libwebp-0.3.0-10.el7
エラータID: AXSA:2021-1858:01
リリース日:
2021/06/09 Wednesday - 07:06
題名:
libwebp-0.3.0-10.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libwebp には、PutLE16 関数にヒープベースのバッファオーバフローを引き起こす
脆弱性があります。(CVE-2018-25011)
- libwebp には、WebPDecodeRGBInto 関数において、バッファーサイズの無効なチェックにより、
ヒープベースのバッファーオーバーフローが発生する可能性のある脆弱性があります。
(CVE-2020-36328)
- libwebp には、スレッドの終了が早すぎることによる、解放後使用の脆弱性があります。
(CVE-2020-36329)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-25011
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36328
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36329
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
追加情報:
N/A
ダウンロード:
SRPMS
- libwebp-0.3.0-10.el7.src.rpm
MD5: eff32a56efc257b5540a2a7b44f98d9b
SHA-256: caa80fa442ee06c838dd1f98c0895eada60e152d4bb4c7599d5c0649f391772d
Size: 792.26 kB
Asianux Server 7 for x86_64
- libwebp-0.3.0-10.el7.x86_64.rpm
MD5: 6948be1d6377d5f099569408eb23113f
SHA-256: 0729f0e18710bf97d65dd8d4ee31979515c291bc4250d52e545be1a35d62ebc1
Size: 169.36 kB - libwebp-0.3.0-10.el7.i686.rpm
MD5: 75d697e9b717b300d24574270729f9fc
SHA-256: 67632f4469b61fe35aa0f05d48e905f5fe0484205105f3b9c5de51b5289ed641
Size: 168.68 kB