Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu: 5807-1 Moderate: libXpm Denial of Service Threats

ubuntu
Calendar Grey January 17, 2023
Dist Ubuntu Esm H88
Serious libXpm vulnerabilities identified in USN-5807-1 impacting Ubuntu. Make sure your system is up-to-date for security.
Several security issues were fixed in libXpm.

Summary

Several security issues were fixed in libXpm.

Software Description:

- libxpm: X11 pixmap library

Details:

Martin Ettl discovered that libXpm incorrectly handled certain XPM files.

If a user or automated system were tricked into opening a specially crafted

XPM file, a remote attacker could possibly use this issue to cause libXpm

to stop responding, resulting in a denial of service. (CVE-2022-44617)

Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files.

If a user or automated system were tricked into opening a specially crafted

XPM file, a remote attacker could possibly use this issue to cause libXpm

to stop responding, resulting in a denial of service. (CVE-2022-46285)

Alan Coopersmith discovered that libXpm incorrectly handled calling

external helper binaries. If libXpm was being used by a setuid binary, a

local attacker could possibly use this issue to escalate privileges.

(CVE-2022-4883)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
   libxpm4                         1:3.5.12-1ubuntu0.22.10.1

Ubuntu 22.04 LTS:
   libxpm4                         1:3.5.12-1ubuntu0.22.04.1

Ubuntu 20.04 LTS:
   libxpm4                         1:3.5.12-1ubuntu0.20.04.1

Ubuntu 18.04 LTS:
   libxpm4                         1:3.5.12-1ubuntu0.18.04.2

After a standard system update you need to restart your session to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-5807-1

CVE-2022-44617, CVE-2022-46285, CVE-2022-4883

January 17, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here