An update for libwebp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2023-1317
Final
1.0
1.0
2023-06-03
Initial
2023-06-03
2023-06-03
openEuler SA Tool V1.0
2023-06-03
libwebp security update
An update for libwebp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.
This is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently.
Security Fix(es):
A vulnerability was found in libwebp (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown code of the component Image File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2023-1999)
An update for libwebp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
libwebp
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1317
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-1999
https://nvd.nist.gov/vuln/detail/CVE-2023-1999
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
openEuler-22.03-LTS-SP1
libwebp-devel-1.1.0-3.oe1.aarch64.rpm
libwebp-debuginfo-1.1.0-3.oe1.aarch64.rpm
libwebp-tools-1.1.0-3.oe1.aarch64.rpm
libwebp-java-1.1.0-3.oe1.aarch64.rpm
libwebp-debugsource-1.1.0-3.oe1.aarch64.rpm
libwebp-1.1.0-3.oe1.aarch64.rpm
libwebp-debuginfo-1.1.0-3.oe1.aarch64.rpm
libwebp-tools-1.1.0-3.oe1.aarch64.rpm
libwebp-1.1.0-3.oe1.aarch64.rpm
libwebp-devel-1.1.0-3.oe1.aarch64.rpm
libwebp-java-1.1.0-3.oe1.aarch64.rpm
libwebp-debugsource-1.1.0-3.oe1.aarch64.rpm
libwebp-tools-1.2.1-3.oe2203.aarch64.rpm
libwebp-java-1.2.1-3.oe2203.aarch64.rpm
libwebp-debugsource-1.2.1-3.oe2203.aarch64.rpm
libwebp-1.2.1-3.oe2203.aarch64.rpm
libwebp-devel-1.2.1-3.oe2203.aarch64.rpm
libwebp-debuginfo-1.2.1-3.oe2203.aarch64.rpm
libwebp-1.2.1-3.oe2203sp1.aarch64.rpm
libwebp-debugsource-1.2.1-3.oe2203sp1.aarch64.rpm
libwebp-java-1.2.1-3.oe2203sp1.aarch64.rpm
libwebp-debuginfo-1.2.1-3.oe2203sp1.aarch64.rpm
libwebp-tools-1.2.1-3.oe2203sp1.aarch64.rpm
libwebp-devel-1.2.1-3.oe2203sp1.aarch64.rpm
libwebp-help-1.1.0-3.oe1.noarch.rpm
libwebp-help-1.1.0-3.oe1.noarch.rpm
libwebp-help-1.2.1-3.oe2203.noarch.rpm
libwebp-help-1.2.1-3.oe2203sp1.noarch.rpm
libwebp-1.1.0-3.oe1.src.rpm
libwebp-1.1.0-3.oe1.src.rpm
libwebp-1.2.1-3.oe2203.src.rpm
libwebp-1.2.1-3.oe2203sp1.src.rpm
libwebp-devel-1.1.0-3.oe1.x86_64.rpm
libwebp-1.1.0-3.oe1.x86_64.rpm
libwebp-tools-1.1.0-3.oe1.x86_64.rpm
libwebp-debugsource-1.1.0-3.oe1.x86_64.rpm
libwebp-debuginfo-1.1.0-3.oe1.x86_64.rpm
libwebp-java-1.1.0-3.oe1.x86_64.rpm
libwebp-devel-1.1.0-3.oe1.x86_64.rpm
libwebp-java-1.1.0-3.oe1.x86_64.rpm
libwebp-debuginfo-1.1.0-3.oe1.x86_64.rpm
libwebp-tools-1.1.0-3.oe1.x86_64.rpm
libwebp-debugsource-1.1.0-3.oe1.x86_64.rpm
libwebp-1.1.0-3.oe1.x86_64.rpm
libwebp-devel-1.2.1-3.oe2203.x86_64.rpm
libwebp-debugsource-1.2.1-3.oe2203.x86_64.rpm
libwebp-debuginfo-1.2.1-3.oe2203.x86_64.rpm
libwebp-java-1.2.1-3.oe2203.x86_64.rpm
libwebp-tools-1.2.1-3.oe2203.x86_64.rpm
libwebp-1.2.1-3.oe2203.x86_64.rpm
libwebp-1.2.1-3.oe2203sp1.x86_64.rpm
libwebp-debuginfo-1.2.1-3.oe2203sp1.x86_64.rpm
libwebp-devel-1.2.1-3.oe2203sp1.x86_64.rpm
libwebp-tools-1.2.1-3.oe2203sp1.x86_64.rpm
libwebp-debugsource-1.2.1-3.oe2203sp1.x86_64.rpm
libwebp-java-1.2.1-3.oe2203sp1.x86_64.rpm
A vulnerability was found in libwebp (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown code of the component Image File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
2023-06-03
CVE-2023-1999
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
openEuler-22.03-LTS-SP1
Medium
6.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
libwebp security update
2023-06-03
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1317