UbuntuUpdates.org

Package "libxpm4"

Name: libxpm4

Description:

X11 pixmap library

Latest version: 1:3.5.12-1ubuntu0.20.04.2
Release: focal (20.04)
Level: updates
Repository: main
Head package: libxpm
Homepage: https://www.x.org

Links


Download "libxpm4"


Other versions of "libxpm4" in Focal

Repository Area Version
base main 1:3.5.12-1
security main 1:3.5.12-1ubuntu0.20.04.2

Changelog

Version: 1:3.5.12-1ubuntu0.20.04.2 2023-10-03 20:11:52 UTC

  libxpm (1:3.5.12-1ubuntu0.20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: stack exhaustion from infinite recursion in
    PutSubImage() in libx11
    - d/p/0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch
    - d/p/0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch
    - CVE-2023-43786
  * SECURITY UPDATE: integer overflow in XCreateImage() leading to a heap
    overflow in libx11
    - d/p/0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch
    - d/p/0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch
    - CVE-2023-43787
  * SECURITY UPDATE: out of bounds read in XpmCreateXpmImageFromBuffer()
    - d/p/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
    - CVE-2023-43788
  * SECURITY UPDATE: out of bounds read on XPM with corrupted colormap
    - d/p/0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
    - CVE-2023-43789

 -- Marc Deslauriers <email address hidden> Mon, 02 Oct 2023 16:12:10 -0400

Source diff to previous version
CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage()
CVE-2023-43787 ibX11: integer overflow in XCreateImage() leading to a heap overflow
CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()
CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap

Version: 1:3.5.12-1ubuntu0.20.04.1 2023-01-17 20:07:40 UTC

  libxpm (1:3.5.12-1ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: CPU-consuming loop on width of 0
    - debian/patches/CVE-2022-44617-1.patch: add extra checks to
      src/data.c, src/parse.c.
    - debian/patches/CVE-2022-44617-2.patch: prevent a double free in the
      error code path in src/create.c.
    - CVE-2022-44617
  * SECURITY UPDATE: Infinite loop on unclosed comments
    - debian/patches/CVE-2022-46285.patch: handle unclosed comments in
      src/data.c.
    - CVE-2022-46285
  * SECURITY UPDATE: compression commands depend on $PATH
    - debian/patches/CVE-2022-4883.patch: don't rely on $PATH to find the
      commands in src/RdFToI.c, src/WrFFrI.c.
    - CVE-2022-4883

 -- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 12:56:25 -0500




About   -   Send Feedback to @ubuntu_updates