Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5408-1

Debian Linux Security Advisory 5408-1 - Irvan Kurniawan discovered a double free in the libwebp image compression library which may result in denial of service.

Packet Storm
#web#mac#linux#debian#dos#js#ssh

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Debian Security Advisory DSA-5408-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
May 21, 2023 https://www.debian.org/security/faq


Package : libwebp
CVE ID : CVE-2023-1999
Debian Bug : 1035371

Irvan Kurniawan discovered a double free in the libwebp image compression
library which may result in denial of service.

For the stable distribution (bullseye), this problem has been fixed in
version 0.6.1-2.1+deb11u1.

We recommend that you upgrade your libwebp packages.

For the detailed security status of libwebp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libwebp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmRqXHAACgkQEMKTtsN8
TjYWbA//X8f1KXJF3/lm3Nvrnfzn0+8fkaKFXug7itX0e9QI1UPfynJQpVHhvvYv
0FCi6GUhzWh79agIb3vzppMR3HcgGZj4gLE6bQ5AWa0Jx9kpdeE+UuYA4y8egO4+
wSaUg8aL71vjATO1yuANEgduLDazj05MgG1o+DwTB0kXdku/50OSOBD03GBfv0EQ
z1CLFmSh1JlXFak9G9ggq/WUixue8SgoNGV7S3cTJ5DJb1lFg4GtlXUFOGbO62dE
BZHMacNmiqnIVCM8DOLpWvN+miZgUeBWuV4mcfa6DOu4w6vDUz4wDINOSQb10crK
3xbhQbCpKQKEa/uIDm89VxJfNSXCOn+TmXr1TY3r47a7TGS8a7b+9Ol4QkT/zk9s
c/1M9/+/7dDPf/RZYoX0yNEakEDlU2kBiSj0IVSQzWWuRi/oJSdgHjvDOXRmLeT1
BK/uvmhCoLK4iWILndfD+muMO3A326dk4luex7QMaW5LfN0ZOPOJAddLNTQiBEZ0
ovBKnw3LLpnT15iJcW0Y+xz9YajEsVXPxKDVuUAdHgniHevOqRF3JQsfEIsCKUnR
sSh7pVGh7PFbvmRyJsnEcZ2vPpCWqDOkofCT49xxpkiF/8tJS0EpmDialceBpJeY
/UKMzuGWUEivzTk7QoEdjGCFewi7Qorcsv4uFvulZ5wdGFuaVtcoa8
-----END PGP SIGNATURE-----

Related news

CVE-2023-45085: Releases - HyperCloud Docs

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

Red Hat Security Advisory 2023-3624-01

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3356-01

Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Gentoo Linux Security Advisory 202305-35

Gentoo Linux Security Advisory 202305-35 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0:esr are affected.

Ubuntu Security Notice USN-6078-1

Ubuntu Security Notice 6078-1 - Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-2110-01

Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-2076-01

Red Hat Security Advisory 2023-2076-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

Red Hat Security Advisory 2023-2072-01

Red Hat Security Advisory 2023-2072-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

Red Hat Security Advisory 2023-2077-01

Red Hat Security Advisory 2023-2077-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

Red Hat Security Advisory 2023-2073-01

Red Hat Security Advisory 2023-2073-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

RHSA-2023:2085: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.

RHSA-2023:2078: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.

RHSA-2023:2072: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.

Apple, Google, and Microsoft Just Fixed Zero-Day Security Flaws

Firefox gets a needed tune-up, SolarWinds squashes two high-severity bugs, Oracle patches 433 vulnerabilities, and more updates you should make now.

Packet Storm: Latest News

Zeek 6.0.9