libwebp-1.0.0-3.el8
エラータID: AXSA:2021-2201:02
リリース日:
2021/07/12 Monday - 07:42
題名:
libwebp-1.0.0-3.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libwebp には、PutLE16 関数にヒープベースのバッファオーバフローを引き起こす
脆弱性があります。(CVE-2018-25011)
- libwebp には、WebPDecodeRGBInto 関数において、バッファーサイズの無効なチェックにより、
ヒープベースのバッファーオーバーフローが発生する可能性のある脆弱性があります。
(CVE-2020-36328)
- libwebp には、スレッドの終了が早すぎることによる、解放後使用の脆弱性があります。
(CVE-2020-36329)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-25011
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36328
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36329
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
追加情報:
N/A
ダウンロード:
SRPMS
- libwebp-1.0.0-3.el8.src.rpm
MD5: 6849c318a897e959fa0af415426f0133
SHA-256: fbe982620d212a3f4a2ed85971b23ea0f2e9c9bec1e72bd6780eeca5261e6ebe
Size: 3.85 MB
Asianux Server 8 for x86_64
- libwebp-1.0.0-3.el8.x86_64.rpm
MD5: 4a86de3aa524db626af1374f83dabad9
SHA-256: 54329e856bcc9c81785e14082d1ba5cd6f9624556734f53a0a5e3a9a9c73cd71
Size: 270.98 kB - libwebp-devel-1.0.0-3.el8.x86_64.rpm
MD5: 20bf7066754df26ffb771f3268645d42
SHA-256: 91afac1c8be7fc34772ae083c5773986ddc4604b1863e1b207b5374a5de6487c
Size: 36.10 kB - libwebp-1.0.0-3.el8.i686.rpm
MD5: 0447195683c12177712ffbcb95be378d
SHA-256: a8834df4a9cbfc3074bb29ca0df6b971c94a8788b409edb753a12bb761784fa6
Size: 291.12 kB - libwebp-devel-1.0.0-3.el8.i686.rpm
MD5: 950f2ae964c8394831780fb4ba36d980
SHA-256: 409337574d3255b47912eddd500f67de365421be330dfa66181b946bb3dbec20
Size: 36.10 kB