Red Hat Product Errata RHSA-2023:2075 - Security Advisory
Issued:
2023-05-02
Updated:
2023-05-02

RHSA-2023:2075 - Security Advisory

Synopsis

Important: libwebp security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libwebp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.

Security Fix(es):

  • Mozilla: libwebp: Double-free in libwebp (CVE-2023-1999)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2186102 - CVE-2023-1999 Mozilla: libwebp: Double-free in libwebp

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
libwebp-1.2.0-5.el9_0.src.rpm SHA-256: 5e62462dd875500a231289e62ff18a4b8a4c499beb1a7cc3722f9cd68f23c54f
x86_64
libwebp-1.2.0-5.el9_0.i686.rpm SHA-256: 23c10b30ab3fa382d4e715884971c0d1b82a22392034f222657176c17d8d456f
libwebp-1.2.0-5.el9_0.x86_64.rpm SHA-256: 11bd60bf721f6a810e605794134ffcc27da862275b63141466d33f28f33911e4
libwebp-debuginfo-1.2.0-5.el9_0.i686.rpm SHA-256: 931da8f1ea5d595ddef6429e0c4dcf802d14adab9d19d834d0a0e7b3eb6f2462
libwebp-debuginfo-1.2.0-5.el9_0.x86_64.rpm SHA-256: 72b680b51271f057ee725d0baeecd99bd1fb98e81764f72e134190458df09644
libwebp-debugsource-1.2.0-5.el9_0.i686.rpm SHA-256: abb1849e48d09775207f640566a2e5dcd8131809b63367a9e7118a8c49a731c5
libwebp-debugsource-1.2.0-5.el9_0.x86_64.rpm SHA-256: 9a30c2c5abe5f77d20c00112f336c42e99719c81c16018f0184da14f0235992b
libwebp-devel-1.2.0-5.el9_0.i686.rpm SHA-256: 01db2e3e98fa9779f4beb7c6a9bf663eaf76d50262f150a180fb36e352c688f6
libwebp-devel-1.2.0-5.el9_0.x86_64.rpm SHA-256: 55d41cbe8b30b289c379e79b6825bdfa4b97c405ded653135c056556d0e07961
libwebp-java-debuginfo-1.2.0-5.el9_0.i686.rpm SHA-256: 0d3c76965cf7298028080352f123de453ce838843d55c6fcd21b22aaaef6b275
libwebp-java-debuginfo-1.2.0-5.el9_0.x86_64.rpm SHA-256: ab1be3661e3c50af638fd11dfa2d4bc52011967a72002445c64f13ebe20a50c1
libwebp-tools-debuginfo-1.2.0-5.el9_0.i686.rpm SHA-256: afa2fd073ed8ad78927779dcd07c3686b5209687e8c577f7bc5181593f48756b
libwebp-tools-debuginfo-1.2.0-5.el9_0.x86_64.rpm SHA-256: 94db947efc9a312255bf9aab1c478c52f28def7dacaf0b9e902092936608f0fd

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
libwebp-1.2.0-5.el9_0.src.rpm SHA-256: 5e62462dd875500a231289e62ff18a4b8a4c499beb1a7cc3722f9cd68f23c54f
s390x
libwebp-1.2.0-5.el9_0.s390x.rpm SHA-256: a6152730df08c9ebfed98625ddf4193a4f448dc035db990581a4c523f953e6a8
libwebp-debuginfo-1.2.0-5.el9_0.s390x.rpm SHA-256: 66a713e6b54cb28c50a63f14bfa09428a54eff3544c08d190c1854711b059448
libwebp-debugsource-1.2.0-5.el9_0.s390x.rpm SHA-256: 49f205de0edeeff6d1ddc4346881b2910316659a16b8bcbec13545573524c21e
libwebp-devel-1.2.0-5.el9_0.s390x.rpm SHA-256: fe5ef27e31f974e3debb321db01e838e2326e58690a13d170a9d43d908b7c054
libwebp-java-debuginfo-1.2.0-5.el9_0.s390x.rpm SHA-256: d81e89190c7e6c386e97c14b82374b8ffdfdd7bcbde32c5c2903e1f11c809710
libwebp-tools-debuginfo-1.2.0-5.el9_0.s390x.rpm SHA-256: ad5f672714640a25f87abc0c7df8703f1ff568ed8bb7ba9bbcd6b31875c103db

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
libwebp-1.2.0-5.el9_0.src.rpm SHA-256: 5e62462dd875500a231289e62ff18a4b8a4c499beb1a7cc3722f9cd68f23c54f
ppc64le
libwebp-1.2.0-5.el9_0.ppc64le.rpm SHA-256: ae1b4f1737098dbd25cb8d76ee6a37f7c5649f63c7418aa980b7742c95db6970
libwebp-debuginfo-1.2.0-5.el9_0.ppc64le.rpm SHA-256: 5dc067e5cee8dfb76218436986307bc4cdd6f6d295d040cbf6a9061e984c122e
libwebp-debugsource-1.2.0-5.el9_0.ppc64le.rpm SHA-256: 8f24c68506f2752de2a6547c1cebe2663da3322a6f547b014480d0a59f7b084b
libwebp-devel-1.2.0-5.el9_0.ppc64le.rpm SHA-256: b95d8fdc622c4c6b5e7863267b2ebe2715cc82cd1e320f63083c20527b94a43a
libwebp-java-debuginfo-1.2.0-5.el9_0.ppc64le.rpm SHA-256: f9a8f51a7077ff6772b05451e067533e08692dd251704e34ee0fb122f3f89c26
libwebp-tools-debuginfo-1.2.0-5.el9_0.ppc64le.rpm SHA-256: 8678134df2270c62cde6b6c7c2f8641bf249f1fcc10f2a1975b5e12f1d9baf31

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
libwebp-1.2.0-5.el9_0.src.rpm SHA-256: 5e62462dd875500a231289e62ff18a4b8a4c499beb1a7cc3722f9cd68f23c54f
aarch64
libwebp-1.2.0-5.el9_0.aarch64.rpm SHA-256: 1088ea14e44f75399b49fa19c4bccb31114a8c69fd0a975e2d47f3532823b578
libwebp-debuginfo-1.2.0-5.el9_0.aarch64.rpm SHA-256: faff7270a59e3951675381f9ed0c41f8d49e60fd2aa0a3a60d8df2fe25eb4cd3
libwebp-debugsource-1.2.0-5.el9_0.aarch64.rpm SHA-256: 3ae044665800e1892a722788de01da4f12374eca3a032a3a5204b34fb4c4bef6
libwebp-devel-1.2.0-5.el9_0.aarch64.rpm SHA-256: 6f67ab9520d068424ceeef3d745a21cb50bbdfad8cee87749387212af97e35b5
libwebp-java-debuginfo-1.2.0-5.el9_0.aarch64.rpm SHA-256: 78830dacd9f5337c175f92c2b0e1806f7adedf527fc22a9302af6c8aac12ee50
libwebp-tools-debuginfo-1.2.0-5.el9_0.aarch64.rpm SHA-256: f382457f22bcc0a97638018ac7d936a952fb247deaf36803e7f7c5858ea8780c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
libwebp-1.2.0-5.el9_0.src.rpm SHA-256: 5e62462dd875500a231289e62ff18a4b8a4c499beb1a7cc3722f9cd68f23c54f
ppc64le
libwebp-1.2.0-5.el9_0.ppc64le.rpm SHA-256: ae1b4f1737098dbd25cb8d76ee6a37f7c5649f63c7418aa980b7742c95db6970
libwebp-debuginfo-1.2.0-5.el9_0.ppc64le.rpm SHA-256: 5dc067e5cee8dfb76218436986307bc4cdd6f6d295d040cbf6a9061e984c122e
libwebp-debugsource-1.2.0-5.el9_0.ppc64le.rpm SHA-256: 8f24c68506f2752de2a6547c1cebe2663da3322a6f547b014480d0a59f7b084b
libwebp-devel-1.2.0-5.el9_0.ppc64le.rpm SHA-256: b95d8fdc622c4c6b5e7863267b2ebe2715cc82cd1e320f63083c20527b94a43a
libwebp-java-debuginfo-1.2.0-5.el9_0.ppc64le.rpm SHA-256: f9a8f51a7077ff6772b05451e067533e08692dd251704e34ee0fb122f3f89c26
libwebp-tools-debuginfo-1.2.0-5.el9_0.ppc64le.rpm SHA-256: 8678134df2270c62cde6b6c7c2f8641bf249f1fcc10f2a1975b5e12f1d9baf31

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
libwebp-1.2.0-5.el9_0.src.rpm SHA-256: 5e62462dd875500a231289e62ff18a4b8a4c499beb1a7cc3722f9cd68f23c54f
x86_64
libwebp-1.2.0-5.el9_0.i686.rpm SHA-256: 23c10b30ab3fa382d4e715884971c0d1b82a22392034f222657176c17d8d456f
libwebp-1.2.0-5.el9_0.x86_64.rpm SHA-256: 11bd60bf721f6a810e605794134ffcc27da862275b63141466d33f28f33911e4
libwebp-debuginfo-1.2.0-5.el9_0.i686.rpm SHA-256: 931da8f1ea5d595ddef6429e0c4dcf802d14adab9d19d834d0a0e7b3eb6f2462
libwebp-debuginfo-1.2.0-5.el9_0.x86_64.rpm SHA-256: 72b680b51271f057ee725d0baeecd99bd1fb98e81764f72e134190458df09644
libwebp-debugsource-1.2.0-5.el9_0.i686.rpm SHA-256: abb1849e48d09775207f640566a2e5dcd8131809b63367a9e7118a8c49a731c5
libwebp-debugsource-1.2.0-5.el9_0.x86_64.rpm SHA-256: 9a30c2c5abe5f77d20c00112f336c42e99719c81c16018f0184da14f0235992b
libwebp-devel-1.2.0-5.el9_0.i686.rpm SHA-256: 01db2e3e98fa9779f4beb7c6a9bf663eaf76d50262f150a180fb36e352c688f6
libwebp-devel-1.2.0-5.el9_0.x86_64.rpm SHA-256: 55d41cbe8b30b289c379e79b6825bdfa4b97c405ded653135c056556d0e07961
libwebp-java-debuginfo-1.2.0-5.el9_0.i686.rpm SHA-256: 0d3c76965cf7298028080352f123de453ce838843d55c6fcd21b22aaaef6b275
libwebp-java-debuginfo-1.2.0-5.el9_0.x86_64.rpm SHA-256: ab1be3661e3c50af638fd11dfa2d4bc52011967a72002445c64f13ebe20a50c1
libwebp-tools-debuginfo-1.2.0-5.el9_0.i686.rpm SHA-256: afa2fd073ed8ad78927779dcd07c3686b5209687e8c577f7bc5181593f48756b
libwebp-tools-debuginfo-1.2.0-5.el9_0.x86_64.rpm SHA-256: 94db947efc9a312255bf9aab1c478c52f28def7dacaf0b9e902092936608f0fd

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
libwebp-1.2.0-5.el9_0.src.rpm SHA-256: 5e62462dd875500a231289e62ff18a4b8a4c499beb1a7cc3722f9cd68f23c54f
aarch64
libwebp-1.2.0-5.el9_0.aarch64.rpm SHA-256: 1088ea14e44f75399b49fa19c4bccb31114a8c69fd0a975e2d47f3532823b578
libwebp-debuginfo-1.2.0-5.el9_0.aarch64.rpm SHA-256: faff7270a59e3951675381f9ed0c41f8d49e60fd2aa0a3a60d8df2fe25eb4cd3
libwebp-debugsource-1.2.0-5.el9_0.aarch64.rpm SHA-256: 3ae044665800e1892a722788de01da4f12374eca3a032a3a5204b34fb4c4bef6
libwebp-devel-1.2.0-5.el9_0.aarch64.rpm SHA-256: 6f67ab9520d068424ceeef3d745a21cb50bbdfad8cee87749387212af97e35b5
libwebp-java-debuginfo-1.2.0-5.el9_0.aarch64.rpm SHA-256: 78830dacd9f5337c175f92c2b0e1806f7adedf527fc22a9302af6c8aac12ee50
libwebp-tools-debuginfo-1.2.0-5.el9_0.aarch64.rpm SHA-256: f382457f22bcc0a97638018ac7d936a952fb247deaf36803e7f7c5858ea8780c

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
libwebp-1.2.0-5.el9_0.src.rpm SHA-256: 5e62462dd875500a231289e62ff18a4b8a4c499beb1a7cc3722f9cd68f23c54f
s390x
libwebp-1.2.0-5.el9_0.s390x.rpm SHA-256: a6152730df08c9ebfed98625ddf4193a4f448dc035db990581a4c523f953e6a8
libwebp-debuginfo-1.2.0-5.el9_0.s390x.rpm SHA-256: 66a713e6b54cb28c50a63f14bfa09428a54eff3544c08d190c1854711b059448
libwebp-debugsource-1.2.0-5.el9_0.s390x.rpm SHA-256: 49f205de0edeeff6d1ddc4346881b2910316659a16b8bcbec13545573524c21e
libwebp-devel-1.2.0-5.el9_0.s390x.rpm SHA-256: fe5ef27e31f974e3debb321db01e838e2326e58690a13d170a9d43d908b7c054
libwebp-java-debuginfo-1.2.0-5.el9_0.s390x.rpm SHA-256: d81e89190c7e6c386e97c14b82374b8ffdfdd7bcbde32c5c2903e1f11c809710
libwebp-tools-debuginfo-1.2.0-5.el9_0.s390x.rpm SHA-256: ad5f672714640a25f87abc0c7df8703f1ff568ed8bb7ba9bbcd6b31875c103db

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.