ALAS2023-2023-382

Amazon Linux 2023 Security Advisory: ALAS-2023-382
Advisory Release Date: 2023-10-12 16:11 Pacific
Advisory Updated Date: 2023-10-24 15:46 Pacific

Severity: Medium

References: CVE-2023-43786 CVE-2023-43787 CVE-2023-43789
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. (CVE-2023-43786)

libX11: integer overflow in XCreateImage() leading to a heap overflow. (CVE-2023-43787)

libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789)

Affected Packages:

libXpm

Issue Correction:
Run dnf update libXpm --releasever 2023.2.20231018 to update your system.

New Packages:

aarch64:
    libXpm-debuginfo-3.5.15-2.amzn2023.0.3.aarch64
    libXpm-devel-3.5.15-2.amzn2023.0.3.aarch64
    libXpm-3.5.15-2.amzn2023.0.3.aarch64
    libXpm-devel-debuginfo-3.5.15-2.amzn2023.0.3.aarch64
    libXpm-debugsource-3.5.15-2.amzn2023.0.3.aarch64

src:
    libXpm-3.5.15-2.amzn2023.0.3.src

x86_64:
    libXpm-debugsource-3.5.15-2.amzn2023.0.3.x86_64
    libXpm-devel-debuginfo-3.5.15-2.amzn2023.0.3.x86_64
    libXpm-debuginfo-3.5.15-2.amzn2023.0.3.x86_64
    libXpm-devel-3.5.15-2.amzn2023.0.3.x86_64
    libXpm-3.5.15-2.amzn2023.0.3.x86_64

Additional References

Red Hat: CVE-2023-43786, CVE-2023-43787, CVE-2023-43789

Mitre: CVE-2023-43786, CVE-2023-43787, CVE-2023-43789

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2023-2023-382

Additional References