Advisory: CLSA-2023:1697016696
OS: Ubuntu 18.04 ELS
Public date: 2023-10-11 05:31:38
Project: libwebp
Version: 0.6.1-2ubuntu0.18.04.2.tuxcare.els1
Errata link: https://errata.cloudlinux.com/ubuntu18-els/CLSA-2023-1697016696.html
* SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2023-4863-pre.patch: prepare sources to be patched - debian/patches/CVE-2023-4863-1.patch: first, BuildHuffmanTable() is called to check if the data is valid. If it is and the table is not big enough, more memory is allocated. This will make sure that valid (but unoptimized because of unbalanced codes) streams are still decodable. - debian/patches/CVE-2023-4863-2.patch: fix memory error - debian/patches/CVE-2023-4863-3.patch: remove unused code - debian/patches/CVE-2023-4863-4.patch: fix pointer offset int overflow - CVE-2023-4836
Update command: apt-get update apt-get --only-upgrade install libwebp*
libwebp-dev_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb libwebp6_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb libwebpdemux2_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb libwebpmux3_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb webp_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb