Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 8 articles for you...
89
security advisorycritical issueupdateFedora 40: FEDORA-2025-666aaa6a0d critical: libheif OOB read
Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. NOTE: heif-convert tool was renamed to heif-dec. How to test:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-666aaa6a0d 2025-02-15 02:22:06.812110+00:00 -------------------------------------------------------------------------------- Name : libheif Product : Fedora 40 Version : 1.19.5 Release : 3.fc40 URL : https://github.com/strukturag/libheif Summary : HEIF and AVIF file format decoder and encoder Description : libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF (AV1 Image File Format) file format decoder and encoder. -------------------------------------------------------------------------------- Update Information: Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. NOTE: heif-convert tool was renamed to heif-dec. How to test: Download and unzip sample images from mastodon issue #31570. Try opening them with e.g. loupe or gimp. They fail to open with libheif-1.17.6, but should open successfully with libheif-1.19.5. Fixes CVE-2024-41311 . -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 5 2025 Robert-André Mauchin - 1.19.5-3 - Rebuilt for aom 3.11.0 * Fri Jan 17 2025 Fedora Release Engineering - 1.19.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sun Nov 24 2024 Packit - 1.19.5-1 - Update to version 1.19.5 - Resolves: rhbz#2327307 * Sun Nov 17 2024 Dominik Mierzejewski - 1.19.3-3 - disable OpenJPH encoder support to work-around crashes * Sat Nov 16 2024 Sérgio Basto - 1.19.3-2 - Add support to multilib in devel sub-package - Resolves: rhbz#2279891 * Tue Nov 12 2024Dominik Mierzejewski - 1.19.3-1 - update to 1.19.3 (resolves rhbz#2295525) - drop obsolete patches - enable OpenH264, OpenJPH (64-bit only) and Brotli decoders - run tests unconditionally, they no longer require special build options - drop conditional hevc subpackage - use fewer wildcards in the file lists - stop building rav1e and svt AV1 encoders as plugins * Thu Jul 18 2024 Fedora Release Engineering - 1.17.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2319289 - CVE-2024-41311 libheif: OOB read and write via ImageOverlay::parse() [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2319289 [ 2 ] Bug #2332519 - Update libheif https://bugzilla.redhat.com/show_bug.cgi?id=2332519 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-666aaa6a0d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . The Fedora 40 update for libheif brings vital improvements to image support and resolves multiple reading issues, alongside important security updates for protection. libheif security, Fedora update, OOB read fix, software maintenance. . Severity: Critical. LinuxSecurity.com Team
Feb 15, 2025
•Critical
Fedora
89
security advisorysecurity issueupdateFedora 40 jpegxl update 2025-35a8167b88 critical image format fix
Update to 0.8.4. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-35a8167b88 2025-02-08 02:23:59.225610+00:00 -------------------------------------------------------------------------------- Name : jpegxl Product : Fedora 40 Version : 0.8.4 Release : 1.fc40 URL : https://jpeg.org/jpegxl/ Summary : JPEG XL image format reference implementation Description : This package contains a reference implementation of JPEG XL (encoder and decoder). -------------------------------------------------------------------------------- Update Information: Update to 0.8.4 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 30 2025 Sérgio M. Basto - 1:0.8.4-1 - Update to 0.8.4 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-35a8167b88' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . PNG XL image format reference version enhanced in Ubuntu 22 with essential safety guideline measures.. Fedora 40 jpegxl update security advisory notification. . Severity: Critical. LinuxSecurity.com Team
Feb 08, 2025
•Critical
Fedora
89
security advisorysecurity issuesoftware updateFedora 41 jpegxl 2025-6e4727185c Security Advisory: Critical Update
update to 0.10.4. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6e4727185c 2025-02-02 01:39:58.427982+00:00 -------------------------------------------------------------------------------- Name : jpegxl Product : Fedora 41 Version : 0.10.4 Release : 1.fc41 URL : https://jpeg.org/jpegxl/ Summary : JPEG XL image format reference implementation Description : This package contains a reference implementation of JPEG XL (encoder and decoder). -------------------------------------------------------------------------------- Update Information: update to 0.10.4 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 30 2025 Sérgio M. Basto - 1:0.10.4-1 - Update jpegxl to 0.10.4 * Fri Jan 17 2025 Fedora Release Engineering - 1:0.10.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6e4727185c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Unveil insights into the jpegxl 0.10.4 release for Fedora 41, which tackles significant problems and boosts security measures.. Fedora updates, jpegxl software, security fixes, image format encryption, Fedora 41 advisory. . Severity: Critical. LinuxSecurity.com Team
Feb 02, 2025
•Critical
Fedora
98
security advisorysecurity issueRed HatRed Hat: RHSA-2023-5190-01 Important: Heap Overflow in libwebp
An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: libwebp security update Advisory ID: RHSA-2023:5190-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5190 Issue date: 2023-09-18 CVE Names: CVE-2023-4863 ===================================================================== 1. Summary: An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream AUS (v. 8.2) - x86_64 Red Hat Enterprise Linux AppStream E4S (v. 8.2) - ppc64le, x86_64 Red Hat Enterprise Linux AppStream TUS (v. 8.2) - x86_64 3. Description: The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Security Fix(es): * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact,a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2238431 - CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec 6. Package List: Red Hat Enterprise Linux AppStream AUS (v. 8.2): Source: libwebp-1.0.0-7.el8_2.1.src.rpm x86_64: libwebp-1.0.0-7.el8_2.1.i686.rpm libwebp-1.0.0-7.el8_2.1.x86_64.rpm libwebp-debuginfo-1.0.0-7.el8_2.1.i686.rpm libwebp-debuginfo-1.0.0-7.el8_2.1.x86_64.rpm libwebp-debugsource-1.0.0-7.el8_2.1.i686.rpm libwebp-debugsource-1.0.0-7.el8_2.1.x86_64.rpm libwebp-devel-1.0.0-7.el8_2.1.i686.rpm libwebp-devel-1.0.0-7.el8_2.1.x86_64.rpm libwebp-java-debuginfo-1.0.0-7.el8_2.1.i686.rpm libwebp-java-debuginfo-1.0.0-7.el8_2.1.x86_64.rpm libwebp-tools-debuginfo-1.0.0-7.el8_2.1.i686.rpm libwebp-tools-debuginfo-1.0.0-7.el8_2.1.x86_64.rpm Red Hat Enterprise Linux AppStream E4S (v. 8.2): Source: libwebp-1.0.0-7.el8_2.1.src.rpm ppc64le: libwebp-1.0.0-7.el8_2.1.ppc64le.rpm libwebp-debuginfo-1.0.0-7.el8_2.1.ppc64le.rpm libwebp-debugsource-1.0.0-7.el8_2.1.ppc64le.rpm libwebp-devel-1.0.0-7.el8_2.1.ppc64le.rpm libwebp-java-debuginfo-1.0.0-7.el8_2.1.ppc64le.rpm libwebp-tools-debuginfo-1.0.0-7.el8_2.1.ppc64le.rpm x86_64: libwebp-1.0.0-7.el8_2.1.i686.rpm libwebp-1.0.0-7.el8_2.1.x86_64.rpm libwebp-debuginfo-1.0.0-7.el8_2.1.i686.rpm libwebp-debuginfo-1.0.0-7.el8_2.1.x86_64.rpm libwebp-debugsource-1.0.0-7.el8_2.1.i686.rpm libwebp-debugsource-1.0.0-7.el8_2.1.x86_64.rpm libwebp-devel-1.0.0-7.el8_2.1.i686.rpm libwebp-devel-1.0.0-7.el8_2.1.x86_64.rpm libwebp-java-debuginfo-1.0.0-7.el8_2.1.i686.rpm libwebp-java-debuginfo-1.0.0-7.el8_2.1.x86_64.rpm libwebp-tools-debuginfo-1.0.0-7.el8_2.1.i686.rpm libwebp-tools-debuginfo-1.0.0-7.el8_2.1.x86_64.rpm Red Hat Enterprise Linux AppStream TUS (v.8.2): Source: libwebp-1.0.0-7.el8_2.1.src.rpm x86_64: libwebp-1.0.0-7.el8_2.1.i686.rpm libwebp-1.0.0-7.el8_2.1.x86_64.rpm libwebp-debuginfo-1.0.0-7.el8_2.1.i686.rpm libwebp-debuginfo-1.0.0-7.el8_2.1.x86_64.rpm libwebp-debugsource-1.0.0-7.el8_2.1.i686.rpm libwebp-debugsource-1.0.0-7.el8_2.1.x86_64.rpm libwebp-devel-1.0.0-7.el8_2.1.i686.rpm libwebp-devel-1.0.0-7.el8_2.1.x86_64.rpm libwebp-java-debuginfo-1.0.0-7.el8_2.1.i686.rpm libwebp-java-debuginfo-1.0.0-7.el8_2.1.x86_64.rpm libwebp-tools-debuginfo-1.0.0-7.el8_2.1.i686.rpm libwebp-tools-debuginfo-1.0.0-7.el8_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-4863 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlCGxRAAoJENzjgjWX9erEA4gP/3NKnqC8mPdH/fV8A7QYonnV 90dwRdrg19aq183qyH7sCMasxtSM02TD0bnm27gcJFVRLf6RyWjYrty3v61p2C09 qEukWiSUqx/3/Pl/Newde2OWlildwtTCyudzAxcXnDcvEGzOZ0l96x8qISaSNScu 9lZNL2cBFNhWdbYuRuUZiXTRSeSkiK88yhtljCX3cUg0c48WBDH2InKlbhRHEBFO tOj9Ib929JPx2eqb6Fb7EbkuoEp/h0HxgZJzS5Op5AnraDJ3ilcrDFRYNI1e9V6/ jBFDHGrI+/BckysBm0hpb/JVWppMRJvjS3gmJXMmccjz9/igbCavlPnVluKMoECa YUyftTlWTVLOLUM5g/O9DWlPLBcqwJxLuuuXyOaUASTbCPoXzfW+b3NoM13yQ8fU x4zMl1JJggOUjKdlBmT3daHg/0M+XvCueiE0yFP0boAtfvxb9EiFfuvTZYSCVBd6 opTpctuA7gqWnm+cOEmK1/0FfN3uJ13nAGN3XxvkVj948X2S3Pgm0ZcQ4Z++U+Gg d7KvSxJTq336gmBTGelQ+YTHmUxgKrqTRgR/0a93pDoktdYIvDAIgB/7837ywCWf qGJclXBQ5WKD/2O3k53MaXGPFZog/k4d9ezLRfxtOWbGjeW8iDo6UR9U+O078AvZ KfaAgHn/evvquzEbAOys =aLy+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 18, 2023
•Important
Red Hat
219
security advisoryimportantimage formatRocky Linux 9 RLSA-2023:2078 Important: libwebp Double-Free Issue
Important: libwebp security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:2078", "synopsis": "Important: libwebp security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libwebp.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* Mozilla: libwebp: Double-free in libwebp (CVE-2023-1999)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2186102", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2186102", "description": ""}], "cves": [{"name": "CVE-2023-1999", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-1999", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2023-05-05T15:41:17.348343Z", "rpms": {"Rocky Linux 9": {"nvras": ["libwebp-0:1.2.0-6.el9_1.s390x.rpm", "libwebp-0:1.2.0-6.el9_1.src.rpm", "libwebp-debuginfo-0:1.2.0-6.el9_1.s390x.rpm", "libwebp-debugsource-0:1.2.0-6.el9_1.s390x.rpm", "libwebp-devel-0:1.2.0-6.el9_1.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A crucial security patch for libwebp in Rocky Linux 9 tackles a significant vulnerability. Important enhancements and corrections are required..libwebp security update, Rocky Linux 9, image format security. . Severity: Important. LinuxSecurity.com Team
May 05, 2023
•Important
Rocky Linux
89
security advisorysoftware updateFedoraFedora 36: FEDORA-2022-6746739d52 Moderate: Libwebp Mingw Update
Add mingw subpackages.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-6746739d52 2022-03-26 14:56:28.650826 --------------------------------------------------------------------------------Name : libwebp Product : Fedora 36 Version : 1.2.2 Release : 4.fc36 URL : https://www.webmproject.org/ Summary : Library and tools for the WebP graphics format Description : WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently. --------------------------------------------------------------------------------Update Information: Add mingw subpackages. --------------------------------------------------------------------------------ChangeLog: * Thu Feb 24 2022 Sandro Mani - 1.2.2-4 - Make mingw subpackages noarch * Sat Feb 19 2022 Sandro Mani - 1.2.2-3 - Add mingw subpackage --------------------------------------------------------------------------------References: [ 1 ] Bug #2060171 - F36FailsToInstall: mingw64-freeimage, mingw32-freeimage https://bugzilla.redhat.com/show_bug.cgi?id=2060171 [ 2 ] Bug #2060172 - F36FailsToInstall: mingw32-gdal, mingw64-gdal https://bugzilla.redhat.com/show_bug.cgi?id=2060172 [ 3 ] Bug #2060174 - F36FailsToInstall: mingw32-opencv, mingw64-opencv https://bugzilla.redhat.com/show_bug.cgi?id=2060174 [ 4 ] Bug #2060175 - F36FailsToInstall: mingw32-poppler, mingw64-poppler https://bugzilla.redhat.com/show_bug.cgi?id=2060175 [ 5 ] Bug #2060176 - F36FailsToInstall: mingw32-python3-shapely, mingw64-python3-shapely https://bugzilla.redhat.com/show_bug.cgi?id=2060176 [ 6 ] Bug #2060177 - F36FailsToInstall: mingw32-qtspell-qt5, mingw64-qtspell-qt5 https://bugzilla.redhat.com/show_bug.cgi?id=2060177 [ 7 ] Bug #2060358 - F36FailsToInstall: mingw32-python3-pyproj, mingw64-python3-pyproj https://bugzilla.redhat.com/show_bug.cgi?id=2060358 [ 8 ] Bug #2060816 - F36FailsToInstall: mingw64-SDL2_image, mingw32-SDL2_image https://bugzilla.redhat.com/show_bug.cgi?id=2060816 [ 9 ] Bug #2060818 - F36FailsToInstall: mingw32-qt5-qtimageformats, mingw64-qt5-qtimageformats https://bugzilla.redhat.com/show_bug.cgi?id=2060818 [ 10 ] Bug #2060819 - F36FailsToInstall: mingw32-qt5-qtwebkit, mingw64-qt5-qtwebkit https://bugzilla.redhat.com/show_bug.cgi?id=2060819 [ 11 ] Bug #2060820 - F36FailsToInstall: mingw32-qt6-qtimageformats, mingw64-qt6-qtimageformats https://bugzilla.redhat.com/show_bug.cgi?id=2060820 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-6746739d52' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 26, 2022
Fedora
98
security advisoryRed Hatbuffer overflowRed Hat: RHSA-2021-2364-01 Important: libwebp Heap Overflow Fix
An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: libwebp security update Advisory ID: RHSA-2021:2364-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2364 Issue date: 2021-06-09 CVE Names: CVE-2018-25011 CVE-2020-36328 CVE-2020-36329 ==================================================================== 1. Summary: An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Security Fix(es): * libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011) * libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328) * libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1956829 - CVE-2020-36328 libwebp: heap-based buffer overflow in WebPDecode*Into functions 1956843 - CVE-2020-36329 libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c 1956919 - CVE-2018-25011 libwebp: heap-based buffer overflow in PutLE16() 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: libwebp-1.0.0-4.el8_2.src.rpm aarch64: libwebp-1.0.0-4.el8_2.aarch64.rpm libwebp-debuginfo-1.0.0-4.el8_2.aarch64.rpm libwebp-debugsource-1.0.0-4.el8_2.aarch64.rpm libwebp-devel-1.0.0-4.el8_2.aarch64.rpm libwebp-java-debuginfo-1.0.0-4.el8_2.aarch64.rpm libwebp-tools-debuginfo-1.0.0-4.el8_2.aarch64.rpm ppc64le: libwebp-1.0.0-4.el8_2.ppc64le.rpm libwebp-debuginfo-1.0.0-4.el8_2.ppc64le.rpm libwebp-debugsource-1.0.0-4.el8_2.ppc64le.rpm libwebp-devel-1.0.0-4.el8_2.ppc64le.rpm libwebp-java-debuginfo-1.0.0-4.el8_2.ppc64le.rpm libwebp-tools-debuginfo-1.0.0-4.el8_2.ppc64le.rpm s390x: libwebp-1.0.0-4.el8_2.s390x.rpm libwebp-debuginfo-1.0.0-4.el8_2.s390x.rpm libwebp-debugsource-1.0.0-4.el8_2.s390x.rpm libwebp-devel-1.0.0-4.el8_2.s390x.rpm libwebp-java-debuginfo-1.0.0-4.el8_2.s390x.rpm libwebp-tools-debuginfo-1.0.0-4.el8_2.s390x.rpm x86_64: libwebp-1.0.0-4.el8_2.i686.rpm libwebp-1.0.0-4.el8_2.x86_64.rpm libwebp-debuginfo-1.0.0-4.el8_2.i686.rpm libwebp-debuginfo-1.0.0-4.el8_2.x86_64.rpm libwebp-debugsource-1.0.0-4.el8_2.i686.rpm libwebp-debugsource-1.0.0-4.el8_2.x86_64.rpm libwebp-devel-1.0.0-4.el8_2.i686.rpm libwebp-devel-1.0.0-4.el8_2.x86_64.rpm libwebp-java-debuginfo-1.0.0-4.el8_2.i686.rpm libwebp-java-debuginfo-1.0.0-4.el8_2.x86_64.rpm libwebp-tools-debuginfo-1.0.0-4.el8_2.i686.rpm libwebp-tools-debuginfo-1.0.0-4.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-25011 https://access.redhat.com/security/cve/CVE-2020-36328 https://access.redhat.com/security/cve/CVE-2020-36329 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMDHktzjgjWX9erEAQhWxA/+JwDMJw8+dmB5FmoqpyPNO4GEYG7q53nw ytAge2Y3ZVaELLViZTGHfD611xxSswVoxZ/j84KgBvQYGxObebuGQ2DBxmmEGN5l WJ7rAq6xv4xa6NTwpgNTcV7JJIdv9+UfDu82oBINsOc8VswfC6IrsE6fawr7uJ6V z0qnr0gaRYr8Ph9tGN8yoBB5WD5b78YHuiY9GL83XyslAUWd+BiUcUClRf0S4xNz e6MvI6yQPl5iDnoCgaVp7nC/L4fJmDefz/UamE9p5x+rwiYT6b+up6mIWnUasdoG HM3kyQwLRK01kMhIHp8aNEQELb0bztzGusMlZbN898Y1GyASNhwd5Zz+jCMXN6jK BzVLX0Yo1283bLSPSp8UxYYP6aqFiunkms36EGnCxPDaDulr3WH0FQ+2gKhDelC4 /Z93P41kgdaFuwzDTdPJ8d9IGg8nSinTlrsfkJ/E/Ji+TzgMFBqS+69swg44Ofy7 7qTk2tJTRCmq/K3HNKWUADnlwV5rBx1l3WdMrU43IsqzzIWSKGlMl3463BQo2ys5 ADmLs3Omv+yRAMjsu0UJQ9n2PxRNV5LjgZpdT5PvW6Tc+NVPi7/UQcye6MFgI4pS wm7UI/4o1MkFZgSncVMrstUpZ1gcukhITz2ZRypyI0AjtMoJv3vEs552ql6w8OgS /mVJn42E5zI=LOU0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 09, 2021
•Important
Red Hat
172
security advisorydenial of serviceUbuntuUbuntu 20.04 LTS: USN-4339-1 Critical: OpenEXR Denial Of Service
Several security issues were fixed in OpenEXR.. =========================================================================Ubuntu Security Notice USN-4339-1 April 27, 2020 openexr vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenEXR. Software Description: - openexr: tools for the OpenEXR image format Details: Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115) Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444) Samuel Groß discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764) It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service. (CVE-2020-11765) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04: libopenexr24 2.3.0-6ubuntu0.1 openexr 2.3.0-6ubuntu0.1 Ubuntu19.10: libopenexr23 2.2.1-4.1ubuntu1.1 openexr 2.2.1-4.1ubuntu1.1 Ubuntu 18.04 LTS: libopenexr22 2.2.0-11.1ubuntu1.2 openexr 2.2.0-11.1ubuntu1.2 Ubuntu 16.04 LTS: libopenexr22 2.2.0-10ubuntu2.2 openexr 2.2.0-10ubuntu2.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4339-1 CVE-2017-9111, CVE-2017-9113, CVE-2017-9115, CVE-2018-18444, CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765 Package Information: https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1 https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu1.1 https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.2 https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.2 . Urgent vulnerabilities in OpenEXR necessitate swift action from Ubuntu users to safeguard against potential DoS attacks.. OpenEXR vulnerabilities, Ubuntu Security Notice, image security. . Severity: Critical. LinuxSecurity.com Team
Apr 27, 2020
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!