Amazon Linux 2 Security Advisory: ALAS-2023-2048
Advisory Release Date: 2023-05-11 17:49 Pacific
Advisory Updated Date: 2023-05-16 15:12 Pacific
Severity:
Medium
Issue Overview:
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). (CVE-2018-25013)
Affected Packages:
libwebp
Issue Correction:
Run yum update libwebp to update your system.
New Packages:
aarch64:
libwebp-0.3.0-10.amzn2.0.2.aarch64
libwebp-tools-0.3.0-10.amzn2.0.2.aarch64
libwebp-devel-0.3.0-10.amzn2.0.2.aarch64
libwebp-java-0.3.0-10.amzn2.0.2.aarch64
libwebp-debuginfo-0.3.0-10.amzn2.0.2.aarch64
i686:
libwebp-0.3.0-10.amzn2.0.2.i686
libwebp-tools-0.3.0-10.amzn2.0.2.i686
libwebp-devel-0.3.0-10.amzn2.0.2.i686
libwebp-java-0.3.0-10.amzn2.0.2.i686
libwebp-debuginfo-0.3.0-10.amzn2.0.2.i686
src:
libwebp-0.3.0-10.amzn2.0.2.src
x86_64:
libwebp-0.3.0-10.amzn2.0.2.x86_64
libwebp-tools-0.3.0-10.amzn2.0.2.x86_64
libwebp-devel-0.3.0-10.amzn2.0.2.x86_64
libwebp-java-0.3.0-10.amzn2.0.2.x86_64
libwebp-debuginfo-0.3.0-10.amzn2.0.2.x86_64