libXpm-3.5.12-11.el8

エラータID: AXSA:2024-8338:02

Release date: 
Tuesday, June 18, 2024 - 15:38
Subject: 
libXpm-3.5.12-11.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

X.Org X11 libXpm runtime library.

Security Fix(es):

* libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788)
* libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.10 Release Notes linked from the References section.

CVE-2023-43788
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.
CVE-2023-43789
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

Solution: 

Update packages.

CVEs: 
CVE-2023-43788
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.
CVE-2023-43789
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.
Additional Info: 

N/A

Download: 

SRPMS
  1. libXpm-3.5.12-11.el8.src.rpm
    MD5: 0f885291f6d661c316e6b7e1a3e56f23
    SHA-256: 0a1e2f17e04259af07b49613fb3f03edb8e6eda773467a5a6883330cf5083181
    Size: 441.51 kB

Asianux Server 8 for x86_64
  1. libXpm-3.5.12-11.el8.i686.rpm
    MD5: 176aed4ae9f0168d7a864546d8f0b0f5
    SHA-256: c3ddf602ff5bb9c38fae1ec4b49da4c2d9454b8744bff0f421433e8d55e0820c
    Size: 59.41 kB
  2. libXpm-3.5.12-11.el8.x86_64.rpm
    MD5: 1a4b535b80293244e3337a24bd16a620
    SHA-256: 33e97b3fa3037d3764e69330d15896343dfe40e01a61dfc5e3c081b8987057dd
    Size: 57.50 kB
  3. libXpm-devel-3.5.12-11.el8.i686.rpm
    MD5: e3bf8c2129f86363c1ce708c144bdc83
    SHA-256: 61c19f25644261f76a0b9ea5e3773688c9a1245f1622793681261164547bc8a5
    Size: 39.53 kB
  4. libXpm-devel-3.5.12-11.el8.x86_64.rpm
    MD5: bd7c22614c24738c83cdbd72a4e5ad29
    SHA-256: a1640033705f7f8169f596e149e1e9ab4bc9b13dd09458526e86694cd910bca5
    Size: 38.66 kB