Stay Connected:

ELSA-2024-2146

ELSA-2024-2146 - libXpm security update

Type:SECURITY
Impact:MODERATE
Release Date:2024-05-02

Description


[3.5.13-10]
- Drop hardening patches from previous version to keep ABI compatibility

[3.5.13-9]
- CVE-2023-43786 libX11: stack exhaustion from infinite recursion
in PutSubImage()
- CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to
a heap overflow
- CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()
- CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap


Related CVEs


CVE-2023-43788
CVE-2023-43789

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) libXpm-3.5.13-10.el9.src.rpmbe70c69324e5a760ad0572e2bc6543bb40e5748bb61a7183e5c2fdedef821243-ol9_aarch64_appstream
libXpm-3.5.13-10.el9.aarch64.rpm58fbaa7d5469bbefa6edde4a72254f2d1f5e61dc0602a3f0d6fad6e6e10d22dd-ol9_aarch64_appstream
libXpm-devel-3.5.13-10.el9.aarch64.rpm8dfee4a8d272bb96876c1f57fe946ddecea97654f3094f5c0bb945b5edf2db6b-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) libXpm-3.5.13-10.el9.src.rpmbe70c69324e5a760ad0572e2bc6543bb40e5748bb61a7183e5c2fdedef821243-ol9_x86_64_appstream
libXpm-3.5.13-10.el9.i686.rpmc4b96359bba719a4d5051b0cd14db3437f83196a1a28d5a99844b149afa06a56-ol9_x86_64_appstream
libXpm-3.5.13-10.el9.x86_64.rpm3e3ed1400f61433783579a9cef43f7c34af7e2c536ceccd7d4604b2c25cb79a1-ol9_x86_64_appstream
libXpm-devel-3.5.13-10.el9.i686.rpm22fc8416daf938f79e42575f3091e31e6093aa93365fa1d7f06f1dd4f72e4d18-ol9_x86_64_appstream
libXpm-devel-3.5.13-10.el9.x86_64.rpm4664b609829494918bc9c15d9f4c30e35166a06685f128c7057b446570010fea-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights