SUSE-SU-2023:2467-1

Опубликовано: 08 июн. 2023

Источник: suse-cvrf

Описание

Security update for libwebp

This update for libwebp fixes the following issues:

CVE-2023-1999: Fixed a double free (bsc#1210212).

Список пакетов

Container containers/open-webui:0

libwebp7-1.0.3-150200.3.5.1

libwebpdemux2-1.0.3-150200.3.5.1

libwebpmux3-1.0.3-150200.3.5.1

Container suse/nginx:latest

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP2-SAP-Azure

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP2-SAP-BYOS-Azure

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP2-SAP-BYOS-GCE

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP2-SAP-EC2-HVM

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP2-SAP-GCE

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP3-SAP-BYOS-Azure

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP3-SAP-BYOS-GCE

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-BYOS

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-BYOS-Azure

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-BYOS-EC2

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-BYOS-GCE

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-Hardened

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-Hardened-Azure

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-Hardened-BYOS

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SAP-Hardened-GCE

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-Azure-3P

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-BYOS-Azure

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-BYOS-EC2

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-BYOS-GCE

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-Hardened-Azure

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-Hardened-EC2

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP5-SAP-Hardened-GCE

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-BYOS

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-BYOS-Azure

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-BYOS-EC2

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-BYOS-GCE

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-Hardened

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-Hardened-Azure

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-Hardened-BYOS

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-Hardened-EC2

libwebp7-1.0.3-150200.3.5.1

Image SLES15-SP6-SAP-Hardened-GCE

libwebp7-1.0.3-150200.3.5.1

SUSE Linux Enterprise Module for Basesystem 15 SP4

libwebp-devel-1.0.3-150200.3.5.1

libwebp7-1.0.3-150200.3.5.1

libwebpdecoder3-1.0.3-150200.3.5.1

libwebpdemux2-1.0.3-150200.3.5.1

libwebpmux3-1.0.3-150200.3.5.1

SUSE Linux Enterprise Module for Basesystem 15 SP5

libwebp-devel-1.0.3-150200.3.5.1

libwebp7-1.0.3-150200.3.5.1

libwebpdecoder3-1.0.3-150200.3.5.1

libwebpdemux2-1.0.3-150200.3.5.1

libwebpmux3-1.0.3-150200.3.5.1

SUSE Linux Enterprise Module for Package Hub 15 SP4

libwebp7-32bit-1.0.3-150200.3.5.1

SUSE Linux Enterprise Real Time 15 SP3

libwebp-devel-1.0.3-150200.3.5.1

libwebp7-1.0.3-150200.3.5.1

libwebpdecoder3-1.0.3-150200.3.5.1

libwebpdemux2-1.0.3-150200.3.5.1

libwebpmux3-1.0.3-150200.3.5.1

openSUSE Leap 15.4

libwebp-devel-1.0.3-150200.3.5.1

libwebp-devel-32bit-1.0.3-150200.3.5.1

libwebp-tools-1.0.3-150200.3.5.1

libwebp7-1.0.3-150200.3.5.1

libwebp7-32bit-1.0.3-150200.3.5.1

libwebpdecoder3-1.0.3-150200.3.5.1

libwebpdecoder3-32bit-1.0.3-150200.3.5.1

libwebpdemux2-1.0.3-150200.3.5.1

libwebpdemux2-32bit-1.0.3-150200.3.5.1

libwebpmux3-1.0.3-150200.3.5.1

libwebpmux3-32bit-1.0.3-150200.3.5.1

openSUSE Leap 15.5

libwebp-devel-1.0.3-150200.3.5.1

libwebp-devel-32bit-1.0.3-150200.3.5.1

libwebp-tools-1.0.3-150200.3.5.1

libwebp7-1.0.3-150200.3.5.1

libwebp7-32bit-1.0.3-150200.3.5.1

libwebpdecoder3-1.0.3-150200.3.5.1

libwebpdecoder3-32bit-1.0.3-150200.3.5.1

libwebpdemux2-1.0.3-150200.3.5.1

libwebpdemux2-32bit-1.0.3-150200.3.5.1

libwebpmux3-1.0.3-150200.3.5.1

libwebpmux3-32bit-1.0.3-150200.3.5.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232467-1/
Link for SUSE-SU-2023:2467-1
https://lists.suse.com/pipermail/sle-updates/2023-June/029773.html
E-Mail link for SUSE-SU-2023:2467-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1210212
SUSE Bug 1210212
https://www.suse.com/security/cve/CVE-2023-1999/
SUSE CVE CVE-2023-1999 page

Описание

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

Затронутые продукты

Container containers/open-webui:0:libwebp7-1.0.3-150200.3.5.1

Container containers/open-webui:0:libwebpdemux2-1.0.3-150200.3.5.1

Container containers/open-webui:0:libwebpmux3-1.0.3-150200.3.5.1

Container suse/nginx:latest:libwebp7-1.0.3-150200.3.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-1999.html
CVE-2023-1999
https://bugzilla.suse.com/1213054
SUSE Bug 1213054
https://bugzilla.suse.com/1217159
SUSE Bug 1217159

SUSE-SU-2023:2467-1

Описание

Список пакетов

Container containers/open-webui:0

Container suse/nginx:latest

Image SLES15-SP2-SAP-Azure

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-BYOS-Azure

Image SLES15-SP2-SAP-BYOS-EC2-HVM

Image SLES15-SP2-SAP-BYOS-GCE

Image SLES15-SP2-SAP-EC2-HVM

Image SLES15-SP2-SAP-GCE

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP3-SAP-BYOS-Azure

Image SLES15-SP3-SAP-BYOS-EC2-HVM

Image SLES15-SP3-SAP-BYOS-GCE

Image SLES15-SP4-SAP-Azure-LI-BYOS

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

Image SLES15-SP4-SAP-Azure-VLI-BYOS

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP4-SAP-BYOS

Image SLES15-SP4-SAP-BYOS-Azure

Image SLES15-SP4-SAP-BYOS-EC2

Image SLES15-SP4-SAP-BYOS-GCE

Image SLES15-SP4-SAP-Hardened

Image SLES15-SP4-SAP-Hardened-Azure

Image SLES15-SP4-SAP-Hardened-BYOS

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

Image SLES15-SP4-SAP-Hardened-GCE

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2

Image SLES15-SP5-SAP-Azure-3P

Image SLES15-SP5-SAP-Azure-LI-BYOS

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

Image SLES15-SP5-SAP-Azure-VLI-BYOS

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP5-SAP-BYOS-Azure

Image SLES15-SP5-SAP-BYOS-EC2

Image SLES15-SP5-SAP-BYOS-GCE

Image SLES15-SP5-SAP-Hardened-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

Image SLES15-SP5-SAP-Hardened-EC2

Image SLES15-SP5-SAP-Hardened-GCE

Image SLES15-SP6-SAP-Azure-LI-BYOS

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

Image SLES15-SP6-SAP-Azure-VLI-BYOS

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP6-SAP-BYOS

Image SLES15-SP6-SAP-BYOS-Azure

Image SLES15-SP6-SAP-BYOS-EC2

Image SLES15-SP6-SAP-BYOS-GCE

Image SLES15-SP6-SAP-Hardened

Image SLES15-SP6-SAP-Hardened-Azure

Image SLES15-SP6-SAP-Hardened-BYOS

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

Image SLES15-SP6-SAP-Hardened-EC2

Image SLES15-SP6-SAP-Hardened-GCE

SUSE Linux Enterprise Module for Basesystem 15 SP4

SUSE Linux Enterprise Module for Basesystem 15 SP5

SUSE Linux Enterprise Module for Package Hub 15 SP4

SUSE Linux Enterprise Real Time 15 SP3

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-1999

Описание

Затронутые продукты

Ссылки