Red Hat Product Errata RHSA-2023:5222 - Security Advisory
Issued:
2023-09-19
Updated:
2023-10-06

RHSA-2023:5222 - Security Advisory

Synopsis

Important: libwebp security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libwebp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

[Update 05 October 2023]
This advisory has been updated to push packages into TUS and E4S channels

Description

The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.

Security Fix(es):

  • libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2238431 - CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
libwebp-1.0.0-7.el8_4.1.src.rpm SHA-256: f23fa12586e3ab5b47a6973fcb2f19f64a0171848be7b049dee87a14cd80fbea
x86_64
libwebp-1.0.0-7.el8_4.1.i686.rpm SHA-256: 0826eeb3bbb222ec00bf65d55a2c372ddb50938e60b5ecf634b9a689386148a3
libwebp-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: 0c1b1114af1a8aaa2fbe13fd79cfe905d17b0c0f3e58d941d08465583cbad4b5
libwebp-debuginfo-1.0.0-7.el8_4.1.i686.rpm SHA-256: 1f5935386821b2108123552697f6b9d613038e1be469c383320e5828d80b3e0c
libwebp-debuginfo-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: a3f6ddba657c63fbfc7f77f85d8567b1a8c09c831d0bab5d26e4af80384ba27a
libwebp-debugsource-1.0.0-7.el8_4.1.i686.rpm SHA-256: 7b3e417a64a897c816d021da9869cf40d14aea8562a3e0a8c61eb3f4df0be5cd
libwebp-debugsource-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: c6b362368502ab18cbdaf6604a187d26e030e076fad5f73e1fa769cda6c184bd
libwebp-devel-1.0.0-7.el8_4.1.i686.rpm SHA-256: 7f53ecdbb4fc4ed2bcb9f56aeb73304eae737f4d44e279f9afdc3edcf5d90b22
libwebp-devel-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: 35a18587695061da23c215a5c9370371fd64584659a72c3f928acd760411ec95
libwebp-java-debuginfo-1.0.0-7.el8_4.1.i686.rpm SHA-256: 6a50a1028d2e8ba95024d40b1968d50a753f96c396887216ae73eec409e3059a
libwebp-java-debuginfo-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: b803f0c64210929aed3decfaa4d02fc417ed40226f8fae0e1c1e8fcca4596e79
libwebp-tools-debuginfo-1.0.0-7.el8_4.1.i686.rpm SHA-256: 120eb1795f6e0e1ee5eb6a7e7e3e3c4faaac2d89188bf1ddf61b55bbb8eb4455
libwebp-tools-debuginfo-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: d9d2fc6b75751b43a30e728c036464b2c8b1374acd8d29c7fe0aa97ce6e67538

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
libwebp-1.0.0-7.el8_4.1.src.rpm SHA-256: f23fa12586e3ab5b47a6973fcb2f19f64a0171848be7b049dee87a14cd80fbea
x86_64
libwebp-1.0.0-7.el8_4.1.i686.rpm SHA-256: 0826eeb3bbb222ec00bf65d55a2c372ddb50938e60b5ecf634b9a689386148a3
libwebp-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: 0c1b1114af1a8aaa2fbe13fd79cfe905d17b0c0f3e58d941d08465583cbad4b5
libwebp-debuginfo-1.0.0-7.el8_4.1.i686.rpm SHA-256: 1f5935386821b2108123552697f6b9d613038e1be469c383320e5828d80b3e0c
libwebp-debuginfo-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: a3f6ddba657c63fbfc7f77f85d8567b1a8c09c831d0bab5d26e4af80384ba27a
libwebp-debugsource-1.0.0-7.el8_4.1.i686.rpm SHA-256: 7b3e417a64a897c816d021da9869cf40d14aea8562a3e0a8c61eb3f4df0be5cd
libwebp-debugsource-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: c6b362368502ab18cbdaf6604a187d26e030e076fad5f73e1fa769cda6c184bd
libwebp-devel-1.0.0-7.el8_4.1.i686.rpm SHA-256: 7f53ecdbb4fc4ed2bcb9f56aeb73304eae737f4d44e279f9afdc3edcf5d90b22
libwebp-devel-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: 35a18587695061da23c215a5c9370371fd64584659a72c3f928acd760411ec95
libwebp-java-debuginfo-1.0.0-7.el8_4.1.i686.rpm SHA-256: 6a50a1028d2e8ba95024d40b1968d50a753f96c396887216ae73eec409e3059a
libwebp-java-debuginfo-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: b803f0c64210929aed3decfaa4d02fc417ed40226f8fae0e1c1e8fcca4596e79
libwebp-tools-debuginfo-1.0.0-7.el8_4.1.i686.rpm SHA-256: 120eb1795f6e0e1ee5eb6a7e7e3e3c4faaac2d89188bf1ddf61b55bbb8eb4455
libwebp-tools-debuginfo-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: d9d2fc6b75751b43a30e728c036464b2c8b1374acd8d29c7fe0aa97ce6e67538

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
libwebp-1.0.0-7.el8_4.1.src.rpm SHA-256: f23fa12586e3ab5b47a6973fcb2f19f64a0171848be7b049dee87a14cd80fbea
ppc64le
libwebp-1.0.0-7.el8_4.1.ppc64le.rpm SHA-256: 76061589426cc41d8b4b7e8c9d1135d8b4c4e3f149038b33e3496894a9c9fd24
libwebp-debuginfo-1.0.0-7.el8_4.1.ppc64le.rpm SHA-256: 1a20a4e6cf35a557bf93e71d6c81ad79c806a5660d05931bea6f9a72d875fe72
libwebp-debugsource-1.0.0-7.el8_4.1.ppc64le.rpm SHA-256: 2ae152659ed7d3205b943798056aa3362f09593644d1013d25997ca65a185935
libwebp-devel-1.0.0-7.el8_4.1.ppc64le.rpm SHA-256: f3e94768650eea1e8c08ed4f4f6db4366fa0d99085c941d1518df34dd2c8afca
libwebp-java-debuginfo-1.0.0-7.el8_4.1.ppc64le.rpm SHA-256: 2c99d4b4fa7b9be754cbcb3ecba9705d0fed55aa40843290324bed0175583036
libwebp-tools-debuginfo-1.0.0-7.el8_4.1.ppc64le.rpm SHA-256: 1daba984b2db6017ce4e41a957044844d4235bb3737840f94df0a155b31b73d7

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
libwebp-1.0.0-7.el8_4.1.src.rpm SHA-256: f23fa12586e3ab5b47a6973fcb2f19f64a0171848be7b049dee87a14cd80fbea
x86_64
libwebp-1.0.0-7.el8_4.1.i686.rpm SHA-256: 0826eeb3bbb222ec00bf65d55a2c372ddb50938e60b5ecf634b9a689386148a3
libwebp-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: 0c1b1114af1a8aaa2fbe13fd79cfe905d17b0c0f3e58d941d08465583cbad4b5
libwebp-debuginfo-1.0.0-7.el8_4.1.i686.rpm SHA-256: 1f5935386821b2108123552697f6b9d613038e1be469c383320e5828d80b3e0c
libwebp-debuginfo-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: a3f6ddba657c63fbfc7f77f85d8567b1a8c09c831d0bab5d26e4af80384ba27a
libwebp-debugsource-1.0.0-7.el8_4.1.i686.rpm SHA-256: 7b3e417a64a897c816d021da9869cf40d14aea8562a3e0a8c61eb3f4df0be5cd
libwebp-debugsource-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: c6b362368502ab18cbdaf6604a187d26e030e076fad5f73e1fa769cda6c184bd
libwebp-devel-1.0.0-7.el8_4.1.i686.rpm SHA-256: 7f53ecdbb4fc4ed2bcb9f56aeb73304eae737f4d44e279f9afdc3edcf5d90b22
libwebp-devel-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: 35a18587695061da23c215a5c9370371fd64584659a72c3f928acd760411ec95
libwebp-java-debuginfo-1.0.0-7.el8_4.1.i686.rpm SHA-256: 6a50a1028d2e8ba95024d40b1968d50a753f96c396887216ae73eec409e3059a
libwebp-java-debuginfo-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: b803f0c64210929aed3decfaa4d02fc417ed40226f8fae0e1c1e8fcca4596e79
libwebp-tools-debuginfo-1.0.0-7.el8_4.1.i686.rpm SHA-256: 120eb1795f6e0e1ee5eb6a7e7e3e3c4faaac2d89188bf1ddf61b55bbb8eb4455
libwebp-tools-debuginfo-1.0.0-7.el8_4.1.x86_64.rpm SHA-256: d9d2fc6b75751b43a30e728c036464b2c8b1374acd8d29c7fe0aa97ce6e67538

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.