Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0382: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-4883: libXpm: compression commands depend on $PATH
  • CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height
  • CVE-2022-46285: libXpm: Infinite loop on unclosed comments
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-23

Updated:

2023-01-23

RHSA-2023:0382 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: libXpm security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libXpm is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

X.Org X11 libXpm runtime library.

Security Fix(es):

  • libXpm: compression commands depend on $PATH (CVE-2022-4883)
  • libXpm: Runaway loop on width of 0 and enormous height (CVE-2022-44617)
  • libXpm: Infinite loop on unclosed comments (CVE-2022-46285)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2160092 - CVE-2022-46285 libXpm: Infinite loop on unclosed comments
  • BZ - 2160193 - CVE-2022-44617 libXpm: Runaway loop on width of 0 and enormous height
  • BZ - 2160213 - CVE-2022-4883 libXpm: compression commands depend on $PATH

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM

libXpm-3.5.12-9.el8_4.src.rpm

SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823

x86_64

libXpm-3.5.12-9.el8_4.i686.rpm

SHA-256: 62aa315d401c6cdc5b446b66ee6334c3261889498d4db61fe1b21f2f3f951863

libXpm-3.5.12-9.el8_4.x86_64.rpm

SHA-256: fe814ffaf50fc211eee300cd8eb73415b4fdea85d1ba53397d723bb65b24a99d

libXpm-debuginfo-3.5.12-9.el8_4.i686.rpm

SHA-256: bcac6ccaf08253ca0bb8cd0cfa45fd30bf9e7f564407fcdc3d9c301659ababbb

libXpm-debuginfo-3.5.12-9.el8_4.x86_64.rpm

SHA-256: fc10da935f50426490b00077517d3a81428f53e26262cbcf7c943ca5c7fee195

libXpm-debugsource-3.5.12-9.el8_4.i686.rpm

SHA-256: 7fc79f48b23a949efc5bef854edb2a73e627322978d76a2017d1a0162becbf9e

libXpm-debugsource-3.5.12-9.el8_4.x86_64.rpm

SHA-256: 3c243dec071d0eb831a2a141cc48fae9ef7d03f4ba255871c907fe7909e52db1

libXpm-devel-3.5.12-9.el8_4.i686.rpm

SHA-256: 9f67648166df8245f8495e360e669002cde58442be0de4a55fd7b21bd511d02b

libXpm-devel-3.5.12-9.el8_4.x86_64.rpm

SHA-256: a567c7fecce5d66815f3c9f5a0215857f7847a7b25993c2cefb2ae438a20b078

libXpm-devel-debuginfo-3.5.12-9.el8_4.i686.rpm

SHA-256: 8a4d102e684708ad9f9eaca505e26b6f74804aa8471834a638643ef50130284f

libXpm-devel-debuginfo-3.5.12-9.el8_4.x86_64.rpm

SHA-256: 1119e6262b3a31a368a31ae2ad0071095977daec45594e9cdec7966899d96a1e

Red Hat Enterprise Linux Server - AUS 8.4

SRPM

libXpm-3.5.12-9.el8_4.src.rpm

SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823

x86_64

libXpm-3.5.12-9.el8_4.i686.rpm

SHA-256: 62aa315d401c6cdc5b446b66ee6334c3261889498d4db61fe1b21f2f3f951863

libXpm-3.5.12-9.el8_4.x86_64.rpm

SHA-256: fe814ffaf50fc211eee300cd8eb73415b4fdea85d1ba53397d723bb65b24a99d

libXpm-debuginfo-3.5.12-9.el8_4.i686.rpm

SHA-256: bcac6ccaf08253ca0bb8cd0cfa45fd30bf9e7f564407fcdc3d9c301659ababbb

libXpm-debuginfo-3.5.12-9.el8_4.x86_64.rpm

SHA-256: fc10da935f50426490b00077517d3a81428f53e26262cbcf7c943ca5c7fee195

libXpm-debugsource-3.5.12-9.el8_4.i686.rpm

SHA-256: 7fc79f48b23a949efc5bef854edb2a73e627322978d76a2017d1a0162becbf9e

libXpm-debugsource-3.5.12-9.el8_4.x86_64.rpm

SHA-256: 3c243dec071d0eb831a2a141cc48fae9ef7d03f4ba255871c907fe7909e52db1

libXpm-devel-3.5.12-9.el8_4.i686.rpm

SHA-256: 9f67648166df8245f8495e360e669002cde58442be0de4a55fd7b21bd511d02b

libXpm-devel-3.5.12-9.el8_4.x86_64.rpm

SHA-256: a567c7fecce5d66815f3c9f5a0215857f7847a7b25993c2cefb2ae438a20b078

libXpm-devel-debuginfo-3.5.12-9.el8_4.i686.rpm

SHA-256: 8a4d102e684708ad9f9eaca505e26b6f74804aa8471834a638643ef50130284f

libXpm-devel-debuginfo-3.5.12-9.el8_4.x86_64.rpm

SHA-256: 1119e6262b3a31a368a31ae2ad0071095977daec45594e9cdec7966899d96a1e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM

libXpm-3.5.12-9.el8_4.src.rpm

SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823

s390x

libXpm-3.5.12-9.el8_4.s390x.rpm

SHA-256: 10249778e19f07d67012cb56364391697ea80e67ec34093bc8453cb8978767f8

libXpm-debuginfo-3.5.12-9.el8_4.s390x.rpm

SHA-256: 8c77eaac6fa8fd5727dbd79374db13509f6bd0bce640ac6b462768fafbb47208

libXpm-debugsource-3.5.12-9.el8_4.s390x.rpm

SHA-256: 62cde742a79dec0f68a7a9a0f17e0e58fd089c6966d506381dcebc21de4ec39a

libXpm-devel-3.5.12-9.el8_4.s390x.rpm

SHA-256: 53b1fb24be736e006aa54973e2b6730b1aec9ad47d54ed0fdd72c849ec989efa

libXpm-devel-debuginfo-3.5.12-9.el8_4.s390x.rpm

SHA-256: d802ce4f74b9b709135a7d26be2140080004a5369537c39edb55080481532703

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM

libXpm-3.5.12-9.el8_4.src.rpm

SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823

ppc64le

libXpm-3.5.12-9.el8_4.ppc64le.rpm

SHA-256: 2a2c1b3bda15a506a8d2b475294497ba3a50681f110b3ef64ae456e8252c6f89

libXpm-debuginfo-3.5.12-9.el8_4.ppc64le.rpm

SHA-256: b8d5abfbd74c84a37145715ec74104f5e014221c79b836d96110509e29b36c86

libXpm-debugsource-3.5.12-9.el8_4.ppc64le.rpm

SHA-256: 1d126098d8281cc8f0db67002259a5675ab8b670dd1b1310d8b7add02031bce8

libXpm-devel-3.5.12-9.el8_4.ppc64le.rpm

SHA-256: 4fc3bcb164c92239f2212e33f391955ee075eebd9f905a0def89b654eba8e1ee

libXpm-devel-debuginfo-3.5.12-9.el8_4.ppc64le.rpm

SHA-256: fb56b9c618d0ff37e8490c86de749d489205f2077adda74941343c70f80d932e

Red Hat Enterprise Linux Server - TUS 8.4

SRPM

libXpm-3.5.12-9.el8_4.src.rpm

SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823

x86_64

libXpm-3.5.12-9.el8_4.i686.rpm

SHA-256: 62aa315d401c6cdc5b446b66ee6334c3261889498d4db61fe1b21f2f3f951863

libXpm-3.5.12-9.el8_4.x86_64.rpm

SHA-256: fe814ffaf50fc211eee300cd8eb73415b4fdea85d1ba53397d723bb65b24a99d

libXpm-debuginfo-3.5.12-9.el8_4.i686.rpm

SHA-256: bcac6ccaf08253ca0bb8cd0cfa45fd30bf9e7f564407fcdc3d9c301659ababbb

libXpm-debuginfo-3.5.12-9.el8_4.x86_64.rpm

SHA-256: fc10da935f50426490b00077517d3a81428f53e26262cbcf7c943ca5c7fee195

libXpm-debugsource-3.5.12-9.el8_4.i686.rpm

SHA-256: 7fc79f48b23a949efc5bef854edb2a73e627322978d76a2017d1a0162becbf9e

libXpm-debugsource-3.5.12-9.el8_4.x86_64.rpm

SHA-256: 3c243dec071d0eb831a2a141cc48fae9ef7d03f4ba255871c907fe7909e52db1

libXpm-devel-3.5.12-9.el8_4.i686.rpm

SHA-256: 9f67648166df8245f8495e360e669002cde58442be0de4a55fd7b21bd511d02b

libXpm-devel-3.5.12-9.el8_4.x86_64.rpm

SHA-256: a567c7fecce5d66815f3c9f5a0215857f7847a7b25993c2cefb2ae438a20b078

libXpm-devel-debuginfo-3.5.12-9.el8_4.i686.rpm

SHA-256: 8a4d102e684708ad9f9eaca505e26b6f74804aa8471834a638643ef50130284f

libXpm-devel-debuginfo-3.5.12-9.el8_4.x86_64.rpm

SHA-256: 1119e6262b3a31a368a31ae2ad0071095977daec45594e9cdec7966899d96a1e

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM

libXpm-3.5.12-9.el8_4.src.rpm

SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823

aarch64

libXpm-3.5.12-9.el8_4.aarch64.rpm

SHA-256: 8479b68b5bf4955c53c9b8c5e9498205882b56f20305b62d4664304a2263b0e9

libXpm-debuginfo-3.5.12-9.el8_4.aarch64.rpm

SHA-256: c4cc970e1032d5b0ab9cc9afccd54bdea2a04afa0b39ecf853290ca685510199

libXpm-debugsource-3.5.12-9.el8_4.aarch64.rpm

SHA-256: e6e5569669b2a0fabefc200f14bad6dac911aaed0f87849833d836c12b886f1f

libXpm-devel-3.5.12-9.el8_4.aarch64.rpm

SHA-256: 3a5de95ca7b3e4590f350c24fec0652a5b50702624a7dc650c8667103d2ffd92

libXpm-devel-debuginfo-3.5.12-9.el8_4.aarch64.rpm

SHA-256: 987ea8c7a6209253545376b108b50d98e6551a452a73896e5df94770f4cf1736

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM

libXpm-3.5.12-9.el8_4.src.rpm

SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823

ppc64le

libXpm-3.5.12-9.el8_4.ppc64le.rpm

SHA-256: 2a2c1b3bda15a506a8d2b475294497ba3a50681f110b3ef64ae456e8252c6f89

libXpm-debuginfo-3.5.12-9.el8_4.ppc64le.rpm

SHA-256: b8d5abfbd74c84a37145715ec74104f5e014221c79b836d96110509e29b36c86

libXpm-debugsource-3.5.12-9.el8_4.ppc64le.rpm

SHA-256: 1d126098d8281cc8f0db67002259a5675ab8b670dd1b1310d8b7add02031bce8

libXpm-devel-3.5.12-9.el8_4.ppc64le.rpm

SHA-256: 4fc3bcb164c92239f2212e33f391955ee075eebd9f905a0def89b654eba8e1ee

libXpm-devel-debuginfo-3.5.12-9.el8_4.ppc64le.rpm

SHA-256: fb56b9c618d0ff37e8490c86de749d489205f2077adda74941343c70f80d932e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM

libXpm-3.5.12-9.el8_4.src.rpm

SHA-256: 387556dedf1a74b0d4d8411a968627aa3b621c28c1a1113b4b2d2abe6fb84823

x86_64

libXpm-3.5.12-9.el8_4.i686.rpm

SHA-256: 62aa315d401c6cdc5b446b66ee6334c3261889498d4db61fe1b21f2f3f951863

libXpm-3.5.12-9.el8_4.x86_64.rpm

SHA-256: fe814ffaf50fc211eee300cd8eb73415b4fdea85d1ba53397d723bb65b24a99d

libXpm-debuginfo-3.5.12-9.el8_4.i686.rpm

SHA-256: bcac6ccaf08253ca0bb8cd0cfa45fd30bf9e7f564407fcdc3d9c301659ababbb

libXpm-debuginfo-3.5.12-9.el8_4.x86_64.rpm

SHA-256: fc10da935f50426490b00077517d3a81428f53e26262cbcf7c943ca5c7fee195

libXpm-debugsource-3.5.12-9.el8_4.i686.rpm

SHA-256: 7fc79f48b23a949efc5bef854edb2a73e627322978d76a2017d1a0162becbf9e

libXpm-debugsource-3.5.12-9.el8_4.x86_64.rpm

SHA-256: 3c243dec071d0eb831a2a141cc48fae9ef7d03f4ba255871c907fe7909e52db1

libXpm-devel-3.5.12-9.el8_4.i686.rpm

SHA-256: 9f67648166df8245f8495e360e669002cde58442be0de4a55fd7b21bd511d02b

libXpm-devel-3.5.12-9.el8_4.x86_64.rpm

SHA-256: a567c7fecce5d66815f3c9f5a0215857f7847a7b25993c2cefb2ae438a20b078

libXpm-devel-debuginfo-3.5.12-9.el8_4.i686.rpm

SHA-256: 8a4d102e684708ad9f9eaca505e26b6f74804aa8471834a638643ef50130284f

libXpm-devel-debuginfo-3.5.12-9.el8_4.x86_64.rpm

SHA-256: 1119e6262b3a31a368a31ae2ad0071095977daec45594e9cdec7966899d96a1e

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2022-47583: ""?! ANSI Terminal security in 2023 and finding 10 CVEs

Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.

Ubuntu Security Notice USN-5807-3

Ubuntu Security Notice 5807-3 - USN-5807-1 fixed a vulnerability in libXpm. This update provides the corresponding update for Ubuntu 14.04 ESM. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

RHSA-2023:1174: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...

Ubuntu Security Notice USN-5807-2

Ubuntu Security Notice 5807-2 - USN-5807-1 fixed vulnerabilities in libXpm. This update provides the corresponding updates for Ubuntu 16.04 ESM. Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.

Red Hat Security Advisory 2023-0794-01

Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:0794: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.4 bug fixes and security updates

Red Hat Advanced Cluster Management for Kubernetes 2.6.4 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload i...

Red Hat Security Advisory 2023-0632-01

Red Hat Security Advisory 2023-0632-01 - Logging Subsystem 5.4.11 - Red Hat OpenShift.

RHSA-2023:0632: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

An update is now available for the Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30123: A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal. * CVE-2022-41717: A flaw was f...

Red Hat Security Advisory 2023-0634-01

Red Hat Security Advisory 2023-0634-01 - Logging Subsystem 5.6.1 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0693-01

Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:0634: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

Logging Subsystem 5.6.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2022-46175: A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned f...

RHSA-2023:0693: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method. * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw a...

CVE-2022-46285: Invalid Bug ID

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.

CVE-2022-4883: Invalid Bug ID

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.

CVE-2022-44617: Invalid Bug ID

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.

RHSA-2023:0378: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0381: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0377: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH

RHSA-2023:0379: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0380: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0383: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

RHSA-2023:0384: Red Hat Security Advisory: libXpm security update

An update for libXpm is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4883: libXpm: compression commands depend on $PATH * CVE-2022-44617: libXpm: Runaway loop on width of 0 and enormous height * CVE-2022-46285: libXpm: Infinite loop on unclosed comments

CVE-2023-24040: vulns/HNS-2022-01-dtprintinfo.txt at main · hnsecurity/vulns

** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Solaris 10 dtprintinfo / libXm / libXpm Security Issues

Multiple vulnerabilities have been discovered across Common Desktop Environment version 1.6, Motif version 2.1, and X.Org libXpm versions prior to 3.5.15 on Oracle Solaris 10 that can be chained together to achieve root.

Ubuntu Security Notice USN-5807-1

Ubuntu Security Notice 5807-1 - Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.

Ubuntu Security Notice USN-5807-1

Ubuntu Security Notice 5807-1 - Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.

Ubuntu Security Notice USN-5807-1

Ubuntu Security Notice 5807-1 - Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.