Описание
Security update for libXpm
This update for libXpm fixes the following issues:
- CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed (bsc#1207029).
- CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small crafted XPM image (bsc#1207030).
- CVE-2022-4883: Fixed an issue that made decompression commands susceptible to PATH environment variable manipulation attacks (bsc#1207031).
Список пакетов
Container suse/nginx:latest
libXpm4-3.5.12-150000.3.7.2
Container suse/rmt-nginx:latest
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP2-SAP-Azure
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP2-SAP-BYOS-Azure
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP2-SAP-BYOS-EC2-HVM
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP2-SAP-BYOS-GCE
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP2-SAP-EC2-HVM
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP2-SAP-GCE
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP3-SAP-BYOS-Azure
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP3-SAP-BYOS-EC2-HVM
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP3-SAP-BYOS-GCE
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP3-SAPCAL-Azure
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP3-SAPCAL-EC2-HVM
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP3-SAPCAL-GCE
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-Azure
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-Azure-LI-BYOS
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-Azure-VLI-BYOS
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-BYOS
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-BYOS-Azure
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-BYOS-EC2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-BYOS-GCE
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-EC2
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-GCE
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-Hardened
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-Hardened-Azure
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-Hardened-BYOS
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-Hardened-EC2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAP-Hardened-GCE
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAPCAL
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAPCAL-Azure
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAPCAL-EC2
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SAPCAL-GCE
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-Azure
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-Azure-3P
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-Azure-LI-BYOS
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-Azure-VLI-BYOS
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-BYOS-Azure
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-BYOS-EC2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-BYOS-GCE
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-EC2
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-GCE
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-Hardened-Azure
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-Hardened-EC2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAP-Hardened-GCE
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAPCAL-Azure
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAPCAL-EC2
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP5-SAPCAL-GCE
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-Azure
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-Azure-LI-BYOS
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-Azure-VLI-BYOS
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-BYOS
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-BYOS-Azure
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-BYOS-EC2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-BYOS-GCE
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-EC2
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-GCE
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-Hardened
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-Hardened-Azure
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-Hardened-BYOS
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-Hardened-EC2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAP-Hardened-GCE
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAPCAL
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAPCAL-Azure
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAPCAL-EC2
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP6-SAPCAL-GCE
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Enterprise Storage 6
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Enterprise Storage 7
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Enterprise Storage 7.1
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Linux Enterprise Module for Basesystem 15 SP4
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Linux Enterprise Module for Package Hub 15 SP4
libXpm4-32bit-3.5.12-150000.3.7.2
SUSE Linux Enterprise Real Time 15 SP3
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Linux Enterprise Server 15 SP1-LTSS
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Linux Enterprise Server 15 SP2-LTSS
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Linux Enterprise Server 15 SP3-LTSS
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Linux Enterprise Workstation Extension 15 SP4
libXpm-tools-3.5.12-150000.3.7.2
SUSE Manager Proxy 4.2
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Manager Retail Branch Server 4.2
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
SUSE Manager Server 4.2
libXpm-devel-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
openSUSE Leap 15.4
libXpm-devel-3.5.12-150000.3.7.2
libXpm-devel-32bit-3.5.12-150000.3.7.2
libXpm-tools-3.5.12-150000.3.7.2
libXpm4-3.5.12-150000.3.7.2
libXpm4-32bit-3.5.12-150000.3.7.2
Ссылки
- Link for SUSE-SU-2023:0171-1
- E-Mail link for SUSE-SU-2023:0171-1
- SUSE Security Ratings
- SUSE Bug 1207029
- SUSE Bug 1207030
- SUSE Bug 1207031
- SUSE CVE CVE-2022-44617 page
- SUSE CVE CVE-2022-46285 page
- SUSE CVE CVE-2022-4883 page
Описание
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.
Затронутые продукты
Container suse/nginx:latest:libXpm4-3.5.12-150000.3.7.2
Container suse/rmt-nginx:latest:libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libXpm4-3.5.12-150000.3.7.2
Ссылки
- CVE-2022-44617
- SUSE Bug 1207030
- SUSE Bug 1214751
Описание
A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.
Затронутые продукты
Container suse/nginx:latest:libXpm4-3.5.12-150000.3.7.2
Container suse/rmt-nginx:latest:libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libXpm4-3.5.12-150000.3.7.2
Ссылки
- CVE-2022-46285
- SUSE Bug 1207029
- SUSE Bug 1214751
- SUSE Bug 1215682
- SUSE Bug 1215686
Описание
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.
Затронутые продукты
Container suse/nginx:latest:libXpm4-3.5.12-150000.3.7.2
Container suse/rmt-nginx:latest:libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libXpm4-3.5.12-150000.3.7.2
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libXpm4-3.5.12-150000.3.7.2
Ссылки
- CVE-2022-4883
- SUSE Bug 1207031
- SUSE Bug 1208055
- SUSE Bug 1208351
- SUSE Bug 1208654
- SUSE Bug 1209322
- SUSE Bug 1209940