Описание
Security update for libavif
This update for libavif fixes the following issues:
- CVE-2023-6704: Fixed use after free by not storing colorproperties until alpha item is found (bsc#1218303).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libavif13-0.9.3-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libavif13-0.9.3-150400.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
libavif13-0.9.3-150400.3.3.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libavif13-0.9.3-150400.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libavif13-0.9.3-150400.3.3.1
SUSE Manager Proxy 4.3
libavif13-0.9.3-150400.3.3.1
SUSE Manager Server 4.3
libavif13-0.9.3-150400.3.3.1
openSUSE Leap 15.5
avif-tools-0.9.3-150400.3.3.1
gdk-pixbuf-loader-libavif-0.9.3-150400.3.3.1
libavif-devel-0.9.3-150400.3.3.1
libavif13-0.9.3-150400.3.3.1
libavif13-32bit-0.9.3-150400.3.3.1
Ссылки
- Link for SUSE-SU-2024:0423-1
- E-Mail link for SUSE-SU-2024:0423-1
- SUSE Security Ratings
- SUSE Bug 1218303
- SUSE CVE CVE-2023-6704 page
Описание
Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavif13-0.9.3-150400.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libavif13-0.9.3-150400.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP5:libavif13-0.9.3-150400.3.3.1
SUSE Linux Enterprise Server 15 SP4-LTSS:libavif13-0.9.3-150400.3.3.1
Ссылки
- CVE-2023-6704
- SUSE Bug 1218048
- SUSE Bug 1218303