ALAS-2023-1894


Amazon Linux 1 Security Advisory: ALAS-2023-1894
Advisory Release Date: 2023-11-29 23:18 Pacific
Advisory Updated Date: 2023-12-04 21:36 Pacific
Severity: Medium

Issue Overview:

libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()

NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/2fa554b01ef6079a9b35df9332bdc4f139ed67e0 (CVE-2023-43788)


Affected Packages:

libXpm


Issue Correction:
Run yum update libXpm to update your system.

New Packages:
i686:
    libXpm-devel-3.5.10-2.13.amzn1.i686
    libXpm-debuginfo-3.5.10-2.13.amzn1.i686
    libXpm-3.5.10-2.13.amzn1.i686

src:
    libXpm-3.5.10-2.13.amzn1.src

x86_64:
    libXpm-debuginfo-3.5.10-2.13.amzn1.x86_64
    libXpm-3.5.10-2.13.amzn1.x86_64
    libXpm-devel-3.5.10-2.13.amzn1.x86_64