libXpm-3.5.13-8.el9
エラータID: AXSA:2023-5006:03
リリース日:
2023/02/08 Wednesday - 05:06
題名:
libXpm-3.5.13-8.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
CVE-2022-44617
CVE-2022-46285
CVE-2022-4883
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-44617
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.
CVE-2022-46285
A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.
A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.
CVE-2022-4883
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.
追加情報:
N/A
ダウンロード:
SRPMS
- libXpm-3.5.13-8.el9.src.rpm
MD5: b5865c4590423661d4e29abbbb62ccfb
SHA-256: 059a0a6b9ca713bc2fa1279965f35bd36a71a58c172750b97b5f6b1ae95e302f
Size: 469.35 kB
Asianux Server 9 for x86_64
- libXpm-3.5.13-8.el9.x86_64.rpm
MD5: b4a2339cea5d45659c5f8076411b492d
SHA-256: c642ae5e7a5a50278abad767e096489669d4a9830e73157a178c0c9e3c107eb5
Size: 57.28 kB - libXpm-devel-3.5.13-8.el9.x86_64.rpm
MD5: f30b11220c45c73f1175a9d2ed8643fa
SHA-256: 0fd9baa6c13f1002f375ea6c9906caa23348a0011f70ecd677c0dc9549f0d1ce
Size: 33.80 kB - libXpm-3.5.13-8.el9.i686.rpm
MD5: 30d73ff3e1ee8fa36a20a24f862f0110
SHA-256: e85446ecd4a5c21a42dfb203e2cc997dcef0ca49a8c3848d187d87825d460686
Size: 59.68 kB - libXpm-devel-3.5.13-8.el9.i686.rpm
MD5: d5599addd5c9074be5d952fb16956b84
SHA-256: 31674876327123c92bbf92e8c89ebe44b2803000b65523b138805b6ab0ca5675
Size: 34.12 kB