libwebp-1.0.0-5.el8
エラータID: AXSA:2021-2754:03
リリース日:
2021/12/14 Tuesday - 05:22
題名:
libwebp-1.0.0-5.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libwebp の WebPMuxCreateInternal 関数には、境界外読み込みが発生する
脆弱性があります。(CVE-2018-25009)
- libwebp の ApplyFilter 関数には、境界外読み込みが発生する脆弱性があ
ります。(CVE-2018-25010)
- libwebp の WebPMuxCreateInternal 関数には、境界外読み込みが発生する
脆弱性があります。(CVE-2018-25012)
- libwebp の ShiftBytes 関数には、境界外読み込みが発生する脆弱性があり
ます。(CVE-2018-25013)
- libwebp の ReadSymbol 関数内には初期化されていない変数があることに起
因する脆弱性があります。(CVE-2018-25014)
- libwebp の ChunkVerifyAndAssign 関数には、境界外読み込みが発生する脆
弱性があります。(CVE-2020-36330)
- libwebp の ChunkAssignData 関数には、境界外読み込みが発生する脆弱性
があります。(CVE-2020-36331)
- libwebp には、ファイルを読み込む際に過剰にメモリーを確保してしまう脆
弱性があります。(CVE-2020-36332)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-25009
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2018-25010
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2018-25012
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2018-25013
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2018-25014
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36330
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2020-36331
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2020-36332
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
追加情報:
N/A
ダウンロード:
SRPMS
- libwebp-1.0.0-5.el8.src.rpm
MD5: bda1672f05230eb6e43abc5607f23292
SHA-256: 10887cca85feecc19f41230163a127eb4c16cfd050a2af0905af089cbd7b8608
Size: 3.86 MB
Asianux Server 8 for x86_64
- libwebp-1.0.0-5.el8.x86_64.rpm
MD5: 416185ea02af719329e865a3c5ea50e0
SHA-256: 1409fb24dd80fb6ae03cd44b12477469e60c54326fb69f394cc5098faa9cb90d
Size: 271.44 kB - libwebp-devel-1.0.0-5.el8.x86_64.rpm
MD5: 6ae1d2425dd1bbf425c3cc8cdeca376b
SHA-256: 98fc76ac5fa1195b51449c4e970569d3467e45e5c71b0b8eb534f38402cbcecb
Size: 36.22 kB - libwebp-1.0.0-5.el8.i686.rpm
MD5: 4ff741b9f1b17b243c864593683982ae
SHA-256: c3d8ea561280a099e234a4aa6bb0c23c530993cd5f6b26dac538424f9594cdaf
Size: 291.64 kB - libwebp-devel-1.0.0-5.el8.i686.rpm
MD5: 7e598ed3a37d8bd775ddef8c52d94b33
SHA-256: 9c4fa802f92def311f351e8b26c1ab2c6fe23506494d9ee89cc0f9aa42bfd061
Size: 36.22 kB