SUSE-SU-2023:3634-1

Опубликовано: 18 сент. 2023

Источник: suse-cvrf

Описание

Security update for libwebp

This update for libwebp fixes the following issues:

CVE-2023-4863: Fixed heap buffer overflow (bsc#1215231).

Список пакетов

Container containers/open-webui:0

libwebp7-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

Container suse/nginx:latest

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP2-SAP-Azure

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP2-SAP-BYOS-Azure

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP2-SAP-BYOS-GCE

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP2-SAP-EC2-HVM

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP2-SAP-GCE

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP3-SAP-BYOS-Azure

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP3-SAP-BYOS-GCE

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-BYOS

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-BYOS-Azure

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-BYOS-EC2

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-BYOS-GCE

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-Hardened

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-Hardened-Azure

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-Hardened-BYOS

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SAP-Hardened-GCE

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP5-SAP-Azure-3P

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP5-SAP-BYOS-Azure

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP5-SAP-BYOS-EC2

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP5-SAP-BYOS-GCE

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP5-SAP-Hardened-Azure

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP5-SAP-Hardened-GCE

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-BYOS

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-BYOS-Azure

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-BYOS-EC2

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-BYOS-GCE

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-Hardened

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-Hardened-Azure

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-Hardened-BYOS

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-Hardened-EC2

libwebp7-1.0.3-150200.3.10.1

Image SLES15-SP6-SAP-Hardened-GCE

libwebp7-1.0.3-150200.3.10.1

SUSE Enterprise Storage 7.1

libwebp-devel-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

libwebp-devel-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

libwebp-devel-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

libwebp-devel-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

SUSE Linux Enterprise Module for Basesystem 15 SP4

libwebp-devel-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

SUSE Linux Enterprise Module for Basesystem 15 SP5

libwebp-devel-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

SUSE Linux Enterprise Module for Package Hub 15 SP4

libwebp7-32bit-1.0.3-150200.3.10.1

SUSE Linux Enterprise Module for Package Hub 15 SP5

libwebp7-32bit-1.0.3-150200.3.10.1

SUSE Linux Enterprise Server 15 SP2-LTSS

libwebp-devel-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

SUSE Linux Enterprise Server 15 SP3-LTSS

libwebp-devel-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

libwebp-devel-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

libwebp-devel-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

SUSE Manager Proxy 4.2

libwebp-devel-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

SUSE Manager Server 4.2

libwebp-devel-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

openSUSE Leap 15.4

libwebp-devel-1.0.3-150200.3.10.1

libwebp-devel-32bit-1.0.3-150200.3.10.1

libwebp-tools-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebp7-32bit-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdecoder3-32bit-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpdemux2-32bit-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

libwebpmux3-32bit-1.0.3-150200.3.10.1

openSUSE Leap 15.5

libwebp-devel-1.0.3-150200.3.10.1

libwebp-devel-32bit-1.0.3-150200.3.10.1

libwebp-tools-1.0.3-150200.3.10.1

libwebp7-1.0.3-150200.3.10.1

libwebp7-32bit-1.0.3-150200.3.10.1

libwebpdecoder3-1.0.3-150200.3.10.1

libwebpdecoder3-32bit-1.0.3-150200.3.10.1

libwebpdemux2-1.0.3-150200.3.10.1

libwebpdemux2-32bit-1.0.3-150200.3.10.1

libwebpmux3-1.0.3-150200.3.10.1

libwebpmux3-32bit-1.0.3-150200.3.10.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233634-1/
Link for SUSE-SU-2023:3634-1
https://lists.suse.com/pipermail/sle-updates/2023-September/031493.html
E-Mail link for SUSE-SU-2023:3634-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1215231
SUSE Bug 1215231
https://www.suse.com/security/cve/CVE-2023-4863/
SUSE CVE CVE-2023-4863 page

Описание

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Затронутые продукты

Container containers/open-webui:0:libwebp7-1.0.3-150200.3.10.1

Container containers/open-webui:0:libwebpdemux2-1.0.3-150200.3.10.1

Container containers/open-webui:0:libwebpmux3-1.0.3-150200.3.10.1

Container suse/nginx:latest:libwebp7-1.0.3-150200.3.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-4863.html
CVE-2023-4863
https://bugzilla.suse.com/1215231
SUSE Bug 1215231
https://bugzilla.suse.com/1217115
SUSE Bug 1217115
https://bugzilla.suse.com/1217117
SUSE Bug 1217117