Headline
Debian Security Advisory 5516-1
Debian Linux Security Advisory 5516-1 - Multiple security vulnerabilities were discovered in libxpm, the X11 pixmap library, which may result in denial of service or the execution of arbitrary code.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5516-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffOctober 05, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libxpmCVE ID : CVE-2023-43788 CVE-2023-43789Multiple security vulnerabilities were discovered in libxpm, the X11pixmap library, which may result in denial of service or the executionof arbitrary code.For the oldstable distribution (bullseye), these problems have been fixedin version 1:3.5.12-1.1+deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 1:3.5.12-1.1+deb12u1.We recommend that you upgrade your libxpm packages.For the detailed security status of libxpm please refer toits security tracker page at:https://security-tracker.debian.org/tracker/libxpmFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUe/VYACgkQEMKTtsN8TjZ6fw/8DuvSCC62gLDWFxk+u7E0Jw4jJkd+I3LBarfScOGNp5H9DCJhynjmyIYM9LT2MFWja+QOXEbJWva9G+nUSI/E34+1EgAX8oo4jOVuHJzIFApXvEeYKE5zuEKBbIAXJgtgoDn44l8YbC8Np9LhbjlyJdIkLWpkl8kLQ5DXcZXrKensGnnSYjGZqvIPtC4n/gwFfyrBVGd77yd/y6r38aUd5drJyLfiTDmR75fNz1yLjd51anlP1pBdy8fsxgTJW3T2SEh6iHFIu3EvroJTFz9WrOW1z3RyTMhkkIFzAiKW3aCiWqE0AP6okBMMPw/QWCIiQrlLGRtStgfL5N+dTa1XWdDkR9EDjtszigXYnxNkqdHzA+R8NkXZorX4r5R2Thltqd3Et3Jy1DsttU4PfALjcAH2qlGZ9xJBOisREz96XKCSQVMi7gDbZW5l9vMeXQq15sAHH+HquGjONrS10JpgfE0Jvuff0+10vJskZxBPOBNnNlxMz6NWVrZhcTe7hmOJm//Cdxiy582IkIMNn2IY5tRXPoDeYarAtTvcrDDE495XY8jDhZKgNE5PBqBXcpQnrAUl5L4S3PIUJYF+r9Wnyf46OmwMLH3mR5zf7TgpwAlaRLONBPTK72JTLklBbYTz6coBYrEGGGdwVuRlPjU+zifY3fwGTm5zXd6MLCfXx1U=nUCe-----END PGP SIGNATURE-----Related news
Ubuntu Security Notice 6408-2 - USN-6408-1 fixed several vulnerabilities in libXpm. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service.
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system.
Ubuntu Security Notice 6408-1 - Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service. Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could use this issue to cause libXpm to crash, leading to a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 6408-1 - Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service. Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could use this issue to cause libXpm to crash, leading to a denial of service, or possibly execute arbitrary code.