Corrine Posted September 14, 2023 Share Posted September 14, 2023 From PC World: A severe vulnerability has been found in libwebp, a code library used to render webp images, reports Stack Diary. Webp is a popular image format used by many sites on the Internet – but also by apps and some other software that use web views – and the vulnerability can be used, among other things, to run malicious code on affected devices. Worse yet, it is reportedly being actively exploited by malicious attackers. The vulnerability has been labelled CVE-2023-4863 and is considered extremely serious. Major browsers such as Chrome, Edge, Firefox, Opera, Vivaldi, and Brave have already released security fixes. To make sure you have the latest version of a browser, go to Help > About (browser name) in its options menu. If a new update is available, it should then download automatically. If you haven't updated your browser, check for updates now! 1 2 Quote Link to comment Share on other sites More sharing options...
sunrat Posted September 15, 2023 Share Posted September 15, 2023 Fixed in Debian firefox-esr two days ago: Quote Package : firefox-esr CVE ID : CVE-2023-4863 A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in version 102.15.1esr-1~deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 102.15.1esr-1~deb12u1. 1 Quote Link to comment Share on other sites More sharing options...
sunrat Posted September 15, 2023 Share Posted September 15, 2023 The same CVE also affected Thunderbird apparently. It was fixed in Debian yesterday. 2 Quote Link to comment Share on other sites More sharing options...
sunrat Posted September 17, 2023 Share Posted September 17, 2023 libwebp packages also just upgraded in Debian Bullseye, same CVE: Quote - ------------------------------------------------------------------------- Debian Security Advisory DSA-5497-2 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 17, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libwebp CVE ID : CVE-2023-4863 A buffer overflow in parsing WebP images may result in the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in version 0.6.1-2.1+deb11u2. Quote Link to comment Share on other sites More sharing options...
crp Posted October 2, 2023 Share Posted October 2, 2023 and here comes FireFox's latest security patch: https://www.pcworld.com/article/2089208/firefox-118-0-1-chrome-0-day-vulnerability-also-affects-firefox.html Quote Link to comment Share on other sites More sharing options...
Corrine Posted October 2, 2023 Author Share Posted October 2, 2023 48 minutes ago, crp said: and here comes FireFox's latest security patch The patch was release last Thursday. 1 Quote Link to comment Share on other sites More sharing options...
.thumb.jpg.7c3caaf218a75d76e16db7a5bddfb463.jpg)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.