Detections
Analytics

SUSE SLES15 Security Update : hplip (SUSE-SU-2026:2380-1)

critical Nessus Plugin ID 321055

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2380-1 advisory.

 This update for hplip fixes the following issues

 Update to HPLIP 3.26.4:

 Security issues:

 - CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation (bsc#1266031).
 - CVE-2026-8631: escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path (bsc#1266023).
 - CVE-2026-8632: escalation of privileges and/or arbitrary code execution via operating system command injection (bsc#1266024).
 - unauthenticated remote (LAN) denial-of-service in the SLP parser (ReDoS) (bsc#1245358).
 - URI parameter injection via unsanitized USB serial number (bsc#1209401).

 Non security issues:

 - Can't set up fax for HP OfficeJet 3830 (bsc#1257529).
 - hplip requires foomatic-filters which does not exist in Leap 16 (bsc#1250481).

 Changes:

 - Add support for the following new printers:
 * HP LaserJet Pro MFP 3106sdw
 * HP LaserJet Pro MFP 3105sdw
 * HP Envy 6500e series
 * HP Envy 6500 series
 * HP OfficeJet Pro 9730 Series
 * HP OfficeJet Pro 9730e Series
 * HP OfficeJet Pro 9720 Series
 * HP OfficeJet Pro 9720e Series
 * HP OfficeJet Pro 8130e All-in-One series
 * HP OfficeJet Pro 8130 All-in-One series
 * HP OfficeJet 8130e All-in-One series
 * HP OfficeJet 8130 All-in-One series
 * HP OfficeJet Pro 8120e All-in-One series
 * HP OfficeJet Pro 8120 All-in-One series
 * HP OfficeJet 8120e All-in-One series
 * HP OfficeJet 8120 All-in-One series
 * HP DeskJet Ink Advantage ultra 5800 All-in-One Printer series
 * HP DeskJet Ink Advantage ultra 5100 All-in-One Printer series
 * HP DeskJet 4300e All-in-One Printer series
 * HP DeskJet Ink Advantage 4300 All-in-One Printer series
 * HP DeskJet 4300 All-in-One Printer series
 * HP DeskJet 2900e All-in-One Printer series
 * HP DeskJet Ink Advantage 2900 All-in-One Printer series
 * HP DeskJet 2900 All-in-One Printer series
 * HP LaserJet Enterprise Flow MFP 8601z
 * HP LaserJet Enterprise 5501
 * HP LaserJet Enterprise MFP 5601dn
 * HP LaserJet Enterprise 6500dn
 * HP LaserJet Enterprise 5501n
 * HP LaserJet Enterprise MFP 5601
 * HP LaserJet Enterprise 6500
 * HP LaserJet Enterprise 5502dn
 * HP LaserJet Enterprise MFP 5602dn
 * HP LaserJet Enterprise 6500n
 * HP LaserJet Enterprise 5502
 * HP LaserJet Enterprise MFP 5602f
 * HP LaserJet Enterprise 6501dn
 * HP LaserJet Enterprise X50452dn
 * HP LaserJet Enterprise Flow MFP 5602zfw
 * HP LaserJet Enterprise 6501
 * HP LaserJet Enterprise X50452
 * HP LaserJet Enterprise MFP 5602
 * HP LaserJet Enterprise X60257dn
 * HP LaserJet Enterprise MFP X53052dn
 * HP LaserJet Enterprise Flow MFP X530
 * HP LaserJet Enterprise X60257
 * HP LaserJet Enterprise MFP X53052
 * HP LaserJet Enterprise X60357dn
 * HP LaserJet Enterprise X60357
 * HP LaserJet Enterprise MFP 6600dn
 * HP LaserJet Enterprise Flow MFP 6600zfw
 * HP LaserJet Enterprise MFP 6600
 * HP LaserJet Enterprise Flow MFP 6600zfsw
 * HP LaserJet Enterprise MFP X62757dn
 * HP LaserJet Enterprise Flow MFP X62757zs
 * HP LaserJet Enterprise MFP X62757
 * DEX D50452dn
 * DEX MFP D53052dn
 * HP LaserJet Pro MFP M126a plus
 * HP LaserJet Pro MFP M126nw plus
 * HP LaserJet Pro MFP M126snw plus
 * HP Envy Photo 7200 series
 * HP Envy Photo 7900 series
 * HP OfficeJet Pro 9110 Series
 * HP OfficeJet 9120 Series
 * HP OfficeJet Pro 9120 Series
 * HP OfficeJet Pro 9130 Series
 * HP LaserJet Enterprise Flow MFP 8601z+
 * HP LaserJet Enterprise MFP 8601dn
 * HP Color LaserJet Enterprise MFP 8801dn
 * HP Color LaserJet Enterprise Flow MFP 8801z
 * HP Color LaserJet Enterprise Flow MFP 8801z+
 * HP LaserJet Enterprise 8501dn
 * HP LaserJet Enterprise 8501x
 * HP LaserJet Enterprise 8501x+
 * DEX MFP D826
 * DEX MFP D82640
 * DEX MFP D82650
 * DEX MFP D82660
 * DEX D50145
 * DEX MFP D42540
 * DEX MFP D52645
 * DEX Color D55745
 * DEX Color MFP D57945
 * DEX Color MFP D677
 * DEX Color MFP D67755
 * DEX Color MFP D67765
 * DEX Color MFP D877
 * DEX Color MFP D87740
 * DEX Color MFP D87750
 * DEX Color MFP D87760
 * DEX Color MFP D87770
 * DEX Color MFP D786
 * DEX Colour MFP D78625
 * DEX Color MFP D78630
 * DEX Color MFP D78635
 * DEX MFP D731
 * DEX MFP D73130
 * DEX MFP D73135
 * DEX MFP D73140

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1209401

https://bugzilla.suse.com/1234745

https://bugzilla.suse.com/1245358

https://bugzilla.suse.com/1250481

https://bugzilla.suse.com/1257529

https://bugzilla.suse.com/1266023

https://bugzilla.suse.com/1266024

https://bugzilla.suse.com/1266031

https://lists.suse.com/pipermail/sle-updates/2026-June/047273.html

https://www.suse.com/security/cve/CVE-2025-43023

https://www.suse.com/security/cve/CVE-2026-8631

https://www.suse.com/security/cve/CVE-2026-8632

Plugin Details

Severity: Critical

ID: 321055

File Name: suse_SU-2026-2380-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/14/2026

Updated: 6/14/2026

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-8631

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Threat Score: 8.1

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:hplip-hpijs, p-cpe:/a:novell:suse_linux:hplip, p-cpe:/a:novell:suse_linux:hplip-udev-rules, p-cpe:/a:novell:suse_linux:hplip-sane, p-cpe:/a:novell:suse_linux:hplip-devel, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/11/2026

Vulnerability Publication Date: 7/28/2025

Reference Information

CVE: CVE-2025-43023, CVE-2026-8631, CVE-2026-8632

SuSE: SUSE-SU-2026:2380-1