Описание
ELSA-2023-0377: libXpm security update (IMPORTANT)
[3.5.12-2]
- Fix CVE-2022-4883: compression commands depends on /usr/local/bin:/usr/bin (#2161715)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
libXpm
3.5.12-2.el7_9
libXpm-devel
3.5.12-2.el7_9
Oracle Linux x86_64
libXpm
3.5.12-2.el7_9
libXpm-devel
3.5.12-2.el7_9
Связанные CVE
Связанные уязвимости
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.
A flaw was found in libXpm. When processing files with .Z or .gz exten ...
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.