Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.bugs.dist > #1294817

Bug#1120865: hplip: make 3.25.8 availabe in stable backports?

From Thomas Orgis <thomas-forum@orgis.org>
Newsgroups linux.debian.bugs.dist
Subject Bug#1120865: hplip: make 3.25.8 availabe in stable backports?
Date 2026-05-23 11:40 +0200
Message-ID <MXQZP-7flf-3@gated-at.bofh.it> (permalink)
References <LSc9b-dGVm-1@gated-at.bofh.it> <MUXO9-5ic9-5@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

This is getting a bit more urgent with privilege escalation and/or code
execution bugs:

	https://www.openwall.com/lists/oss-security/2026/05/23/1
	https://support.hp.com/us-en/document/ish_14942099-14942126-16/hpsbpi04118

> HP Linux Imaging and Printing Software – Potential Escalation of Privilege and
> Arbitrary Code Execution
> 
> Potential security vulnerabilities have been identified in the HP Linux Imaging
> and Printing Software. These potential vulnerabilities may allow escalation of
> privileges and/or arbitrary code execution via command injection or buffer
> overflow.
> 
> Severity:     Critical
> HP Reference: HPSBPI04118 Rev. 1
> Release date: May 20, 2026
> Last updated: May 20, 2026
> Category:     Print Software
> 
> Reported by Mohamed Lemine Ahmed Jidou (AegisSec) (CVE-2026-8631)
> and Aisle Research (CVE-2026-8632).
> 
> List of CVE IDs
> ---------------
> 
> CVE ID:   CVE-2026-8631
> CVSS:     9.3
> Severity: Critical
> Vector:   CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
> 
> 
> CVE ID:   CVE-2026-8632
> CVSS:     8.5
> Severity: High
> Vector:   CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
> 
> 
> Resolution
> ----------
> 
> HP has identified affected versions and the minimum software version that
> mitigates the potential vulnerabilities. See the affected product list below.
> 
> Newer software versions might become available, and the minimum versions listed
> below might become obsolete. If a link becomes invalid, check the HP Software
> and Drivers Support site to obtain the latest update for your product model.
> 
> HP recommends keeping your system up to date with the latest firmware and
> software.
> 
> Affected products
> -----------------
> 
> Product Name:    HP Linux Imaging and Printing
> Updated Version: 3.26.4
> Download Link:   https://developers.hp.com/hp-linux-imaging-and-printing/gethplip

The outdated hplip package is becoming a serious risk.


Alrighty then,

Thomas

Back to linux.debian.bugs.dist | Previous | Next | Find similar

Thread

Bug#1120865: hplip: make 3.25.8 availabe in stable backports? Thomas Orgis <thomas-forum@orgis.org> - 2026-05-23 11:40 +0200

csiph-web