Amazon Linux 2023 Security Advisory: ALAS-2023-355
Advisory Release Date: 2023-09-27 21:04 Pacific
Advisory Updated Date: 2023-10-03 20:50 Pacific
Severity:
Important
Issue Overview:
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863)
Affected Packages:
libwebp
Issue Correction:
Run dnf update libwebp --releasever 2023.2.20231002 to update your system.
New Packages:
aarch64:
libwebp-debuginfo-1.2.4-1.amzn2023.0.6.aarch64
libwebp-java-debuginfo-1.2.4-1.amzn2023.0.6.aarch64
libwebp-java-1.2.4-1.amzn2023.0.6.aarch64
libwebp-1.2.4-1.amzn2023.0.6.aarch64
libwebp-debugsource-1.2.4-1.amzn2023.0.6.aarch64
libwebp-tools-debuginfo-1.2.4-1.amzn2023.0.6.aarch64
libwebp-devel-1.2.4-1.amzn2023.0.6.aarch64
libwebp-tools-1.2.4-1.amzn2023.0.6.aarch64
src:
libwebp-1.2.4-1.amzn2023.0.6.src
x86_64:
libwebp-debuginfo-1.2.4-1.amzn2023.0.6.x86_64
libwebp-java-debuginfo-1.2.4-1.amzn2023.0.6.x86_64
libwebp-java-1.2.4-1.amzn2023.0.6.x86_64
libwebp-tools-debuginfo-1.2.4-1.amzn2023.0.6.x86_64
libwebp-1.2.4-1.amzn2023.0.6.x86_64
libwebp-devel-1.2.4-1.amzn2023.0.6.x86_64
libwebp-tools-1.2.4-1.amzn2023.0.6.x86_64
libwebp-debugsource-1.2.4-1.amzn2023.0.6.x86_64