hplip: hplip: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection [rhel-9.9]
Resolves: RHEL-178365
This commit is contained in:
parent
60a3b3f26e
commit
574e6df98e
75
hplip-CVE-2026-8632.patch
Normal file
75
hplip-CVE-2026-8632.patch
Normal file
@ -0,0 +1,75 @@
|
||||
From cc245a1117ae478e916662a7d9bded65b55765b8 Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||
Date: Mon, 25 May 2026 15:27:09 +0200
|
||||
Subject: [PATCH] 3.26.4
|
||||
|
||||
---
|
||||
base/utils.py | 42 ++++++++++++++++++++----------------------
|
||||
1 file changed, 20 insertions(+), 22 deletions(-)
|
||||
|
||||
diff --git a/base/utils.py b/base/utils.py
|
||||
index d176c0ddd..780e4766e 100644
|
||||
--- a/base/utils.py
|
||||
+++ b/base/utils.py
|
||||
@@ -2359,11 +2359,10 @@ def check_pkg_mgr( package_mgrs = None):
|
||||
log.debug("Not found")
|
||||
return (0, '')
|
||||
|
||||
-# checks if given process is running.
|
||||
-#return value:
|
||||
-# True or False
|
||||
-# None - if process is not running
|
||||
-# grep output - if process is running
|
||||
+# Check whether any running process command line contains the requested name.
|
||||
+# Return value:
|
||||
+# (True, {pid: cmdline, ...}) when one or more matching processes are found
|
||||
+# (False, {}) when no matching process is found or enumeration fails
|
||||
|
||||
def Is_Process_Running(process_name):
|
||||
if not process_name:
|
||||
@@ -2371,28 +2370,27 @@ def Is_Process_Running(process_name):
|
||||
|
||||
try:
|
||||
process = {}
|
||||
- p1 = Popen(["ps", "-w", "-w", "aux"], stdout=PIPE)
|
||||
- p2 = Popen(["grep", process_name], stdin=p1.stdout, stdout=PIPE)
|
||||
- p3 = Popen(["grep", "-v", "grep"], stdin=p2.stdout, stdout=PIPE)
|
||||
- output = p3.communicate()[0]
|
||||
- log.debug("Is_Process_Running output = %s " %output)
|
||||
-
|
||||
- if output:
|
||||
- for p in output.splitlines():
|
||||
- cmd = "echo '%s' | awk {'print $2'}" %p
|
||||
- status,pid = subprocess.getstatusoutput(cmd)
|
||||
- cmd = "echo '%s' | awk {'print $11,$12'}" %p
|
||||
- status,cmdline = subprocess.getstatusoutput(cmd)
|
||||
- if pid :
|
||||
+ for entry in os.listdir('/proc'):
|
||||
+ if not entry.isdigit():
|
||||
+ continue
|
||||
+ pid = entry
|
||||
+ try:
|
||||
+ with open('/proc/%s/cmdline' % pid, 'rb') as f:
|
||||
+ raw = f.read()
|
||||
+ cmdline = raw.replace(b'\x00', b' ').decode('utf-8', 'replace').strip()
|
||||
+ if process_name in cmdline:
|
||||
process[pid] = cmdline
|
||||
+ except (IOError, OSError):
|
||||
+ continue
|
||||
|
||||
+ log.debug("Is_Process_Running matches = %s " % process)
|
||||
+ if process:
|
||||
return True, process
|
||||
else:
|
||||
return False, {}
|
||||
|
||||
except Exception as e:
|
||||
- log.error("Execution failed: process Name[%s]" %process_name)
|
||||
- print >>sys.stderr, "Execution failed:", e
|
||||
+ log.error("Execution failed: process Name[%s] - error - %s" % (process_name, str(e)))
|
||||
return False, {}
|
||||
|
||||
|
||||
--
|
||||
2.54.0
|
||||
|
||||
12
hplip.spec
12
hplip.spec
@ -7,7 +7,7 @@
|
||||
Summary: HP Linux Imaging and Printing Project
|
||||
Name: hplip
|
||||
Version: 3.21.2
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
License: GPLv2+ and MIT and BSD and IJG and Public Domain and GPLv2+ with exceptions and ISC
|
||||
|
||||
Url: https://developers.hp.com/hp-linux-imaging-and-printing
|
||||
@ -187,6 +187,10 @@ Patch60: hplip-fab-import.patch
|
||||
# it fails further down - break out earlier with a message
|
||||
# reported upstream as https://bugs.launchpad.net/hplip/+bug/1916114
|
||||
Patch61: hplip-hpsetup-noscanjets.patch
|
||||
# CVE-2026-8632 - Privilege escalation and arbitrary code execution
|
||||
# via operating system command injection in Is_Process_Running()
|
||||
# https://redhat.atlassian.net/browse/RHEL-178365
|
||||
Patch62: hplip-CVE-2026-8632.patch
|
||||
|
||||
%if 0%{?fedora} || 0%{?rhel} <= 8
|
||||
# mention hplip-gui if you want to have GUI
|
||||
@ -478,6 +482,8 @@ done
|
||||
# if an user tries to install scanner via hp-setup (printer/fax utility)
|
||||
# it fails further down - break out earlier with a message
|
||||
%patch61 -p1 -b .hpsetup-noscanjets
|
||||
# CVE-2026-8632 - command injection in Is_Process_Running()
|
||||
%patch -P 62 -p1 -b .CVE-2026-8632
|
||||
|
||||
%if 0%{?fedora} || 0%{?rhel} <= 8
|
||||
# mention hplip-gui should be installed if you want GUI
|
||||
@ -826,6 +832,10 @@ rm -f %{buildroot}%{_sysconfdir}/xdg/autostart/hplip-systray.desktop
|
||||
%config(noreplace) %{_sysconfdir}/sane.d/dll.d/hpaio
|
||||
|
||||
%changelog
|
||||
* Thu Jul 02 2026 Zdenek Dohnal <zdohnal@redhat.com> - 3.21.2-7
|
||||
- CVE-2026-8632 hplip: HPLIP: Privilege escalation and arbitrary code execution
|
||||
via operating system command injection [rhel-9.9]
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.21.2-6
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
Loading…
Reference in New Issue
Block a user