Stay Connected:

ELSA-2024-2974

ELSA-2024-2974 - libXpm security update

Type:SECURITY
Impact:MODERATE
Release Date:2024-05-23

Description


[3.5.12-11]
- Drop hardening patches from previous version to keep ABI compatibility

[3.5.12-10]
- CVE-2023-43786 libX11: stack exhaustion from infinite recursion
in PutSubImage()
- CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to
a heap overflow
- CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()
- CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap


Related CVEs


CVE-2023-43788
CVE-2023-43789

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) libXpm-3.5.12-11.el8.src.rpm1f351e27240e38ccdf818ca862ef538cd672600485147b7c5d42c6195c2d2a1d-ol8_aarch64_appstream
libXpm-3.5.12-11.el8.aarch64.rpm724c455e1d66ed246eb868a150382facc2723777603ba941c53cd0f93ccc0ef3-ol8_aarch64_appstream
libXpm-devel-3.5.12-11.el8.aarch64.rpm011c220120c2006d4ccfada5d1870709fff6ab216518ae2394d783767869a1cb-ol8_aarch64_appstream
Oracle Linux 8 (x86_64) libXpm-3.5.12-11.el8.src.rpm1f351e27240e38ccdf818ca862ef538cd672600485147b7c5d42c6195c2d2a1d-ol8_x86_64_appstream
libXpm-3.5.12-11.el8.i686.rpm99d6ea49923a9caf7c7139cbd39de925106053d7b9cdc423db8d9de43c2fd0fd-ol8_x86_64_appstream
libXpm-3.5.12-11.el8.x86_64.rpm9aec7cd3449829aed3a57586ebd56d0585dfe1f5f9fa6dcac488a8b42eeb5682-ol8_x86_64_appstream
libXpm-devel-3.5.12-11.el8.i686.rpm8fdf77dd762c9a1dd51f74477954f4e2b56e93a2b717679b761a4026ba114328-ol8_x86_64_appstream
libXpm-devel-3.5.12-11.el8.x86_64.rpm2d7e14c865c3d74975c52e63bb40a05aa563cf9eac07aadc116f478b5389c23c-ol8_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights