Amazon Linux 1 Security Advisory: ALAS-2023-1748
Advisory Release Date: 2023-05-11 18:00 Pacific
Advisory Updated Date: 2023-05-23 20:54 Pacific
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). (CVE-2018-25013)
Affected Packages:
libwebp
Issue Correction:
Run yum update libwebp to update your system.
i686:
libwebp-tools-0.3.0-10.9.amzn1.i686
libwebp-debuginfo-0.3.0-10.9.amzn1.i686
libwebp-java-0.3.0-10.9.amzn1.i686
libwebp-0.3.0-10.9.amzn1.i686
libwebp-devel-0.3.0-10.9.amzn1.i686
src:
libwebp-0.3.0-10.9.amzn1.src
x86_64:
libwebp-devel-0.3.0-10.9.amzn1.x86_64
libwebp-debuginfo-0.3.0-10.9.amzn1.x86_64
libwebp-0.3.0-10.9.amzn1.x86_64
libwebp-java-0.3.0-10.9.amzn1.x86_64
libwebp-tools-0.3.0-10.9.amzn1.x86_64