: - https://bugs.mageia.org/show_bug.cgi?id=26361 - http://lists.suse.com/pipermail/sle-security-updates/2020-March/006627.html - https://www.cve.org/CVERecord?id=CVE-2019-18802 SRPMS: - 7/core/nghttp2-1.38.0-1.2.mga7 . Mageia Security Advisory MGASA-2020-0147 addresses a vulnerability in nghttp2 that arises from improperly formatted request headers, leading to potential elevation of privileges.. nghttp2 Security Update, Mageia 7 Advisory, Malformed Request Header, Privilege Escalation Risk. . Severity: Critical. LinuxSecurity.com Team
Mar 31, 2020
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!