Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0381: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-4883: libXpm: compression commands depend on $PATH
  • CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height
  • CVE-2022-46285: libXpm: Infinite loop on unclosed comments
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

発行日:

2023-01-23

更新日:

2023-01-23

RHSA-2023:0381 - Security Advisory

  • 概要
  • 更新パッケージ

概要

Important: libXpm security update

タイプ/重大度

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

トピック

An update for libXpm is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

説明

X.Org X11 libXpm runtime library.

Security Fix(es):

  • libXpm: compression commands depend on $PATH (CVE-2022-4883)
  • libXpm: Runaway loop on width of 0 and enormous height (CVE-2022-44617)
  • libXpm: Infinite loop on unclosed comments (CVE-2022-46285)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

影響を受ける製品

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

修正

  • BZ - 2160092 - CVE-2022-46285 libXpm: Infinite loop on unclosed comments
  • BZ - 2160193 - CVE-2022-44617 libXpm: Runaway loop on width of 0 and enormous height
  • BZ - 2160213 - CVE-2022-4883 libXpm: compression commands depend on $PATH

CVE

  • CVE-2022-4883
  • CVE-2022-44617
  • CVE-2022-46285

参考資料

  • https://access.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

libXpm-3.5.13-8.el9_0.src.rpm

SHA-256: 4cdda874b963476ee1f74e9a977d3258a7e9e2354f359a6b337f5a6882bb0165

x86_64

libXpm-3.5.13-8.el9_0.i686.rpm

SHA-256: 7f396690156a7371707d3e5820c18a2a0e363ac8772fedab781ff3001bb71043

libXpm-3.5.13-8.el9_0.x86_64.rpm

SHA-256: 2294ea32429a2d285ae9f4b9231b7d46814b713076448db7644501c735e2c6a8

libXpm-debuginfo-3.5.13-8.el9_0.i686.rpm

SHA-256: c82e943c887285c860ae735b36ee30c5cfa80fc5cf2d174efad3c229a124e1b9

libXpm-debuginfo-3.5.13-8.el9_0.x86_64.rpm

SHA-256: 81c73d27f0d14c84a1d730a970a3ea7fe25cde98e1c6787cf64e4bb197298e74

libXpm-debugsource-3.5.13-8.el9_0.i686.rpm

SHA-256: 236c65a02305974d7baa5af72808d2be9eb97fd6b9b3266ffb196d8079f8365f

libXpm-debugsource-3.5.13-8.el9_0.x86_64.rpm

SHA-256: a472cf87af282417f090b228db365ef5cc3f3a4e2cebcaa45cdb23d70335795f

libXpm-devel-3.5.13-8.el9_0.i686.rpm

SHA-256: 77021908997250e4542b58806a1aab78946d74789339111725e9e42034e2627a

libXpm-devel-3.5.13-8.el9_0.x86_64.rpm

SHA-256: 88d63140e151f32f2d2ef06cab6fcab12f2189058e6316c715f684be731d4ed6

libXpm-devel-debuginfo-3.5.13-8.el9_0.i686.rpm

SHA-256: 567adf398eb7ba51c06ef9aee79cd0be6693faad153d97e5c136b77f3662e414

libXpm-devel-debuginfo-3.5.13-8.el9_0.x86_64.rpm

SHA-256: 81a1a2734364dafeb8ec684a465e757e9878bd5321bfeee154e87383fe43196a

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

libXpm-3.5.13-8.el9_0.src.rpm

SHA-256: 4cdda874b963476ee1f74e9a977d3258a7e9e2354f359a6b337f5a6882bb0165

s390x

libXpm-3.5.13-8.el9_0.s390x.rpm

SHA-256: a42c7995c48c5c948d059eaa6b4048d3ac557a725948820692729b2fc302971a

libXpm-debuginfo-3.5.13-8.el9_0.s390x.rpm

SHA-256: 7fe531b135cdea33f2e07b43912b20d26da02e9c4d0426f8461e4e0ce72aa6c9

libXpm-debugsource-3.5.13-8.el9_0.s390x.rpm

SHA-256: 93b7fc9161bdd7f578b57998aac2c7a92c21f30f208d7292df5b92c694eb1963

libXpm-devel-3.5.13-8.el9_0.s390x.rpm

SHA-256: b2bf0de9f37b9ff35fde818cc9180fd46f4ff197e2e2fe6f8644344e93b64304

libXpm-devel-debuginfo-3.5.13-8.el9_0.s390x.rpm

SHA-256: f7230ebc2448245686cd740b84fd1d2836e78c12881c34587eed0bea3e52aecc

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

libXpm-3.5.13-8.el9_0.src.rpm

SHA-256: 4cdda874b963476ee1f74e9a977d3258a7e9e2354f359a6b337f5a6882bb0165

ppc64le

libXpm-3.5.13-8.el9_0.ppc64le.rpm

SHA-256: d9fd4dff9e6af52f1cfeac0d242491d1445b43422dc11a82d7c333d324d2fad2

libXpm-debuginfo-3.5.13-8.el9_0.ppc64le.rpm

SHA-256: ef9d6407741516e31611c5bf2a316de132351bab2a294d812d969fac068aa6f8

libXpm-debugsource-3.5.13-8.el9_0.ppc64le.rpm

SHA-256: b6540e57778e155a2d7903ca835df7ada88d16993fd67bcc60ef686b82bb2df7

libXpm-devel-3.5.13-8.el9_0.ppc64le.rpm

SHA-256: 6f3929a27088316301e1af466e39f8ca6a984c61611e7413286eb60c4148c5a9

libXpm-devel-debuginfo-3.5.13-8.el9_0.ppc64le.rpm

SHA-256: 3fc259f7e4e86f1af0b9c31f8c6914ea523ebcbaf86799b84bb8404031b8f035

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

libXpm-3.5.13-8.el9_0.src.rpm

SHA-256: 4cdda874b963476ee1f74e9a977d3258a7e9e2354f359a6b337f5a6882bb0165

aarch64

libXpm-3.5.13-8.el9_0.aarch64.rpm

SHA-256: a45f80f1dfb2ede10b8f3401917666a477cdf75aa3e2a6c9932ec48352d4b70a

libXpm-debuginfo-3.5.13-8.el9_0.aarch64.rpm

SHA-256: 73de21b78d93cde18116ceeea1b3aefe4a57772eb7095712459f121b51dbd4e8

libXpm-debugsource-3.5.13-8.el9_0.aarch64.rpm

SHA-256: 7672c722f99298f827ef0f85bcafe5181622f4b8ab6b62a6efb9ff95704bd81d

libXpm-devel-3.5.13-8.el9_0.aarch64.rpm

SHA-256: e60a919890cec21d9fcbed1ab2aebcb902c371de1c0957ddf7bbe220e01e06c4

libXpm-devel-debuginfo-3.5.13-8.el9_0.aarch64.rpm

SHA-256: ff02877933f3bdce9235247e0cf031501469c4daa047399fc3876bd078fbea57

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

libXpm-3.5.13-8.el9_0.src.rpm

SHA-256: 4cdda874b963476ee1f74e9a977d3258a7e9e2354f359a6b337f5a6882bb0165

ppc64le

libXpm-3.5.13-8.el9_0.ppc64le.rpm

SHA-256: d9fd4dff9e6af52f1cfeac0d242491d1445b43422dc11a82d7c333d324d2fad2

libXpm-debuginfo-3.5.13-8.el9_0.ppc64le.rpm

SHA-256: ef9d6407741516e31611c5bf2a316de132351bab2a294d812d969fac068aa6f8

libXpm-debugsource-3.5.13-8.el9_0.ppc64le.rpm

SHA-256: b6540e57778e155a2d7903ca835df7ada88d16993fd67bcc60ef686b82bb2df7

libXpm-devel-3.5.13-8.el9_0.ppc64le.rpm

SHA-256: 6f3929a27088316301e1af466e39f8ca6a984c61611e7413286eb60c4148c5a9

libXpm-devel-debuginfo-3.5.13-8.el9_0.ppc64le.rpm

SHA-256: 3fc259f7e4e86f1af0b9c31f8c6914ea523ebcbaf86799b84bb8404031b8f035

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

libXpm-3.5.13-8.el9_0.src.rpm

SHA-256: 4cdda874b963476ee1f74e9a977d3258a7e9e2354f359a6b337f5a6882bb0165

x86_64

libXpm-3.5.13-8.el9_0.i686.rpm

SHA-256: 7f396690156a7371707d3e5820c18a2a0e363ac8772fedab781ff3001bb71043

libXpm-3.5.13-8.el9_0.x86_64.rpm

SHA-256: 2294ea32429a2d285ae9f4b9231b7d46814b713076448db7644501c735e2c6a8

libXpm-debuginfo-3.5.13-8.el9_0.i686.rpm

SHA-256: c82e943c887285c860ae735b36ee30c5cfa80fc5cf2d174efad3c229a124e1b9

libXpm-debuginfo-3.5.13-8.el9_0.x86_64.rpm

SHA-256: 81c73d27f0d14c84a1d730a970a3ea7fe25cde98e1c6787cf64e4bb197298e74

libXpm-debugsource-3.5.13-8.el9_0.i686.rpm

SHA-256: 236c65a02305974d7baa5af72808d2be9eb97fd6b9b3266ffb196d8079f8365f

libXpm-debugsource-3.5.13-8.el9_0.x86_64.rpm

SHA-256: a472cf87af282417f090b228db365ef5cc3f3a4e2cebcaa45cdb23d70335795f

libXpm-devel-3.5.13-8.el9_0.i686.rpm

SHA-256: 77021908997250e4542b58806a1aab78946d74789339111725e9e42034e2627a

libXpm-devel-3.5.13-8.el9_0.x86_64.rpm

SHA-256: 88d63140e151f32f2d2ef06cab6fcab12f2189058e6316c715f684be731d4ed6

libXpm-devel-debuginfo-3.5.13-8.el9_0.i686.rpm

SHA-256: 567adf398eb7ba51c06ef9aee79cd0be6693faad153d97e5c136b77f3662e414

libXpm-devel-debuginfo-3.5.13-8.el9_0.x86_64.rpm

SHA-256: 81a1a2734364dafeb8ec684a465e757e9878bd5321bfeee154e87383fe43196a

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

libXpm-3.5.13-8.el9_0.src.rpm

SHA-256: 4cdda874b963476ee1f74e9a977d3258a7e9e2354f359a6b337f5a6882bb0165

aarch64

libXpm-3.5.13-8.el9_0.aarch64.rpm

SHA-256: a45f80f1dfb2ede10b8f3401917666a477cdf75aa3e2a6c9932ec48352d4b70a

libXpm-debuginfo-3.5.13-8.el9_0.aarch64.rpm

SHA-256: 73de21b78d93cde18116ceeea1b3aefe4a57772eb7095712459f121b51dbd4e8

libXpm-debugsource-3.5.13-8.el9_0.aarch64.rpm

SHA-256: 7672c722f99298f827ef0f85bcafe5181622f4b8ab6b62a6efb9ff95704bd81d

libXpm-devel-3.5.13-8.el9_0.aarch64.rpm

SHA-256: e60a919890cec21d9fcbed1ab2aebcb902c371de1c0957ddf7bbe220e01e06c4

libXpm-devel-debuginfo-3.5.13-8.el9_0.aarch64.rpm

SHA-256: ff02877933f3bdce9235247e0cf031501469c4daa047399fc3876bd078fbea57

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

libXpm-3.5.13-8.el9_0.src.rpm

SHA-256: 4cdda874b963476ee1f74e9a977d3258a7e9e2354f359a6b337f5a6882bb0165

s390x

libXpm-3.5.13-8.el9_0.s390x.rpm

SHA-256: a42c7995c48c5c948d059eaa6b4048d3ac557a725948820692729b2fc302971a

libXpm-debuginfo-3.5.13-8.el9_0.s390x.rpm

SHA-256: 7fe531b135cdea33f2e07b43912b20d26da02e9c4d0426f8461e4e0ce72aa6c9

libXpm-debugsource-3.5.13-8.el9_0.s390x.rpm

SHA-256: 93b7fc9161bdd7f578b57998aac2c7a92c21f30f208d7292df5b92c694eb1963

libXpm-devel-3.5.13-8.el9_0.s390x.rpm

SHA-256: b2bf0de9f37b9ff35fde818cc9180fd46f4ff197e2e2fe6f8644344e93b64304

libXpm-devel-debuginfo-3.5.13-8.el9_0.s390x.rpm

SHA-256: f7230ebc2448245686cd740b84fd1d2836e78c12881c34587eed0bea3e52aecc

Red Hat のセキュリティーに関する連絡先は [email protected] です。 連絡先の詳細は https://access.redhat.com/security/team/contact/ をご覧ください。

Related news

CVE-2022-47583: ""?! ANSI Terminal security in 2023 and finding 10 CVEs

Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.

Ubuntu Security Notice USN-5807-3

Ubuntu Security Notice 5807-3 - USN-5807-1 fixed a vulnerability in libXpm. This update provides the corresponding update for Ubuntu 14.04 ESM. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-1174-01

Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:1174: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...

Ubuntu Security Notice USN-5807-2

Ubuntu Security Notice 5807-2 - USN-5807-1 fixed vulnerabilities in libXpm. This update provides the corresponding updates for Ubuntu 16.04 ESM. Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.

Red Hat Security Advisory 2023-0632-01

Red Hat Security Advisory 2023-0632-01 - Logging Subsystem 5.4.11 - Red Hat OpenShift.

RHSA-2023:0632: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

An update is now available for the Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30123: A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal. * CVE-2022-41717: A flaw was f...

Red Hat Security Advisory 2023-0634-01

Red Hat Security Advisory 2023-0634-01 - Logging Subsystem 5.6.1 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0693-01

Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:0634: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

Logging Subsystem 5.6.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2022-46175: A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned f...

RHSA-2023:0693: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method. * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw a...

CVE-2022-46285: Invalid Bug ID

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.

CVE-2022-4883: Invalid Bug ID

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

CVE-2022-44617: Invalid Bug ID

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.

RHSA-2023:0382: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0382: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0382: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0378: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0378: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0378: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0377: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH

RHSA-2023:0383: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0380: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0384: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

CVE-2023-24040: vulns/HNS-2022-01-dtprintinfo.txt at main · hnsecurity/vulns

** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Solaris 10 dtprintinfo / libXm / libXpm Security Issues

Multiple vulnerabilities have been discovered across Common Desktop Environment version 1.6, Motif version 2.1, and X.Org libXpm versions prior to 3.5.15 on Oracle Solaris 10 that can be chained together to achieve root.

Ubuntu Security Notice USN-5807-1

Ubuntu Security Notice 5807-1 - Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.

Ubuntu Security Notice USN-5807-1

Ubuntu Security Notice 5807-1 - Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.

Ubuntu Security Notice USN-5807-1

Ubuntu Security Notice 5807-1 - Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.