diff --git a/hplip-CVE-2026-8632.patch b/hplip-CVE-2026-8632.patch new file mode 100644 index 0000000..67f2a87 --- /dev/null +++ b/hplip-CVE-2026-8632.patch @@ -0,0 +1,75 @@ +From cc245a1117ae478e916662a7d9bded65b55765b8 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Mon, 25 May 2026 15:27:09 +0200 +Subject: [PATCH] 3.26.4 + +--- + base/utils.py | 42 ++++++++++++++++++++---------------------- + 1 file changed, 20 insertions(+), 22 deletions(-) + +diff --git a/base/utils.py b/base/utils.py +index d176c0ddd..780e4766e 100644 +--- a/base/utils.py ++++ b/base/utils.py +@@ -2359,11 +2359,10 @@ def check_pkg_mgr( package_mgrs = None): + log.debug("Not found") + return (0, '') + +-# checks if given process is running. +-#return value: +-# True or False +-# None - if process is not running +-# grep output - if process is running ++# Check whether any running process command line contains the requested name. ++# Return value: ++# (True, {pid: cmdline, ...}) when one or more matching processes are found ++# (False, {}) when no matching process is found or enumeration fails + + def Is_Process_Running(process_name): + if not process_name: +@@ -2371,28 +2370,27 @@ def Is_Process_Running(process_name): + + try: + process = {} +- p1 = Popen(["ps", "-w", "-w", "aux"], stdout=PIPE) +- p2 = Popen(["grep", process_name], stdin=p1.stdout, stdout=PIPE) +- p3 = Popen(["grep", "-v", "grep"], stdin=p2.stdout, stdout=PIPE) +- output = p3.communicate()[0] +- log.debug("Is_Process_Running output = %s " %output) +- +- if output: +- for p in output.splitlines(): +- cmd = "echo '%s' | awk {'print $2'}" %p +- status,pid = subprocess.getstatusoutput(cmd) +- cmd = "echo '%s' | awk {'print $11,$12'}" %p +- status,cmdline = subprocess.getstatusoutput(cmd) +- if pid : ++ for entry in os.listdir('/proc'): ++ if not entry.isdigit(): ++ continue ++ pid = entry ++ try: ++ with open('/proc/%s/cmdline' % pid, 'rb') as f: ++ raw = f.read() ++ cmdline = raw.replace(b'\x00', b' ').decode('utf-8', 'replace').strip() ++ if process_name in cmdline: + process[pid] = cmdline ++ except (IOError, OSError): ++ continue + ++ log.debug("Is_Process_Running matches = %s " % process) ++ if process: + return True, process + else: + return False, {} + + except Exception as e: +- log.error("Execution failed: process Name[%s]" %process_name) +- print >>sys.stderr, "Execution failed:", e ++ log.error("Execution failed: process Name[%s] - error - %s" % (process_name, str(e))) + return False, {} + + +-- +2.54.0 + diff --git a/hplip.spec b/hplip.spec index f1ecedf..3d7000d 100644 --- a/hplip.spec +++ b/hplip.spec @@ -7,7 +7,7 @@ Summary: HP Linux Imaging and Printing Project Name: hplip Version: 3.21.2 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2+ and MIT and BSD and IJG and Public Domain and GPLv2+ with exceptions and ISC Url: https://developers.hp.com/hp-linux-imaging-and-printing @@ -187,6 +187,10 @@ Patch60: hplip-fab-import.patch # it fails further down - break out earlier with a message # reported upstream as https://bugs.launchpad.net/hplip/+bug/1916114 Patch61: hplip-hpsetup-noscanjets.patch +# CVE-2026-8632 - Privilege escalation and arbitrary code execution +# via operating system command injection in Is_Process_Running() +# https://redhat.atlassian.net/browse/RHEL-178365 +Patch62: hplip-CVE-2026-8632.patch %if 0%{?fedora} || 0%{?rhel} <= 8 # mention hplip-gui if you want to have GUI @@ -478,6 +482,8 @@ done # if an user tries to install scanner via hp-setup (printer/fax utility) # it fails further down - break out earlier with a message %patch61 -p1 -b .hpsetup-noscanjets +# CVE-2026-8632 - command injection in Is_Process_Running() +%patch -P 62 -p1 -b .CVE-2026-8632 %if 0%{?fedora} || 0%{?rhel} <= 8 # mention hplip-gui should be installed if you want GUI @@ -826,6 +832,10 @@ rm -f %{buildroot}%{_sysconfdir}/xdg/autostart/hplip-systray.desktop %config(noreplace) %{_sysconfdir}/sane.d/dll.d/hpaio %changelog +* Thu Jul 02 2026 Zdenek Dohnal - 3.21.2-7 +- CVE-2026-8632 hplip: HPLIP: Privilege escalation and arbitrary code execution + via operating system command injection [rhel-9.9] + * Mon Aug 09 2021 Mohan Boddu - 3.21.2-6 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688