Lucene search

K
slackwareSlackware Linux ProjectSSA-2023-276-02
HistoryOct 03, 2023 - 10:25 p.m.

[slackware-security] libXpm

2023-10-0322:25:46
Slackware Linux Project
www.slackware.com
32
slackware
libxpm
security issues
out-of-bounds read
updates
ftp
rsync
hosting

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%

New libXpm packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/libXpm-3.5.17-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
libXpm: out of bounds read in XpmCreateXpmImageFromBuffer().
libXpm: out of bounds read on XPM with corrupted colormap.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003424.html
https://vulners.com/cve/CVE-2023-43788
https://vulners.com/cve/CVE-2023-43789
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libXpm-3.5.17-i586-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libXpm-3.5.17-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libXpm-3.5.17-i586-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libXpm-3.5.17-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libXpm-3.5.17-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libXpm-3.5.17-x86_64-1_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libXpm-3.5.17-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/libXpm-3.5.17-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/libXpm-3.5.17-x86_64-1.txz

MD5 signatures:

Slackware 14.0 package:
bc7c9981210f6d5ab4e740cef773985b libXpm-3.5.17-i586-1_slack14.0.txz

Slackware x86_64 14.0 package:
deda8c03150e99cdb29c9fcbea2c7199 libXpm-3.5.17-x86_64-1_slack14.0.txz

Slackware 14.1 package:
520d0b27732f153c703191284c13468a libXpm-3.5.17-i586-1_slack14.1.txz

Slackware x86_64 14.1 package:
a8c30a1b063baba25f0e844de6bbfbfd libXpm-3.5.17-x86_64-1_slack14.1.txz

Slackware 14.2 package:
3a84fe714f508478a950500d94b5a9a8 libXpm-3.5.17-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
9bc95ac31ff8f4722c65332e0cf9e808 libXpm-3.5.17-x86_64-1_slack14.2.txz

Slackware 15.0 package:
ace4d80a05041648d8fc3e113d0ae977 libXpm-3.5.17-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
f5e8c160a8371fa3778710b6fedf09f5 libXpm-3.5.17-x86_64-1_slack15.0.txz

Slackware -current package:
ed563d934485c2aae3867893cbb448bc x/libXpm-3.5.17-i586-1.txz

Slackware x86_64 -current package:
f29d00470901576d269e73343c1f8642 x/libXpm-3.5.17-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg libXpm-3.5.17-i586-1_slack15.0.txz

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

5.1%