libXpm-3.5.12-9.el8

エラータID: AXSA:2023-4843:01

Release date: 
Tuesday, January 24, 2023 - 00:59
Subject: 
libXpm-3.5.12-9.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

X.Org X11 libXpm runtime library.

Security Fix(es):

* libXpm: compression commands depend on $PATH (CVE-2022-4883)
* libXpm: Runaway loop on width of 0 and enormous height (CVE-2022-44617)
* libXpm: Infinite loop on unclosed comments (CVE-2022-46285)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-44617
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-46285
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-4883
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2022-44617
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-46285
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-4883
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. libXpm-3.5.12-9.el8.src.rpm
    MD5: d99697fd739a0cd87820a1e82aeb3fe1
    SHA-256: 3f22b6db573e3d311464600f709c1d0ac53db13315f9b1aefd7263f7248d76bf
    Size: 439.74 kB

Asianux Server 8 for x86_64
  1. libXpm-3.5.12-9.el8.x86_64.rpm
    MD5: 83b09d9a667ffd0a644f18db4580dc8d
    SHA-256: 0cfff2a1d351e369ff7f8247de3fc781283281dfb452a7a281ea7e1e5f084b36
    Size: 57.16 kB
  2. libXpm-devel-3.5.12-9.el8.x86_64.rpm
    MD5: 10423c58f75c658fb2968705dd61864a
    SHA-256: ed05108fc54ecc072bfaa1473a26986a0e7975a2d5d53ccc87db566d54bf012b
    Size: 38.26 kB
  3. libXpm-3.5.12-9.el8.i686.rpm
    MD5: 580d632a08010f0f8205e39e3955f4b5
    SHA-256: e5112d50f8e3f7762d30d3a7ab9e564a23aa36899754ab279101f73423868819
    Size: 59.02 kB
  4. libXpm-devel-3.5.12-9.el8.i686.rpm
    MD5: d61cd785b94b06870adc73a09256a4fc
    SHA-256: f1a18c75f4538b4f8ff00b2614bb556271e3807e6f77e9e9b860bd311b992381
    Size: 39.11 kB