SUSE update for libXpm



Published: 2023-01-26
Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2022-44617
CVE-2022-46285
CVE-2022-4883
CWE-ID CWE-835
CWE-426
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe 		SUSE Linux Enterprise Server for SAP
Operating systems & Components / Operating system

SUSE Linux Enterprise Server
Operating systems & Components / Operating system

SUSE Linux Enterprise Realtime Extension
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing
Operating systems & Components / Operating system

SUSE Enterprise Storage
Operating systems & Components / Operating system

SUSE Manager Retail Branch Server
Operating systems & Components / Operating system

SUSE Linux Enterprise Workstation Extension
Operating systems & Components / Operating system

SUSE Manager Server
Operating systems & Components / Operating system

SUSE Manager Proxy
Operating systems & Components / Operating system

SUSE Linux Enterprise Module for Basesystem
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop
Operating systems & Components / Operating system

SUSE CaaS Platform
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications
Operating systems & Components / Operating system

SUSE Linux Enterprise Module for Packagehub Subpackages
Operating systems & Components / Operating system package or component

libXpm4-32bit-debuginfo
Operating systems & Components / Operating system package or component

libXpm4-32bit
Operating systems & Components / Operating system package or component

libXpm-devel-32bit
Operating systems & Components / Operating system package or component

libXpm4-debuginfo
Operating systems & Components / Operating system package or component

libXpm4
Operating systems & Components / Operating system package or component

libXpm-tools-debuginfo
Operating systems & Components / Operating system package or component

libXpm-tools
Operating systems & Components / Operating system package or component

libXpm-devel
Operating systems & Components / Operating system package or component

libXpm-debugsource
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Infinite loop

EUVDB-ID: #VU71235

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44617

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the ParsePixels() function when handling XPM files with width set to 0 and a very large height value. A remote attacker can trick the victim to open a specially crafted XPM file and perform a denial of service (DoS) attack.

Mitigation

Update the affected package libXpm to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3

SUSE Linux Enterprise Server: 15-SP1-LTSS - 15-SP4

SUSE Linux Enterprise Realtime Extension: 15-SP3

SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP4

SUSE Enterprise Storage: 6 - 7.1

SUSE Manager Retail Branch Server: 4.2 - 4.3

SUSE Linux Enterprise Workstation Extension: 15-SP4

SUSE Linux Enterprise Module for Packagehub Subpackages: 15-SP4

SUSE Manager Server: 4.2 - 4.3

SUSE Manager Proxy: 4.2 - 4.3

SUSE Linux Enterprise Module for Basesystem: 15-SP4

SUSE Linux Enterprise Desktop: 15-SP4

SUSE CaaS Platform: 4.0

openSUSE Leap: 15.4

SUSE Linux Enterprise Server for SAP Applications: 15-SP4

libXpm4-32bit-debuginfo: before 3.5.12-150000.3.7.2

libXpm4-32bit: before 3.5.12-150000.3.7.2

libXpm-devel-32bit: before 3.5.12-150000.3.7.2

libXpm4-debuginfo: before 3.5.12-150000.3.7.2

libXpm4: before 3.5.12-150000.3.7.2

libXpm-tools-debuginfo: before 3.5.12-150000.3.7.2

libXpm-tools: before 3.5.12-150000.3.7.2

libXpm-devel: before 3.5.12-150000.3.7.2

libXpm-debugsource: before 3.5.12-150000.3.7.2

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20230171-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Infinite loop

EUVDB-ID: #VU71234

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-46285

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when handling unclosed comments in XPM images within the ParseComment() function. A remote attacker can trick the victim to open a specially crafted image and cause denial of service conditions.

Mitigation

Update the affected package libXpm to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3

SUSE Linux Enterprise Server: 15-SP1-LTSS - 15-SP4

SUSE Linux Enterprise Realtime Extension: 15-SP3

SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP4

SUSE Enterprise Storage: 6 - 7.1

SUSE Manager Retail Branch Server: 4.2 - 4.3

SUSE Linux Enterprise Workstation Extension: 15-SP4

SUSE Linux Enterprise Module for Packagehub Subpackages: 15-SP4

SUSE Manager Server: 4.2 - 4.3

SUSE Manager Proxy: 4.2 - 4.3

SUSE Linux Enterprise Module for Basesystem: 15-SP4

SUSE Linux Enterprise Desktop: 15-SP4

SUSE CaaS Platform: 4.0

openSUSE Leap: 15.4

SUSE Linux Enterprise Server for SAP Applications: 15-SP4

libXpm4-32bit-debuginfo: before 3.5.12-150000.3.7.2

libXpm4-32bit: before 3.5.12-150000.3.7.2

libXpm-devel-32bit: before 3.5.12-150000.3.7.2

libXpm4-debuginfo: before 3.5.12-150000.3.7.2

libXpm4: before 3.5.12-150000.3.7.2

libXpm-tools-debuginfo: before 3.5.12-150000.3.7.2

libXpm-tools: before 3.5.12-150000.3.7.2

libXpm-devel: before 3.5.12-150000.3.7.2

libXpm-debugsource: before 3.5.12-150000.3.7.2

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20230171-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Untrusted search path

EUVDB-ID: #VU71236

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4883

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to libXpm relies on the $PATH variable to run the command responsible for decompressing .Z or .gz files. A local user can execute arbitrary code with elevated privileges.

Mitigation

Update the affected package libXpm to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3

SUSE Linux Enterprise Server: 15-SP1-LTSS - 15-SP4

SUSE Linux Enterprise Realtime Extension: 15-SP3

SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP4

SUSE Enterprise Storage: 6 - 7.1

SUSE Manager Retail Branch Server: 4.2 - 4.3

SUSE Linux Enterprise Workstation Extension: 15-SP4

SUSE Linux Enterprise Module for Packagehub Subpackages: 15-SP4

SUSE Manager Server: 4.2 - 4.3

SUSE Manager Proxy: 4.2 - 4.3

SUSE Linux Enterprise Module for Basesystem: 15-SP4

SUSE Linux Enterprise Desktop: 15-SP4

SUSE CaaS Platform: 4.0

openSUSE Leap: 15.4

SUSE Linux Enterprise Server for SAP Applications: 15-SP4

libXpm4-32bit-debuginfo: before 3.5.12-150000.3.7.2

libXpm4-32bit: before 3.5.12-150000.3.7.2

libXpm-devel-32bit: before 3.5.12-150000.3.7.2

libXpm4-debuginfo: before 3.5.12-150000.3.7.2

libXpm4: before 3.5.12-150000.3.7.2

libXpm-tools-debuginfo: before 3.5.12-150000.3.7.2

libXpm-tools: before 3.5.12-150000.3.7.2

libXpm-devel: before 3.5.12-150000.3.7.2

libXpm-debugsource: before 3.5.12-150000.3.7.2

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20230171-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###