Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) References: https://crbug.com/1479274 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
Created chromium tracking bugs for this issue: Affects: epel-all [bug 2238433] Affects: fedora-all [bug 2238432]
Of course this affects libwebp as well
and the Mozillas... https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
We wound up using bug #2238543 to track this libwebp issue in Fedora, since the only tracking bug that was created thus far, bug #2238432, was specifically for Chromium.
(In reply to Andreas Stieger from comment #3) > and the Mozillas... > https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ Unfortunately it does look like Firefox has bundled this library like Chromium does, so it will need to be tracked separately as well. libwebp has a stable API/ABI, so I wonder why not use the system library. Whatever.
Created firefox tracking bugs for this issue: Affects: fedora-all [bug 2238950] Created libwebp tracking bugs for this issue: Affects: fedora-all [bug 2238951]
Patch: https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a%5E%21/ https://chromium.googlesource.com/webm/libwebp.git/+/95ea5226c870449522240ccff26f0b006037c520%5E%21/#F0 https://chromium.googlesource.com/webm/libwebp/+/902bc91
https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:5185 https://access.redhat.com/errata/RHSA-2023:5185
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5184 https://access.redhat.com/errata/RHSA-2023:5184
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:5183 https://access.redhat.com/errata/RHSA-2023:5183
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:5188 https://access.redhat.com/errata/RHSA-2023:5188
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:5187 https://access.redhat.com/errata/RHSA-2023:5187
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:5186 https://access.redhat.com/errata/RHSA-2023:5186
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:5190 https://access.redhat.com/errata/RHSA-2023:5190
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:5192 https://access.redhat.com/errata/RHSA-2023:5192
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5189 https://access.redhat.com/errata/RHSA-2023:5189
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5198 https://access.redhat.com/errata/RHSA-2023:5198
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:5197 https://access.redhat.com/errata/RHSA-2023:5197
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:5191 https://access.redhat.com/errata/RHSA-2023:5191
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5202 https://access.redhat.com/errata/RHSA-2023:5202
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5201 https://access.redhat.com/errata/RHSA-2023:5201
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5200 https://access.redhat.com/errata/RHSA-2023:5200
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5204 https://access.redhat.com/errata/RHSA-2023:5204
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5205 https://access.redhat.com/errata/RHSA-2023:5205
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Via RHSA-2023:5222 https://access.redhat.com/errata/RHSA-2023:5222
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5223 https://access.redhat.com/errata/RHSA-2023:5223
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5214 https://access.redhat.com/errata/RHSA-2023:5214
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5224 https://access.redhat.com/errata/RHSA-2023:5224
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:5236 https://access.redhat.com/errata/RHSA-2023:5236
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5309 https://access.redhat.com/errata/RHSA-2023:5309
*** Bug 2240759 has been marked as a duplicate of this bug. ***