<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>==========================================================================<br>
    </p>
    <div class="gmail_quote">
      Ubuntu Security Notice USN-5807-2<br>
      February 21, 2023<br>
      <br>
      libxpm vulnerabilities<br>
      ==============================<wbr>==============================<wbr>==============<br>
      <br>
      A security issue affects these releases of Ubuntu and its
      derivatives:<br>
      <br>
      - Ubuntu 16.04 ESM<br>
      <br>
      Summary:<br>
      <br>
      Several security issues were fixed in libXpm. <br>
      <br>
      Software Description:<br>
      - libxpm: X11 pixmap library<br>
      <br>
      Details:<br>
      <br>
      USN-5807-1 fixed vulnerabilities in libXpm. This update provides
      the<br>
      corresponding updates for Ubuntu 16.04 ESM.<br>
      <br>
      Original advisory details:<br>
      <br>
       Martin Ettl discovered that libXpm incorrectly handled certain
      XPM files.<br>
       If a user or automated system were tricked into opening a
      specially crafted<br>
       XPM file, a remote attacker could possibly use this issue to
      cause libXpm<br>
       to stop responding, resulting in a denial of service.
      (CVE-2022-44617)<br>
      <br>
       Marco Ivaldi discovered that libXpm incorrectly handled certain
      XPM files.<br>
       If a user or automated system were tricked into opening a
      specially crafted<br>
       XPM file, a remote attacker could possibly use this issue to
      cause libXpm<br>
       to stop responding, resulting in a denial of service.
      (CVE-2022-46285)<br>
      <br>
       Alan Coopersmith discovered that libXpm incorrectly handled
      calling<br>
       external helper binaries. If libXpm was being used by a setuid
      binary, a<br>
       local attacker could possibly use this issue to escalate
      privileges.<br>
       (CVE-2022-4883)<br>
      <br>
      Update instructions:<br>
      <br>
      The problem can be corrected by updating your system to the
      following<br>
      package versions:<br>
      <br>
      Ubuntu 16.04 ESM:<br>
        libxpm4                         1:3.5.11-1ubuntu0.16.04.1+<wbr>esm1<br>
        xpmutils                        1:3.5.11-1ubuntu0.16.04.1+esm1<br>
      <br>
      After a standard system update you need to restart your session to
      make all<br>
      the necessary changes.<br>
      <br>
      References:<br>
        <a href="https://ubuntu.com/security/notices/USN-5807-2"
        rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-5807-2&source=gmail&ust=1677059262680000&usg=AOvVaw2eC2iAx4da-u-U9ZltwWlD">https://ubuntu.com/security/no<wbr>tices/USN-5807-2</a><br>
        <a href="https://ubuntu.com/security/notices/USN-5807-1"
        rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-5807-1&source=gmail&ust=1677059262680000&usg=AOvVaw24KnWG9KSXvQhMIj6GoFuw">https://ubuntu.com/security/no<wbr>tices/USN-5807-1</a><br>
        CVE-2022-44617, CVE-2022-46285, CVE-2022-4883</div>
  </body>
</html>