Release Info

Advisory: CLSA-2023:1697016696

OS: Ubuntu 18.04 ELS

Public date: 2023-10-11 05:31:38

Project: libwebp

Version: 0.6.1-2ubuntu0.18.04.2.tuxcare.els1

Errata link: https://errata.cloudlinux.com/ubuntu18-els/CLSA-2023-1697016696.html

Changelog

* SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2023-4863-pre.patch: prepare sources to be patched - debian/patches/CVE-2023-4863-1.patch: first, BuildHuffmanTable() is called to check if the data is valid. If it is and the table is not big enough, more memory is allocated. This will make sure that valid (but unoptimized because of unbalanced codes) streams are still decodable. - debian/patches/CVE-2023-4863-2.patch: fix memory error - debian/patches/CVE-2023-4863-3.patch: remove unused code - debian/patches/CVE-2023-4863-4.patch: fix pointer offset int overflow - CVE-2023-4836

Update

Update command: apt-get update apt-get --only-upgrade install libwebp*

Packages list

libwebp-dev_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb libwebp6_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb libwebpdemux2_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb libwebpmux3_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb webp_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb

CVEs

CVE-2023-4863