Headline
RHSA-2023:2072: Red Hat Security Advisory: libwebp security update
An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-02
Updated:
2023-05-02
RHSA-2023:2072 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: libwebp security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
- Mozilla: libwebp: Double-free in libwebp (CVE-2023-1999)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2186102 - CVE-2023-1999 Mozilla: libwebp: Double-free in libwebp
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
libwebp-1.0.0-7.el8_2.src.rpm
SHA-256: 3236a9cb3050af4b38d6c10fd75468225a476eb63d94f2747e7ca8c18ddc9967
x86_64
libwebp-1.0.0-7.el8_2.i686.rpm
SHA-256: f311fcd9afbe8d800cf1a804ad2975934dc12e6fefe2813bc94287b90609cd3b
libwebp-1.0.0-7.el8_2.x86_64.rpm
SHA-256: 0d1fc838e054934f3060327337ab4a504363aecf9a76ec891e37ca80405600ee
libwebp-debuginfo-1.0.0-7.el8_2.i686.rpm
SHA-256: 60ab5d815fad1947c58ac3c703bce0a5d9c50ae42fe77191ed330cbdc812b704
libwebp-debuginfo-1.0.0-7.el8_2.x86_64.rpm
SHA-256: 00cf0bdd9da90c914d1ccf90266cdc6a7d1271a38afa6c148a8cec6b2fe349d4
libwebp-debugsource-1.0.0-7.el8_2.i686.rpm
SHA-256: 66d6ffa804ed880d305fe361fa9bed5657b356b7849e39f96de7c965c09320a7
libwebp-debugsource-1.0.0-7.el8_2.x86_64.rpm
SHA-256: 9eb509dc345f5120fe37e15584bc1645dc27028a71f35d94030e998e0d6d46a4
libwebp-devel-1.0.0-7.el8_2.i686.rpm
SHA-256: 7751f7aaa540b53549e168b650b762260c3b7d37fb63fec5d517d8fcb428f4b4
libwebp-devel-1.0.0-7.el8_2.x86_64.rpm
SHA-256: 197fd8e794de75063d6f90a516a17f50d7fd7234f9eda86c2e254914afb97daf
libwebp-java-debuginfo-1.0.0-7.el8_2.i686.rpm
SHA-256: fcb24df4925dee8f15a7c7714f3a99d2454822c6a6f3c268453953281abef905
libwebp-java-debuginfo-1.0.0-7.el8_2.x86_64.rpm
SHA-256: f7e249254c3ea6c78495715d3dc6e966ed48ff0d7fb79667b18590e4b5eddaee
libwebp-tools-debuginfo-1.0.0-7.el8_2.i686.rpm
SHA-256: e5e3f9fdba23cd32eddd8d3b3aa248f182cdab51b96c308fbcd41c2292981dbc
libwebp-tools-debuginfo-1.0.0-7.el8_2.x86_64.rpm
SHA-256: ecd687bd05d36adb914a612bcb562ca15cc7cadc98ba09fbb565d282bb3f3538
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
libwebp-1.0.0-7.el8_2.src.rpm
SHA-256: 3236a9cb3050af4b38d6c10fd75468225a476eb63d94f2747e7ca8c18ddc9967
x86_64
libwebp-1.0.0-7.el8_2.i686.rpm
SHA-256: f311fcd9afbe8d800cf1a804ad2975934dc12e6fefe2813bc94287b90609cd3b
libwebp-1.0.0-7.el8_2.x86_64.rpm
SHA-256: 0d1fc838e054934f3060327337ab4a504363aecf9a76ec891e37ca80405600ee
libwebp-debuginfo-1.0.0-7.el8_2.i686.rpm
SHA-256: 60ab5d815fad1947c58ac3c703bce0a5d9c50ae42fe77191ed330cbdc812b704
libwebp-debuginfo-1.0.0-7.el8_2.x86_64.rpm
SHA-256: 00cf0bdd9da90c914d1ccf90266cdc6a7d1271a38afa6c148a8cec6b2fe349d4
libwebp-debugsource-1.0.0-7.el8_2.i686.rpm
SHA-256: 66d6ffa804ed880d305fe361fa9bed5657b356b7849e39f96de7c965c09320a7
libwebp-debugsource-1.0.0-7.el8_2.x86_64.rpm
SHA-256: 9eb509dc345f5120fe37e15584bc1645dc27028a71f35d94030e998e0d6d46a4
libwebp-devel-1.0.0-7.el8_2.i686.rpm
SHA-256: 7751f7aaa540b53549e168b650b762260c3b7d37fb63fec5d517d8fcb428f4b4
libwebp-devel-1.0.0-7.el8_2.x86_64.rpm
SHA-256: 197fd8e794de75063d6f90a516a17f50d7fd7234f9eda86c2e254914afb97daf
libwebp-java-debuginfo-1.0.0-7.el8_2.i686.rpm
SHA-256: fcb24df4925dee8f15a7c7714f3a99d2454822c6a6f3c268453953281abef905
libwebp-java-debuginfo-1.0.0-7.el8_2.x86_64.rpm
SHA-256: f7e249254c3ea6c78495715d3dc6e966ed48ff0d7fb79667b18590e4b5eddaee
libwebp-tools-debuginfo-1.0.0-7.el8_2.i686.rpm
SHA-256: e5e3f9fdba23cd32eddd8d3b3aa248f182cdab51b96c308fbcd41c2292981dbc
libwebp-tools-debuginfo-1.0.0-7.el8_2.x86_64.rpm
SHA-256: ecd687bd05d36adb914a612bcb562ca15cc7cadc98ba09fbb565d282bb3f3538
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
libwebp-1.0.0-7.el8_2.src.rpm
SHA-256: 3236a9cb3050af4b38d6c10fd75468225a476eb63d94f2747e7ca8c18ddc9967
ppc64le
libwebp-1.0.0-7.el8_2.ppc64le.rpm
SHA-256: 8321fa232f1253d474b702cce1e83261c18a8af298e88b5671f4e3501b1e2d9c
libwebp-debuginfo-1.0.0-7.el8_2.ppc64le.rpm
SHA-256: a50c2be2b8f9b4e90ed401b14366fe0df9c50b554abb314ebc261cac2265a5d4
libwebp-debugsource-1.0.0-7.el8_2.ppc64le.rpm
SHA-256: 9eb1a52bde0fb88530b8b5e11878accc1af2202908f6206f06a08f267a4a8d1f
libwebp-devel-1.0.0-7.el8_2.ppc64le.rpm
SHA-256: 8f3bd19c94131479e5a2bf4ced622a7779c96c121c30104bd9a2b4b8588dfec7
libwebp-java-debuginfo-1.0.0-7.el8_2.ppc64le.rpm
SHA-256: 2f0946d04c38f621771c576ee936a62990012b1932a92a29d12d7b7b9516453c
libwebp-tools-debuginfo-1.0.0-7.el8_2.ppc64le.rpm
SHA-256: e26b8b41601b1e4a32645a8f0601e8b2eca257f2fed671a7ddce671ea2e12a4e
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
libwebp-1.0.0-7.el8_2.src.rpm
SHA-256: 3236a9cb3050af4b38d6c10fd75468225a476eb63d94f2747e7ca8c18ddc9967
x86_64
libwebp-1.0.0-7.el8_2.i686.rpm
SHA-256: f311fcd9afbe8d800cf1a804ad2975934dc12e6fefe2813bc94287b90609cd3b
libwebp-1.0.0-7.el8_2.x86_64.rpm
SHA-256: 0d1fc838e054934f3060327337ab4a504363aecf9a76ec891e37ca80405600ee
libwebp-debuginfo-1.0.0-7.el8_2.i686.rpm
SHA-256: 60ab5d815fad1947c58ac3c703bce0a5d9c50ae42fe77191ed330cbdc812b704
libwebp-debuginfo-1.0.0-7.el8_2.x86_64.rpm
SHA-256: 00cf0bdd9da90c914d1ccf90266cdc6a7d1271a38afa6c148a8cec6b2fe349d4
libwebp-debugsource-1.0.0-7.el8_2.i686.rpm
SHA-256: 66d6ffa804ed880d305fe361fa9bed5657b356b7849e39f96de7c965c09320a7
libwebp-debugsource-1.0.0-7.el8_2.x86_64.rpm
SHA-256: 9eb509dc345f5120fe37e15584bc1645dc27028a71f35d94030e998e0d6d46a4
libwebp-devel-1.0.0-7.el8_2.i686.rpm
SHA-256: 7751f7aaa540b53549e168b650b762260c3b7d37fb63fec5d517d8fcb428f4b4
libwebp-devel-1.0.0-7.el8_2.x86_64.rpm
SHA-256: 197fd8e794de75063d6f90a516a17f50d7fd7234f9eda86c2e254914afb97daf
libwebp-java-debuginfo-1.0.0-7.el8_2.i686.rpm
SHA-256: fcb24df4925dee8f15a7c7714f3a99d2454822c6a6f3c268453953281abef905
libwebp-java-debuginfo-1.0.0-7.el8_2.x86_64.rpm
SHA-256: f7e249254c3ea6c78495715d3dc6e966ed48ff0d7fb79667b18590e4b5eddaee
libwebp-tools-debuginfo-1.0.0-7.el8_2.i686.rpm
SHA-256: e5e3f9fdba23cd32eddd8d3b3aa248f182cdab51b96c308fbcd41c2292981dbc
libwebp-tools-debuginfo-1.0.0-7.el8_2.x86_64.rpm
SHA-256: ecd687bd05d36adb914a612bcb562ca15cc7cadc98ba09fbb565d282bb3f3538
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.
Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Gentoo Linux Security Advisory 202305-35 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0:esr are affected.
Debian Linux Security Advisory 5408-1 - Irvan Kurniawan discovered a double free in the libwebp image compression library which may result in denial of service.
Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-2076-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.
Red Hat Security Advisory 2023-2072-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.
Red Hat Security Advisory 2023-2077-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.
Red Hat Security Advisory 2023-2073-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.
Red Hat Security Advisory 2023-2078-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.
Red Hat Security Advisory 2023-2075-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.
An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.
An update for libwebp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.
An update for libwebp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.
An update for libwebp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.
An update for libwebp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.
Firefox gets a needed tune-up, SolarWinds squashes two high-severity bugs, Oracle patches 433 vulnerabilities, and more updates you should make now.