Security update for libwebp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3794-1 Final 1 1 2023-09-26T16:06:17Z current 2023-09-26T16:06:17Z 2023-09-26T16:06:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libwebp This update for libwebp fixes the following issues: - CVE-2023-4863: Fixed a heap buffer overflow (bsc#1215231). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2023-3794,SUSE-2023-3794,SUSE-OpenStack-Cloud-8-2023-3794,SUSE-OpenStack-Cloud-9-2023-3794,SUSE-OpenStack-Cloud-Crowbar-8-2023-3794,SUSE-OpenStack-Cloud-Crowbar-9-2023-3794,SUSE-SLE-SDK-12-SP5-2023-3794,SUSE-SLE-SERVER-12-SP5-2023-3794 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233794-1/ Link for SUSE-SU-2023:3794-1 https://lists.suse.com/pipermail/sle-security-updates/2023-September/016334.html E-Mail link for SUSE-SU-2023:3794-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1215231 SUSE Bug 1215231 https://www.suse.com/security/cve/CVE-2023-4863/ SUSE CVE CVE-2023-4863 page HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 libwebpmux1-0.4.3-4.15.1 libwebp-devel-0.4.3-4.15.1 libwebp-tools-0.4.3-4.15.1 libwebp5-0.4.3-4.15.1 libwebp5-32bit-0.4.3-4.15.1 libwebp5-64bit-0.4.3-4.15.1 libwebpdecoder1-0.4.3-4.15.1 libwebpdecoder1-32bit-0.4.3-4.15.1 libwebpdecoder1-64bit-0.4.3-4.15.1 libwebpdemux1-0.4.3-4.15.1 libwebpdemux1-32bit-0.4.3-4.15.1 libwebpdemux1-64bit-0.4.3-4.15.1 libwebpmux1-32bit-0.4.3-4.15.1 libwebpmux1-64bit-0.4.3-4.15.1 libwebpmux1-0.4.3-4.15.1 as a component of HPE Helion OpenStack 8 libwebp5-0.4.3-4.15.1 as a component of SUSE Linux Enterprise Server 12 SP5 libwebp5-32bit-0.4.3-4.15.1 as a component of SUSE Linux Enterprise Server 12 SP5 libwebpdemux1-0.4.3-4.15.1 as a component of SUSE Linux Enterprise Server 12 SP5 libwebp5-0.4.3-4.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libwebp5-32bit-0.4.3-4.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libwebpdemux1-0.4.3-4.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libwebp-devel-0.4.3-4.15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libwebpdecoder1-0.4.3-4.15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libwebpmux1-0.4.3-4.15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libwebpmux1-0.4.3-4.15.1 as a component of SUSE OpenStack Cloud 8 libwebpmux1-0.4.3-4.15.1 as a component of SUSE OpenStack Cloud 9 libwebpmux1-0.4.3-4.15.1 as a component of SUSE OpenStack Cloud Crowbar 8 libwebpmux1-0.4.3-4.15.1 as a component of SUSE OpenStack Cloud Crowbar 9 Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) CVE-2023-4863 HPE Helion OpenStack 8:libwebpmux1-0.4.3-4.15.1 SUSE Linux Enterprise Server 12 SP5:libwebp5-0.4.3-4.15.1 SUSE Linux Enterprise Server 12 SP5:libwebp5-32bit-0.4.3-4.15.1 SUSE Linux Enterprise Server 12 SP5:libwebpdemux1-0.4.3-4.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebp5-0.4.3-4.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebp5-32bit-0.4.3-4.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebpdemux1-0.4.3-4.15.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libwebp-devel-0.4.3-4.15.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libwebpdecoder1-0.4.3-4.15.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libwebpmux1-0.4.3-4.15.1 SUSE OpenStack Cloud 8:libwebpmux1-0.4.3-4.15.1 SUSE OpenStack Cloud 9:libwebpmux1-0.4.3-4.15.1 SUSE OpenStack Cloud Crowbar 8:libwebpmux1-0.4.3-4.15.1 SUSE OpenStack Cloud Crowbar 9:libwebpmux1-0.4.3-4.15.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233794-1/ https://www.suse.com/security/cve/CVE-2023-4863.html CVE-2023-4863 https://bugzilla.suse.com/1215231 SUSE Bug 1215231 https://bugzilla.suse.com/1217115 SUSE Bug 1217115 https://bugzilla.suse.com/1217117 SUSE Bug 1217117