hplip: hplip: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection [rhel-9.9]

Resolves: RHEL-178365
This commit is contained in:
Zdenek Dohnal 2026-07-02 13:34:16 +02:00
parent 60a3b3f26e
commit 574e6df98e
2 changed files with 86 additions and 1 deletions

75
hplip-CVE-2026-8632.patch Normal file
View File

@ -0,0 +1,75 @@
From cc245a1117ae478e916662a7d9bded65b55765b8 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Mon, 25 May 2026 15:27:09 +0200
Subject: [PATCH] 3.26.4
---
base/utils.py | 42 ++++++++++++++++++++----------------------
1 file changed, 20 insertions(+), 22 deletions(-)
diff --git a/base/utils.py b/base/utils.py
index d176c0ddd..780e4766e 100644
--- a/base/utils.py
+++ b/base/utils.py
@@ -2359,11 +2359,10 @@ def check_pkg_mgr( package_mgrs = None):
log.debug("Not found")
return (0, '')
-# checks if given process is running.
-#return value:
-# True or False
-# None - if process is not running
-# grep output - if process is running
+# Check whether any running process command line contains the requested name.
+# Return value:
+# (True, {pid: cmdline, ...}) when one or more matching processes are found
+# (False, {}) when no matching process is found or enumeration fails
def Is_Process_Running(process_name):
if not process_name:
@@ -2371,28 +2370,27 @@ def Is_Process_Running(process_name):
try:
process = {}
- p1 = Popen(["ps", "-w", "-w", "aux"], stdout=PIPE)
- p2 = Popen(["grep", process_name], stdin=p1.stdout, stdout=PIPE)
- p3 = Popen(["grep", "-v", "grep"], stdin=p2.stdout, stdout=PIPE)
- output = p3.communicate()[0]
- log.debug("Is_Process_Running output = %s " %output)
-
- if output:
- for p in output.splitlines():
- cmd = "echo '%s' | awk {'print $2'}" %p
- status,pid = subprocess.getstatusoutput(cmd)
- cmd = "echo '%s' | awk {'print $11,$12'}" %p
- status,cmdline = subprocess.getstatusoutput(cmd)
- if pid :
+ for entry in os.listdir('/proc'):
+ if not entry.isdigit():
+ continue
+ pid = entry
+ try:
+ with open('/proc/%s/cmdline' % pid, 'rb') as f:
+ raw = f.read()
+ cmdline = raw.replace(b'\x00', b' ').decode('utf-8', 'replace').strip()
+ if process_name in cmdline:
process[pid] = cmdline
+ except (IOError, OSError):
+ continue
+ log.debug("Is_Process_Running matches = %s " % process)
+ if process:
return True, process
else:
return False, {}
except Exception as e:
- log.error("Execution failed: process Name[%s]" %process_name)
- print >>sys.stderr, "Execution failed:", e
+ log.error("Execution failed: process Name[%s] - error - %s" % (process_name, str(e)))
return False, {}
--
2.54.0

View File

@ -7,7 +7,7 @@
Summary: HP Linux Imaging and Printing Project
Name: hplip
Version: 3.21.2
Release: 6%{?dist}
Release: 7%{?dist}
License: GPLv2+ and MIT and BSD and IJG and Public Domain and GPLv2+ with exceptions and ISC
Url: https://developers.hp.com/hp-linux-imaging-and-printing
@ -187,6 +187,10 @@ Patch60: hplip-fab-import.patch
# it fails further down - break out earlier with a message
# reported upstream as https://bugs.launchpad.net/hplip/+bug/1916114
Patch61: hplip-hpsetup-noscanjets.patch
# CVE-2026-8632 - Privilege escalation and arbitrary code execution
# via operating system command injection in Is_Process_Running()
# https://redhat.atlassian.net/browse/RHEL-178365
Patch62: hplip-CVE-2026-8632.patch
%if 0%{?fedora} || 0%{?rhel} <= 8
# mention hplip-gui if you want to have GUI
@ -478,6 +482,8 @@ done
# if an user tries to install scanner via hp-setup (printer/fax utility)
# it fails further down - break out earlier with a message
%patch61 -p1 -b .hpsetup-noscanjets
# CVE-2026-8632 - command injection in Is_Process_Running()
%patch -P 62 -p1 -b .CVE-2026-8632
%if 0%{?fedora} || 0%{?rhel} <= 8
# mention hplip-gui should be installed if you want GUI
@ -826,6 +832,10 @@ rm -f %{buildroot}%{_sysconfdir}/xdg/autostart/hplip-systray.desktop
%config(noreplace) %{_sysconfdir}/sane.d/dll.d/hpaio
%changelog
* Thu Jul 02 2026 Zdenek Dohnal <zdohnal@redhat.com> - 3.21.2-7
- CVE-2026-8632 hplip: HPLIP: Privilege escalation and arbitrary code execution
via operating system command injection [rhel-9.9]
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.21.2-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688