Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2072: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#git#java#kubernetes#aws#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-02

Updated:

2023-05-02

RHSA-2023:2072 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: libwebp security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.

Security Fix(es):

  • Mozilla: libwebp: Double-free in libwebp (CVE-2023-1999)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2186102 - CVE-2023-1999 Mozilla: libwebp: Double-free in libwebp

Red Hat Enterprise Linux Server - AUS 8.2

SRPM

libwebp-1.0.0-7.el8_2.src.rpm

SHA-256: 3236a9cb3050af4b38d6c10fd75468225a476eb63d94f2747e7ca8c18ddc9967

x86_64

libwebp-1.0.0-7.el8_2.i686.rpm

SHA-256: f311fcd9afbe8d800cf1a804ad2975934dc12e6fefe2813bc94287b90609cd3b

libwebp-1.0.0-7.el8_2.x86_64.rpm

SHA-256: 0d1fc838e054934f3060327337ab4a504363aecf9a76ec891e37ca80405600ee

libwebp-debuginfo-1.0.0-7.el8_2.i686.rpm

SHA-256: 60ab5d815fad1947c58ac3c703bce0a5d9c50ae42fe77191ed330cbdc812b704

libwebp-debuginfo-1.0.0-7.el8_2.x86_64.rpm

SHA-256: 00cf0bdd9da90c914d1ccf90266cdc6a7d1271a38afa6c148a8cec6b2fe349d4

libwebp-debugsource-1.0.0-7.el8_2.i686.rpm

SHA-256: 66d6ffa804ed880d305fe361fa9bed5657b356b7849e39f96de7c965c09320a7

libwebp-debugsource-1.0.0-7.el8_2.x86_64.rpm

SHA-256: 9eb509dc345f5120fe37e15584bc1645dc27028a71f35d94030e998e0d6d46a4

libwebp-devel-1.0.0-7.el8_2.i686.rpm

SHA-256: 7751f7aaa540b53549e168b650b762260c3b7d37fb63fec5d517d8fcb428f4b4

libwebp-devel-1.0.0-7.el8_2.x86_64.rpm

SHA-256: 197fd8e794de75063d6f90a516a17f50d7fd7234f9eda86c2e254914afb97daf

libwebp-java-debuginfo-1.0.0-7.el8_2.i686.rpm

SHA-256: fcb24df4925dee8f15a7c7714f3a99d2454822c6a6f3c268453953281abef905

libwebp-java-debuginfo-1.0.0-7.el8_2.x86_64.rpm

SHA-256: f7e249254c3ea6c78495715d3dc6e966ed48ff0d7fb79667b18590e4b5eddaee

libwebp-tools-debuginfo-1.0.0-7.el8_2.i686.rpm

SHA-256: e5e3f9fdba23cd32eddd8d3b3aa248f182cdab51b96c308fbcd41c2292981dbc

libwebp-tools-debuginfo-1.0.0-7.el8_2.x86_64.rpm

SHA-256: ecd687bd05d36adb914a612bcb562ca15cc7cadc98ba09fbb565d282bb3f3538

Red Hat Enterprise Linux Server - TUS 8.2

SRPM

libwebp-1.0.0-7.el8_2.src.rpm

SHA-256: 3236a9cb3050af4b38d6c10fd75468225a476eb63d94f2747e7ca8c18ddc9967

x86_64

libwebp-1.0.0-7.el8_2.i686.rpm

SHA-256: f311fcd9afbe8d800cf1a804ad2975934dc12e6fefe2813bc94287b90609cd3b

libwebp-1.0.0-7.el8_2.x86_64.rpm

SHA-256: 0d1fc838e054934f3060327337ab4a504363aecf9a76ec891e37ca80405600ee

libwebp-debuginfo-1.0.0-7.el8_2.i686.rpm

SHA-256: 60ab5d815fad1947c58ac3c703bce0a5d9c50ae42fe77191ed330cbdc812b704

libwebp-debuginfo-1.0.0-7.el8_2.x86_64.rpm

SHA-256: 00cf0bdd9da90c914d1ccf90266cdc6a7d1271a38afa6c148a8cec6b2fe349d4

libwebp-debugsource-1.0.0-7.el8_2.i686.rpm

SHA-256: 66d6ffa804ed880d305fe361fa9bed5657b356b7849e39f96de7c965c09320a7

libwebp-debugsource-1.0.0-7.el8_2.x86_64.rpm

SHA-256: 9eb509dc345f5120fe37e15584bc1645dc27028a71f35d94030e998e0d6d46a4

libwebp-devel-1.0.0-7.el8_2.i686.rpm

SHA-256: 7751f7aaa540b53549e168b650b762260c3b7d37fb63fec5d517d8fcb428f4b4

libwebp-devel-1.0.0-7.el8_2.x86_64.rpm

SHA-256: 197fd8e794de75063d6f90a516a17f50d7fd7234f9eda86c2e254914afb97daf

libwebp-java-debuginfo-1.0.0-7.el8_2.i686.rpm

SHA-256: fcb24df4925dee8f15a7c7714f3a99d2454822c6a6f3c268453953281abef905

libwebp-java-debuginfo-1.0.0-7.el8_2.x86_64.rpm

SHA-256: f7e249254c3ea6c78495715d3dc6e966ed48ff0d7fb79667b18590e4b5eddaee

libwebp-tools-debuginfo-1.0.0-7.el8_2.i686.rpm

SHA-256: e5e3f9fdba23cd32eddd8d3b3aa248f182cdab51b96c308fbcd41c2292981dbc

libwebp-tools-debuginfo-1.0.0-7.el8_2.x86_64.rpm

SHA-256: ecd687bd05d36adb914a612bcb562ca15cc7cadc98ba09fbb565d282bb3f3538

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

libwebp-1.0.0-7.el8_2.src.rpm

SHA-256: 3236a9cb3050af4b38d6c10fd75468225a476eb63d94f2747e7ca8c18ddc9967

ppc64le

libwebp-1.0.0-7.el8_2.ppc64le.rpm

SHA-256: 8321fa232f1253d474b702cce1e83261c18a8af298e88b5671f4e3501b1e2d9c

libwebp-debuginfo-1.0.0-7.el8_2.ppc64le.rpm

SHA-256: a50c2be2b8f9b4e90ed401b14366fe0df9c50b554abb314ebc261cac2265a5d4

libwebp-debugsource-1.0.0-7.el8_2.ppc64le.rpm

SHA-256: 9eb1a52bde0fb88530b8b5e11878accc1af2202908f6206f06a08f267a4a8d1f

libwebp-devel-1.0.0-7.el8_2.ppc64le.rpm

SHA-256: 8f3bd19c94131479e5a2bf4ced622a7779c96c121c30104bd9a2b4b8588dfec7

libwebp-java-debuginfo-1.0.0-7.el8_2.ppc64le.rpm

SHA-256: 2f0946d04c38f621771c576ee936a62990012b1932a92a29d12d7b7b9516453c

libwebp-tools-debuginfo-1.0.0-7.el8_2.ppc64le.rpm

SHA-256: e26b8b41601b1e4a32645a8f0601e8b2eca257f2fed671a7ddce671ea2e12a4e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

libwebp-1.0.0-7.el8_2.src.rpm

SHA-256: 3236a9cb3050af4b38d6c10fd75468225a476eb63d94f2747e7ca8c18ddc9967

x86_64

libwebp-1.0.0-7.el8_2.i686.rpm

SHA-256: f311fcd9afbe8d800cf1a804ad2975934dc12e6fefe2813bc94287b90609cd3b

libwebp-1.0.0-7.el8_2.x86_64.rpm

SHA-256: 0d1fc838e054934f3060327337ab4a504363aecf9a76ec891e37ca80405600ee

libwebp-debuginfo-1.0.0-7.el8_2.i686.rpm

SHA-256: 60ab5d815fad1947c58ac3c703bce0a5d9c50ae42fe77191ed330cbdc812b704

libwebp-debuginfo-1.0.0-7.el8_2.x86_64.rpm

SHA-256: 00cf0bdd9da90c914d1ccf90266cdc6a7d1271a38afa6c148a8cec6b2fe349d4

libwebp-debugsource-1.0.0-7.el8_2.i686.rpm

SHA-256: 66d6ffa804ed880d305fe361fa9bed5657b356b7849e39f96de7c965c09320a7

libwebp-debugsource-1.0.0-7.el8_2.x86_64.rpm

SHA-256: 9eb509dc345f5120fe37e15584bc1645dc27028a71f35d94030e998e0d6d46a4

libwebp-devel-1.0.0-7.el8_2.i686.rpm

SHA-256: 7751f7aaa540b53549e168b650b762260c3b7d37fb63fec5d517d8fcb428f4b4

libwebp-devel-1.0.0-7.el8_2.x86_64.rpm

SHA-256: 197fd8e794de75063d6f90a516a17f50d7fd7234f9eda86c2e254914afb97daf

libwebp-java-debuginfo-1.0.0-7.el8_2.i686.rpm

SHA-256: fcb24df4925dee8f15a7c7714f3a99d2454822c6a6f3c268453953281abef905

libwebp-java-debuginfo-1.0.0-7.el8_2.x86_64.rpm

SHA-256: f7e249254c3ea6c78495715d3dc6e966ed48ff0d7fb79667b18590e4b5eddaee

libwebp-tools-debuginfo-1.0.0-7.el8_2.i686.rpm

SHA-256: e5e3f9fdba23cd32eddd8d3b3aa248f182cdab51b96c308fbcd41c2292981dbc

libwebp-tools-debuginfo-1.0.0-7.el8_2.x86_64.rpm

SHA-256: ecd687bd05d36adb914a612bcb562ca15cc7cadc98ba09fbb565d282bb3f3538

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-45085: Releases - HyperCloud Docs

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

Red Hat Security Advisory 2023-3624-01

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3356-01

Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Gentoo Linux Security Advisory 202305-35

Gentoo Linux Security Advisory 202305-35 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0:esr are affected.

Debian Security Advisory 5408-1

Debian Linux Security Advisory 5408-1 - Irvan Kurniawan discovered a double free in the libwebp image compression library which may result in denial of service.

Red Hat Security Advisory 2023-2110-01

Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-2076-01

Red Hat Security Advisory 2023-2076-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

Red Hat Security Advisory 2023-2072-01

Red Hat Security Advisory 2023-2072-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

Red Hat Security Advisory 2023-2077-01

Red Hat Security Advisory 2023-2077-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

Red Hat Security Advisory 2023-2073-01

Red Hat Security Advisory 2023-2073-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

Red Hat Security Advisory 2023-2078-01

Red Hat Security Advisory 2023-2078-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

Red Hat Security Advisory 2023-2075-01

Red Hat Security Advisory 2023-2075-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

RHSA-2023:2085: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.

RHSA-2023:2078: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.

RHSA-2023:2077: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.

RHSA-2023:2076: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.

RHSA-2023:2075: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1999: The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.

Apple, Google, and Microsoft Just Fixed Zero-Day Security Flaws

Firefox gets a needed tune-up, SolarWinds squashes two high-severity bugs, Oracle patches 433 vulnerabilities, and more updates you should make now.