An update for libXpm is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2151 Final 1.0 1.0 2026-05-03 Initial 2026-05-03 2026-05-03 openEuler SA Tool V1.0 2026-05-03 libXpm security update An update for libXpm is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3 X.Org X11 libXpm runtime library Security Fix(es): A vulnerability was found in X.org libXpm up to 3.5.4. It has been classified as problematic.CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer.This is going to have an impact on confidentiality.Upgrading to version 3.5.19 eliminates this vulnerability. Applying the patch 5448e1bd is able to eliminate this problem. The bugfix is ready for download at gitlab.freedesktop.org. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2026-4367) An update for libXpm is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium libXpm https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2151 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4367 https://nvd.nist.gov/vuln/detail/CVE-2026-4367 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 libXpm-3.5.13-4.oe2003sp4.aarch64.rpm libXpm-debuginfo-3.5.13-4.oe2003sp4.aarch64.rpm libXpm-debugsource-3.5.13-4.oe2003sp4.aarch64.rpm libXpm-devel-3.5.13-4.oe2003sp4.aarch64.rpm libXpm-3.5.13-6.oe2203sp4.aarch64.rpm libXpm-debuginfo-3.5.13-6.oe2203sp4.aarch64.rpm libXpm-debugsource-3.5.13-6.oe2203sp4.aarch64.rpm libXpm-devel-3.5.13-6.oe2203sp4.aarch64.rpm libXpm-3.5.17-2.oe2403.aarch64.rpm libXpm-debuginfo-3.5.17-2.oe2403.aarch64.rpm libXpm-debugsource-3.5.17-2.oe2403.aarch64.rpm libXpm-devel-3.5.17-2.oe2403.aarch64.rpm libXpm-3.5.17-2.oe2403sp1.aarch64.rpm libXpm-debuginfo-3.5.17-2.oe2403sp1.aarch64.rpm libXpm-debugsource-3.5.17-2.oe2403sp1.aarch64.rpm libXpm-devel-3.5.17-2.oe2403sp1.aarch64.rpm libXpm-3.5.17-2.oe2403sp3.aarch64.rpm libXpm-debuginfo-3.5.17-2.oe2403sp3.aarch64.rpm libXpm-debugsource-3.5.17-2.oe2403sp3.aarch64.rpm libXpm-devel-3.5.17-2.oe2403sp3.aarch64.rpm libXpm-3.5.13-4.oe2003sp4.src.rpm libXpm-3.5.13-6.oe2203sp4.src.rpm libXpm-3.5.17-2.oe2403.src.rpm libXpm-3.5.17-2.oe2403sp1.src.rpm libXpm-3.5.17-2.oe2403sp3.src.rpm libXpm-3.5.13-4.oe2003sp4.x86_64.rpm libXpm-debuginfo-3.5.13-4.oe2003sp4.x86_64.rpm libXpm-debugsource-3.5.13-4.oe2003sp4.x86_64.rpm libXpm-devel-3.5.13-4.oe2003sp4.x86_64.rpm libXpm-3.5.13-6.oe2203sp4.x86_64.rpm libXpm-debuginfo-3.5.13-6.oe2203sp4.x86_64.rpm libXpm-debugsource-3.5.13-6.oe2203sp4.x86_64.rpm libXpm-devel-3.5.13-6.oe2203sp4.x86_64.rpm libXpm-3.5.17-2.oe2403.x86_64.rpm libXpm-debuginfo-3.5.17-2.oe2403.x86_64.rpm libXpm-debugsource-3.5.17-2.oe2403.x86_64.rpm libXpm-devel-3.5.17-2.oe2403.x86_64.rpm libXpm-3.5.17-2.oe2403sp1.x86_64.rpm libXpm-debuginfo-3.5.17-2.oe2403sp1.x86_64.rpm libXpm-debugsource-3.5.17-2.oe2403sp1.x86_64.rpm libXpm-devel-3.5.17-2.oe2403sp1.x86_64.rpm libXpm-3.5.17-2.oe2403sp3.x86_64.rpm libXpm-debuginfo-3.5.17-2.oe2403sp3.x86_64.rpm libXpm-debugsource-3.5.17-2.oe2403sp3.x86_64.rpm libXpm-devel-3.5.17-2.oe2403sp3.x86_64.rpm libXpm-help-3.5.13-4.oe2003sp4.noarch.rpm libXpm-help-3.5.13-6.oe2203sp4.noarch.rpm libXpm-help-3.5.17-2.oe2403.noarch.rpm libXpm-help-3.5.17-2.oe2403sp1.noarch.rpm libXpm-help-3.5.17-2.oe2403sp3.noarch.rpm A vulnerability was found in X.org libXpm up to 3.5.4. It has been classified as problematic.CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer.This is going to have an impact on confidentiality.Upgrading to version 3.5.19 eliminates this vulnerability. Applying the patch 5448e1bd is able to eliminate this problem. The bugfix is ready for download at gitlab.freedesktop.org. The best possible mitigation is suggested to be upgrading to the latest version. 2026-05-03 CVE-2026-4367 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 Medium 6.3 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H libXpm security update 2026-05-03 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2151