[prev in list] [next in list] [prev in thread] [next in thread]
List: ubuntu-security-announce
Subject: [USN-5807-2] libXpm vulnerabilities
From: Ian Constantin <ian.constantin () canonical ! com>
Date: 2023-02-21 16:19:10
Message-ID: dab8b46f-d24f-a006-d667-18075a04d9c0 () canonical ! com
[Download RAW message or body]
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
[Attachment #2 (multipart/mixed)]
[Attachment #4 (multipart/alternative)]
[Attachment #6 (text/plain)]
==========================================================================
Ubuntu Security Notice USN-5807-2
February 21, 2023
libxpm vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in libXpm.
Software Description:
- libxpm: X11 pixmap library
Details:
USN-5807-1 fixed vulnerabilities in libXpm. This update provides the
corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
Martin Ettl discovered that libXpm incorrectly handled certain XPM files.
If a user or automated system were tricked into opening a specially
crafted
XPM file, a remote attacker could possibly use this issue to cause libXpm
to stop responding, resulting in a denial of service. (CVE-2022-44617)
Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files.
If a user or automated system were tricked into opening a specially
crafted
XPM file, a remote attacker could possibly use this issue to cause libXpm
to stop responding, resulting in a denial of service. (CVE-2022-46285)
Alan Coopersmith discovered that libXpm incorrectly handled calling
external helper binaries. If libXpm was being used by a setuid binary, a
local attacker could possibly use this issue to escalate privileges.
(CVE-2022-4883)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
libxpm4 1:3.5.11-1ubuntu0.16.04.1+esm1
xpmutils 1:3.5.11-1ubuntu0.16.04.1+esm1
After a standard system update you need to restart your session to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5807-2
<https://ubuntu.com/security/notices/USN-5807-2>
https://ubuntu.com/security/notices/USN-5807-1
<https://ubuntu.com/security/notices/USN-5807-1>
CVE-2022-44617, CVE-2022-46285, CVE-2022-4883
[Attachment #7 (text/html)]
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>==========================================================================<br>
</p>
<div class="gmail_quote">
Ubuntu Security Notice USN-5807-2<br>
February 21, 2023<br>
<br>
libxpm vulnerabilities<br>
==============================<wbr>==============================<wbr>==============<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 16.04 ESM<br>
<br>
Summary:<br>
<br>
Several security issues were fixed in libXpm. <br>
<br>
Software Description:<br>
- libxpm: X11 pixmap library<br>
<br>
Details:<br>
<br>
USN-5807-1 fixed vulnerabilities in libXpm. This update provides
the<br>
corresponding updates for Ubuntu 16.04 ESM.<br>
<br>
Original advisory details:<br>
<br>
Martin Ettl discovered that libXpm incorrectly handled certain
XPM files.<br>
If a user or automated system were tricked into opening a
specially crafted<br>
XPM file, a remote attacker could possibly use this issue to
cause libXpm<br>
to stop responding, resulting in a denial of service.
(CVE-2022-44617)<br>
<br>
Marco Ivaldi discovered that libXpm incorrectly handled certain
XPM files.<br>
If a user or automated system were tricked into opening a
specially crafted<br>
XPM file, a remote attacker could possibly use this issue to
cause libXpm<br>
to stop responding, resulting in a denial of service.
(CVE-2022-46285)<br>
<br>
Alan Coopersmith discovered that libXpm incorrectly handled
calling<br>
external helper binaries. If libXpm was being used by a setuid
binary, a<br>
local attacker could possibly use this issue to escalate
privileges.<br>
(CVE-2022-4883)<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 16.04 ESM:<br>
libxpm4 \
1:3.5.11-1ubuntu0.16.04.1+<wbr>esm1<br>
xpmutils \
1:3.5.11-1ubuntu0.16.04.1+esm1<br> <br>
After a standard system update you need to restart your session to
make all<br>
the necessary changes.<br>
<br>
References:<br>
<a href="https://ubuntu.com/security/notices/USN-5807-2"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices \
/USN-5807-2&source=gmail&ust=1677059262680000&usg=AOvVaw2eC2iAx4da-u-U9ZltwWlD">https://ubuntu.com/security/no<wbr>tices/USN-5807-2</a><br>
<a href="https://ubuntu.com/security/notices/USN-5807-1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices \
/USN-5807-1&source=gmail&ust=1677059262680000&usg=AOvVaw24KnWG9KSXvQhMIj6GoFuw">https://ubuntu.com/security/no<wbr>tices/USN-5807-1</a><br>
CVE-2022-44617, CVE-2022-46285, CVE-2022-4883</div>
</body>
</html>
["OpenPGP_signature.asc" (application/pgp-signature)]
[Attachment #9 (unknown)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic