Amazon Linux 2023 Security Advisory: ALAS2023-2023-382
Advisory Released Date: 2023-10-24
Advisory Updated Date: 2023-10-24
Severity:
Medium
References:
CVE-2023-43786
CVE-2023-43787
CVE-2023-43789
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. (CVE-2023-43786)
libX11: integer overflow in XCreateImage() leading to a heap overflow. (CVE-2023-43787)
libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789)
Affected Packages:
libXpm
Issue Correction:
Run dnf update libXpm --releasever 2023.2.20231018 to update your system.
New Packages:
aarch64:
libXpm-debuginfo-3.5.15-2.amzn2023.0.3.aarch64
libXpm-devel-3.5.15-2.amzn2023.0.3.aarch64
libXpm-3.5.15-2.amzn2023.0.3.aarch64
libXpm-devel-debuginfo-3.5.15-2.amzn2023.0.3.aarch64
libXpm-debugsource-3.5.15-2.amzn2023.0.3.aarch64
src:
libXpm-3.5.15-2.amzn2023.0.3.src
x86_64:
libXpm-debugsource-3.5.15-2.amzn2023.0.3.x86_64
libXpm-devel-debuginfo-3.5.15-2.amzn2023.0.3.x86_64
libXpm-debuginfo-3.5.15-2.amzn2023.0.3.x86_64
libXpm-devel-3.5.15-2.amzn2023.0.3.x86_64
libXpm-3.5.15-2.amzn2023.0.3.x86_64