SUSE-SU-2023:3965-1

Опубликовано: 04 окт. 2023

Источник: suse-cvrf

Описание

Security update for libXpm

This update for libXpm fixes the following issues:

CVE-2023-43788: Fixed an out of bounds read when creating an image (bsc#1215686).
CVE-2023-43789: Fixed an out of bounds read when parsing an XPM file with a corrupted colormap (bsc#1215687).

Список пакетов

Container suse/nginx:latest

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP2-SAP-Azure

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP2-SAP-BYOS-Azure

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP2-SAP-BYOS-GCE

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP2-SAP-EC2-HVM

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP2-SAP-GCE

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP3-SAP-BYOS-Azure

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP3-SAP-BYOS-GCE

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP3-SAPCAL-Azure

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP3-SAPCAL-EC2-HVM

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP3-SAPCAL-GCE

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-Azure

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-BYOS

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-BYOS-Azure

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-BYOS-EC2

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-BYOS-GCE

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-EC2

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-GCE

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-Hardened

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-Hardened-Azure

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-Hardened-BYOS

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAP-Hardened-GCE

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAPCAL

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAPCAL-Azure

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAPCAL-EC2

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SAPCAL-GCE

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAP-Azure-3P

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAP-BYOS-Azure

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAP-BYOS-EC2

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAP-BYOS-GCE

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAP-Hardened-Azure

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAP-Hardened-GCE

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAPCAL-Azure

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAPCAL-EC2

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP5-SAPCAL-GCE

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-Azure

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-BYOS

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-BYOS-Azure

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-BYOS-EC2

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-BYOS-GCE

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-EC2

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-GCE

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-Hardened

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-Hardened-Azure

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-Hardened-BYOS

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-Hardened-EC2

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAP-Hardened-GCE

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAPCAL

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAPCAL-Azure

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAPCAL-EC2

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP6-SAPCAL-GCE

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

SUSE Linux Enterprise Module for Basesystem 15 SP4

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

SUSE Linux Enterprise Module for Basesystem 15 SP5

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

SUSE Linux Enterprise Module for Package Hub 15 SP4

libXpm4-32bit-3.5.12-150000.3.10.1

SUSE Linux Enterprise Module for Package Hub 15 SP5

libXpm4-32bit-3.5.12-150000.3.10.1

SUSE Linux Enterprise Workstation Extension 15 SP4

libXpm-tools-3.5.12-150000.3.10.1

SUSE Linux Enterprise Workstation Extension 15 SP5

libXpm-tools-3.5.12-150000.3.10.1

SUSE Manager Proxy 4.2

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

SUSE Manager Server 4.2

libXpm-devel-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

openSUSE Leap 15.4

libXpm-devel-3.5.12-150000.3.10.1

libXpm-devel-32bit-3.5.12-150000.3.10.1

libXpm-tools-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

libXpm4-32bit-3.5.12-150000.3.10.1

openSUSE Leap 15.5

libXpm-devel-3.5.12-150000.3.10.1

libXpm-devel-32bit-3.5.12-150000.3.10.1

libXpm-tools-3.5.12-150000.3.10.1

libXpm4-3.5.12-150000.3.10.1

libXpm4-32bit-3.5.12-150000.3.10.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233965-1/
Link for SUSE-SU-2023:3965-1
https://lists.suse.com/pipermail/sle-updates/2023-October/031903.html
E-Mail link for SUSE-SU-2023:3965-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1215686
SUSE Bug 1215686
https://bugzilla.suse.com/1215687
SUSE Bug 1215687
https://www.suse.com/security/cve/CVE-2023-43788/
SUSE CVE CVE-2023-43788 page
https://www.suse.com/security/cve/CVE-2023-43789/
SUSE CVE CVE-2023-43789 page

Описание

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.

Затронутые продукты

Container suse/nginx:latest:libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libXpm4-3.5.12-150000.3.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-43788.html
CVE-2023-43788
https://bugzilla.suse.com/1215682
SUSE Bug 1215682
https://bugzilla.suse.com/1215686
SUSE Bug 1215686

Описание

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

Затронутые продукты

Container suse/nginx:latest:libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libXpm4-3.5.12-150000.3.10.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libXpm4-3.5.12-150000.3.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-43789.html
CVE-2023-43789
https://bugzilla.suse.com/1215682
SUSE Bug 1215682
https://bugzilla.suse.com/1215687
SUSE Bug 1215687