Release date:
2023-10-11 09:31:40 UTC
Description:
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2023-4863-pre.patch: prepare sources to be patched
- debian/patches/CVE-2023-4863-1.patch: first, BuildHuffmanTable() is
called to check if the data is valid. If it is and the table is not big
enough, more memory is allocated. This will make sure that valid (but
unoptimized because of unbalanced codes) streams are still decodable.
- debian/patches/CVE-2023-4863-2.patch: fix memory error
- debian/patches/CVE-2023-4863-3.patch: remove unused code
- debian/patches/CVE-2023-4863-4.patch: fix pointer offset int overflow
- CVE-2023-4836
Updated packages:
-
libwebp-dev_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb
sha:5887b9542a2a000145e01352338cf78df3608bea
-
libwebp6_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb
sha:529b8a2059b6748bd57ce534bb6438a1c6dd8d7a
-
libwebpdemux2_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb
sha:b379311662b8be2545d64be6280e287ea793484f
-
libwebpmux3_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb
sha:8a25e70954f5fdc85a6251787e8ccf09e5f2076d
-
webp_0.6.1-2ubuntu0.18.04.2.tuxcare.els1_amd64.deb
sha:ebdd4dc77120ae7b1b18ed728c4a728c22171a41
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
