Corrine Posted September 14, 2023 Posted September 14, 2023 From PC World: A severe vulnerability has been found in libwebp, a code library used to render webp images, reports Stack Diary. Webp is a popular image format used by many sites on the Internet – but also by apps and some other software that use web views – and the vulnerability can be used, among other things, to run malicious code on affected devices. Worse yet, it is reportedly being actively exploited by malicious attackers. The vulnerability has been labelled CVE-2023-4863 and is considered extremely serious. Major browsers such as Chrome, Edge, Firefox, Opera, Vivaldi, and Brave have already released security fixes. To make sure you have the latest version of a browser, go to Help > About (browser name) in its options menu. If a new update is available, it should then download automatically. If you haven't updated your browser, check for updates now! 1 2 Quote
sunrat Posted September 15, 2023 Posted September 15, 2023 Fixed in Debian firefox-esr two days ago: Quote Package : firefox-esr CVE ID : CVE-2023-4863 A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in version 102.15.1esr-1~deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 102.15.1esr-1~deb12u1. 1 Quote
sunrat Posted September 15, 2023 Posted September 15, 2023 The same CVE also affected Thunderbird apparently. It was fixed in Debian yesterday. 2 Quote
sunrat Posted September 17, 2023 Posted September 17, 2023 libwebp packages also just upgraded in Debian Bullseye, same CVE: Quote - ------------------------------------------------------------------------- Debian Security Advisory DSA-5497-2 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 17, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libwebp CVE ID : CVE-2023-4863 A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in version 0.6.1-2.1+deb11u2. Quote
crp Posted October 2, 2023 Posted October 2, 2023 and here comes FireFox's latest security patch: https://www.pcworld.com/article/2089208/firefox-118-0-1-chrome-0-day-vulnerability-also-affects-firefox.html Quote
Corrine Posted October 2, 2023 Author Posted October 2, 2023 48 minutes ago, crp said: and here comes FireFox's latest security patch The patch was release last Thursday. 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.