libXpm-devel-3.5.14-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12617 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libXpm-devel-3.5.14-2.1 on GA media These are all security issues fixed in the libXpm-devel-3.5.14-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12617 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12617 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-44617/ SUSE CVE CVE-2022-44617 page https://www.suse.com/security/cve/CVE-2022-46285/ SUSE CVE CVE-2022-46285 page https://www.suse.com/security/cve/CVE-2022-4883/ SUSE CVE CVE-2022-4883 page openSUSE Tumbleweed libXpm-devel-3.5.14-2.1 libXpm-devel-32bit-3.5.14-2.1 libXpm-tools-3.5.14-2.1 libXpm4-3.5.14-2.1 libXpm4-32bit-3.5.14-2.1 libXpm-devel-3.5.14-2.1 as a component of openSUSE Tumbleweed libXpm-devel-32bit-3.5.14-2.1 as a component of openSUSE Tumbleweed libXpm-tools-3.5.14-2.1 as a component of openSUSE Tumbleweed libXpm4-3.5.14-2.1 as a component of openSUSE Tumbleweed libXpm4-32bit-3.5.14-2.1 as a component of openSUSE Tumbleweed A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. CVE-2022-44617 openSUSE Tumbleweed:libXpm-devel-3.5.14-2.1 openSUSE Tumbleweed:libXpm-devel-32bit-3.5.14-2.1 openSUSE Tumbleweed:libXpm-tools-3.5.14-2.1 openSUSE Tumbleweed:libXpm4-3.5.14-2.1 openSUSE Tumbleweed:libXpm4-32bit-3.5.14-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-44617.html CVE-2022-44617 https://bugzilla.suse.com/1207030 SUSE Bug 1207030 https://bugzilla.suse.com/1214751 SUSE Bug 1214751 A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. CVE-2022-46285 openSUSE Tumbleweed:libXpm-devel-3.5.14-2.1 openSUSE Tumbleweed:libXpm-devel-32bit-3.5.14-2.1 openSUSE Tumbleweed:libXpm-tools-3.5.14-2.1 openSUSE Tumbleweed:libXpm4-3.5.14-2.1 openSUSE Tumbleweed:libXpm4-32bit-3.5.14-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-46285.html CVE-2022-46285 https://bugzilla.suse.com/1207029 SUSE Bug 1207029 https://bugzilla.suse.com/1214751 SUSE Bug 1214751 https://bugzilla.suse.com/1215682 SUSE Bug 1215682 https://bugzilla.suse.com/1215686 SUSE Bug 1215686 A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. CVE-2022-4883 openSUSE Tumbleweed:libXpm-devel-3.5.14-2.1 openSUSE Tumbleweed:libXpm-devel-32bit-3.5.14-2.1 openSUSE Tumbleweed:libXpm-tools-3.5.14-2.1 openSUSE Tumbleweed:libXpm4-3.5.14-2.1 openSUSE Tumbleweed:libXpm4-32bit-3.5.14-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4883.html CVE-2022-4883 https://bugzilla.suse.com/1207031 SUSE Bug 1207031 https://bugzilla.suse.com/1208055 SUSE Bug 1208055 https://bugzilla.suse.com/1208351 SUSE Bug 1208351 https://bugzilla.suse.com/1208654 SUSE Bug 1208654 https://bugzilla.suse.com/1209322 SUSE Bug 1209322 https://bugzilla.suse.com/1209940 SUSE Bug 1209940