USN-5807-1: libXpm vulnerabilities

Releases

• Ubuntu 22.10
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM

Packages

• libxpm - X11 pixmap library

Details

Martin Ettl discovered that libXpm incorrectly handled certain XPM files.
If a user or automated system were tricked into opening a specially crafted
XPM file, a remote attacker could possibly use this issue to cause libXpm
to stop responding, resulting in a denial of service. (CVE-2022-44617)

Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files.
If a user or automated system were tricked into opening a specially crafted
XPM file, a remote attacker could possibly use this issue to cause libXpm
to stop responding, resulting in a denial of service. (CVE-2022-46285)

Alan Coopersmith discovered that libXpm incorrectly handled calling
external helper binaries. If libXpm was being used by a setuid binary, a
local attacker could possibly use this issue to escalate privileges.
(CVE-2022-4883)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.10

• libxpm4 - 1:3.5.12-1ubuntu0.22.10.1

Ubuntu 22.04

• libxpm4 - 1:3.5.12-1ubuntu0.22.04.1

Ubuntu 20.04

• libxpm4 - 1:3.5.12-1ubuntu0.20.04.1

Ubuntu 18.04

• libxpm4 - 1:3.5.12-1ubuntu0.18.04.2

After a standard system update you need to restart your session to make all
the necessary changes.

References

• CVE-2022-46285
• CVE-2022-44617
• CVE-2022-4883

Related notices

• USN-5807-2: libxpm, xpmutils, libxpm4, libxpm-dev
• USN-5807-3: libxpm, xpmutils, libxpm4, libxpm-dev