Описание
Security update for libwebp
This update for libwebp fixes the following issues:
- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
- CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
- CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
- CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
- CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
- CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688).
- CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
- CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
- CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
- CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
Список пакетов
Image SLES15-SAP-Azure
libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-BYOS
libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production
libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
libwebp6-0.5.0-3.5.1
Image SLES15-SAP-EC2-HVM
libwebp6-0.5.0-3.5.1
Image SLES15-SAP-EC2-HVM-BYOS
libwebp6-0.5.0-3.5.1
Image SLES15-SAP-GCE
libwebp6-0.5.0-3.5.1
Image SLES15-SAP-GCE-BYOS
libwebp6-0.5.0-3.5.1
Image SLES15-SP1-SAP-Azure
libwebp6-0.5.0-3.5.1
Image SLES15-SP1-SAP-Azure-BYOS
libwebp6-0.5.0-3.5.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libwebp6-0.5.0-3.5.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libwebp6-0.5.0-3.5.1
Image SLES15-SP1-SAP-EC2-HVM
libwebp6-0.5.0-3.5.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
libwebp6-0.5.0-3.5.1
Image SLES15-SP1-SAP-GCE
libwebp6-0.5.0-3.5.1
Image SLES15-SP1-SAP-GCE-BYOS
libwebp6-0.5.0-3.5.1
SUSE Enterprise Storage 6
libwebp-devel-0.5.0-3.5.1
libwebp6-0.5.0-3.5.1
libwebpdecoder2-0.5.0-3.5.1
libwebpdemux2-0.5.0-3.5.1
libwebpextras0-0.5.0-3.5.1
libwebpmux2-0.5.0-3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
libwebp-devel-0.5.0-3.5.1
libwebp6-0.5.0-3.5.1
libwebpdecoder2-0.5.0-3.5.1
libwebpdemux2-0.5.0-3.5.1
libwebpextras0-0.5.0-3.5.1
libwebpmux2-0.5.0-3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libwebp-devel-0.5.0-3.5.1
libwebp6-0.5.0-3.5.1
libwebpdecoder2-0.5.0-3.5.1
libwebpdemux2-0.5.0-3.5.1
libwebpextras0-0.5.0-3.5.1
libwebpmux2-0.5.0-3.5.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libwebp-devel-0.5.0-3.5.1
libwebp6-0.5.0-3.5.1
libwebpdecoder2-0.5.0-3.5.1
libwebpdemux2-0.5.0-3.5.1
libwebpextras0-0.5.0-3.5.1
libwebpmux2-0.5.0-3.5.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libwebp-devel-0.5.0-3.5.1
libwebp6-0.5.0-3.5.1
libwebpdecoder2-0.5.0-3.5.1
libwebpdemux2-0.5.0-3.5.1
libwebpextras0-0.5.0-3.5.1
libwebpmux2-0.5.0-3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP2
libwebp6-32bit-0.5.0-3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP3
libwebp6-32bit-0.5.0-3.5.1
SUSE Linux Enterprise Server 15 SP1-BCL
libwebp-devel-0.5.0-3.5.1
libwebp6-0.5.0-3.5.1
libwebpdecoder2-0.5.0-3.5.1
libwebpdemux2-0.5.0-3.5.1
libwebpextras0-0.5.0-3.5.1
libwebpmux2-0.5.0-3.5.1
SUSE Linux Enterprise Server 15 SP1-LTSS
libwebp-devel-0.5.0-3.5.1
libwebp6-0.5.0-3.5.1
libwebpdecoder2-0.5.0-3.5.1
libwebpdemux2-0.5.0-3.5.1
libwebpextras0-0.5.0-3.5.1
libwebpmux2-0.5.0-3.5.1
SUSE Linux Enterprise Server 15-LTSS
libwebp-devel-0.5.0-3.5.1
libwebp6-0.5.0-3.5.1
libwebpdecoder2-0.5.0-3.5.1
libwebpdemux2-0.5.0-3.5.1
libwebpextras0-0.5.0-3.5.1
libwebpmux2-0.5.0-3.5.1
SUSE Linux Enterprise Server for SAP Applications 15
libwebp-devel-0.5.0-3.5.1
libwebp6-0.5.0-3.5.1
libwebpdecoder2-0.5.0-3.5.1
libwebpdemux2-0.5.0-3.5.1
libwebpextras0-0.5.0-3.5.1
libwebpmux2-0.5.0-3.5.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libwebp-devel-0.5.0-3.5.1
libwebp6-0.5.0-3.5.1
libwebpdecoder2-0.5.0-3.5.1
libwebpdemux2-0.5.0-3.5.1
libwebpextras0-0.5.0-3.5.1
libwebpmux2-0.5.0-3.5.1
SUSE Linux Enterprise Workstation Extension 15 SP2
libwebp6-0.5.0-3.5.1
SUSE Linux Enterprise Workstation Extension 15 SP3
libwebp6-0.5.0-3.5.1
SUSE Manager Proxy 4.0
libwebp-devel-0.5.0-3.5.1
libwebp6-0.5.0-3.5.1
libwebpdecoder2-0.5.0-3.5.1
libwebpdemux2-0.5.0-3.5.1
libwebpextras0-0.5.0-3.5.1
libwebpmux2-0.5.0-3.5.1
SUSE Manager Retail Branch Server 4.0
libwebp-devel-0.5.0-3.5.1
libwebp6-0.5.0-3.5.1
libwebpdecoder2-0.5.0-3.5.1
libwebpdemux2-0.5.0-3.5.1
libwebpextras0-0.5.0-3.5.1
libwebpmux2-0.5.0-3.5.1
SUSE Manager Server 4.0
libwebp-devel-0.5.0-3.5.1
libwebp6-0.5.0-3.5.1
libwebpdecoder2-0.5.0-3.5.1
libwebpdemux2-0.5.0-3.5.1
libwebpextras0-0.5.0-3.5.1
libwebpmux2-0.5.0-3.5.1
Ссылки
- Link for SUSE-SU-2021:1860-1
- E-Mail link for SUSE-SU-2021:1860-1
- SUSE Security Ratings
- SUSE Bug 1185652
- SUSE Bug 1185654
- SUSE Bug 1185673
- SUSE Bug 1185674
- SUSE Bug 1185685
- SUSE Bug 1185686
- SUSE Bug 1185688
- SUSE Bug 1185690
- SUSE Bug 1185691
- SUSE Bug 1186247
- SUSE CVE CVE-2018-25009 page
- SUSE CVE CVE-2018-25010 page
- SUSE CVE CVE-2018-25011 page
- SUSE CVE CVE-2018-25012 page
- SUSE CVE CVE-2018-25013 page
- SUSE CVE CVE-2020-36328 page
- SUSE CVE CVE-2020-36329 page
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure:libwebp6-0.5.0-3.5.1
Ссылки
- CVE-2018-25009
- SUSE Bug 1185673
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure:libwebp6-0.5.0-3.5.1
Ссылки
- CVE-2018-25010
- SUSE Bug 1185685
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure:libwebp6-0.5.0-3.5.1
Ссылки
- CVE-2018-25011
- SUSE Bug 1186247
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure:libwebp6-0.5.0-3.5.1
Ссылки
- CVE-2018-25012
- SUSE Bug 1185690
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure:libwebp6-0.5.0-3.5.1
Ссылки
- CVE-2018-25013
- SUSE Bug 1185654
Описание
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure:libwebp6-0.5.0-3.5.1
Ссылки
- CVE-2020-36328
- SUSE Bug 1185688
Описание
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure:libwebp6-0.5.0-3.5.1
Ссылки
- CVE-2020-36329
- SUSE Bug 1185652
- SUSE Bug 1187486
Описание
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure:libwebp6-0.5.0-3.5.1
Ссылки
- CVE-2020-36330
- SUSE Bug 1185691
- SUSE Bug 1187486
Описание
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure:libwebp6-0.5.0-3.5.1
Ссылки
- CVE-2020-36331
- SUSE Bug 1185686
- SUSE Bug 1187486
Описание
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-LI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:libwebp6-0.5.0-3.5.1
Image SLES15-SAP-Azure:libwebp6-0.5.0-3.5.1
Ссылки
- CVE-2020-36332
- SUSE Bug 1185674
- SUSE Bug 1187486