Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0384: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-4883: libXpm: compression commands depend on $PATH
  • CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height
  • CVE-2022-46285: libXpm: Infinite loop on unclosed comments
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-23

Updated:

2023-01-23

RHSA-2023:0384 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: libXpm security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libXpm is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

X.Org X11 libXpm runtime library.

Security Fix(es):

  • libXpm: compression commands depend on $PATH (CVE-2022-4883)
  • libXpm: Runaway loop on width of 0 and enormous height (CVE-2022-44617)
  • libXpm: Infinite loop on unclosed comments (CVE-2022-46285)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 2160092 - CVE-2022-46285 libXpm: Infinite loop on unclosed comments
  • BZ - 2160193 - CVE-2022-44617 libXpm: Runaway loop on width of 0 and enormous height
  • BZ - 2160213 - CVE-2022-4883 libXpm: compression commands depend on $PATH

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM

libXpm-3.5.12-9.el8_1.src.rpm

SHA-256: e8c24fe496ffe9cb8e2b8f3bff8020746b7572351d2e878c33817477905542eb

ppc64le

libXpm-3.5.12-9.el8_1.ppc64le.rpm

SHA-256: 36149376ebd0f7fdf10160698790c60f2148d66ac3d229cac1dd3a6b04c68b1c

libXpm-debuginfo-3.5.12-9.el8_1.ppc64le.rpm

SHA-256: 9f45b300d3c38e13427066b412358985a2a3bc5d293bbc7149991af63ac28f1b

libXpm-debugsource-3.5.12-9.el8_1.ppc64le.rpm

SHA-256: 89dc5fc13b4bb7c785017507b2200b63d64e228d8a02b35a1d22e2f97bc8be70

libXpm-devel-3.5.12-9.el8_1.ppc64le.rpm

SHA-256: 755ed8298f00c9b90ebd48531cd6fece40b11156a3b306a227c76720ea451126

libXpm-devel-debuginfo-3.5.12-9.el8_1.ppc64le.rpm

SHA-256: a431b9e9631ad6991257a0bdb4abe08c0d20a1e6ba5f514412b6edcb9c5750ab

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM

libXpm-3.5.12-9.el8_1.src.rpm

SHA-256: e8c24fe496ffe9cb8e2b8f3bff8020746b7572351d2e878c33817477905542eb

x86_64

libXpm-3.5.12-9.el8_1.i686.rpm

SHA-256: e8eccfa95c3927b275e84104b7799158a55758f718ce2b1854e51cff95daea33

libXpm-3.5.12-9.el8_1.x86_64.rpm

SHA-256: 69a772a7b315da377d21ce4358f972c6a79f0f623140018376a6268862fd7119

libXpm-debuginfo-3.5.12-9.el8_1.i686.rpm

SHA-256: 2c632bed0155d08f8246738b320a689459c8661b54d1013219ca52cb232c3247

libXpm-debuginfo-3.5.12-9.el8_1.x86_64.rpm

SHA-256: 8663f1572e739804b6086d5ce5a97c4dc0259079034384d852a335d6360e5c61

libXpm-debugsource-3.5.12-9.el8_1.i686.rpm

SHA-256: c519cbcf9c5d6b62e18a5553815bae14a1a1c5234dc1f8a053d17e6af3c2c692

libXpm-debugsource-3.5.12-9.el8_1.x86_64.rpm

SHA-256: e9af891b3dbb1797d023cfa4e9b1c28585b8accff0403e53c0a9bd105008c1cf

libXpm-devel-3.5.12-9.el8_1.i686.rpm

SHA-256: e3a383841cf6a68a235db12811b8c9655b0f38a09d23e7052af7cf601f16c729

libXpm-devel-3.5.12-9.el8_1.x86_64.rpm

SHA-256: e880e19d34a91ef4847025f9740a26926ca371ade6de170bfaaca3c3a5c71d0f

libXpm-devel-debuginfo-3.5.12-9.el8_1.i686.rpm

SHA-256: 51908ca6f06b4dd9ab03f7dfdaad0d6b1c44173f21f377e2c61dc048005bfa97

libXpm-devel-debuginfo-3.5.12-9.el8_1.x86_64.rpm

SHA-256: 563fbd967c34f5825678c3fa671661e0bf31c638a4164c05406f11a6d05e68b7

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2022-47583: ""?! ANSI Terminal security in 2023 and finding 10 CVEs

Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

RHSA-2023:1174: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...

Ubuntu Security Notice USN-5807-2

Ubuntu Security Notice 5807-2 - USN-5807-1 fixed vulnerabilities in libXpm. This update provides the corresponding updates for Ubuntu 16.04 ESM. Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.

RHSA-2023:0794: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.4 bug fixes and security updates

Red Hat Advanced Cluster Management for Kubernetes 2.6.4 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload i...

Red Hat Security Advisory 2023-0632-01

Red Hat Security Advisory 2023-0632-01 - Logging Subsystem 5.4.11 - Red Hat OpenShift.

RHSA-2023:0632: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

An update is now available for the Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30123: A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal. * CVE-2022-41717: A flaw was f...

Red Hat Security Advisory 2023-0634-01

Red Hat Security Advisory 2023-0634-01 - Logging Subsystem 5.6.1 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0693-01

Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:0634: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

Logging Subsystem 5.6.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2022-46175: A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned f...

RHSA-2023:0693: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method. * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw a...

CVE-2022-46285: Invalid Bug ID

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.

CVE-2022-4883: Invalid Bug ID

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

CVE-2022-44617: Invalid Bug ID

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.

RHSA-2023:0382: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0382: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0382: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0378: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0378: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0378: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0381: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0377: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH

RHSA-2023:0381: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0381: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0379: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0379: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0379: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0380: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0380: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0380: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

CVE-2023-24040: vulns/HNS-2022-01-dtprintinfo.txt at main · hnsecurity/vulns

** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Solaris 10 dtprintinfo / libXm / libXpm Security Issues

Multiple vulnerabilities have been discovered across Common Desktop Environment version 1.6, Motif version 2.1, and X.Org libXpm versions prior to 3.5.15 on Oracle Solaris 10 that can be chained together to achieve root.

Ubuntu Security Notice USN-5807-1

Ubuntu Security Notice 5807-1 - Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.

Ubuntu Security Notice USN-5807-1

Ubuntu Security Notice 5807-1 - Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.

Ubuntu Security Notice USN-5807-1

Ubuntu Security Notice 5807-1 - Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.