Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2103
libwebp security update
11 June 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libwebp
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-36332 CVE-2020-36331 CVE-2020-36330
CVE-2020-36329 CVE-2020-36328 CVE-2018-25014
CVE-2018-25013 CVE-2018-25011 CVE-2018-25010
CVE-2018-25009
Reference: ESB-2021.1959
ESB-2021.1914
Original Bulletin:
http://www.debian.org/security/2021/dsa-4930
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4930-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 10, 2021 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : libwebp
CVE ID : CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25013
CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330
CVE-2020-36331 CVE-2020-36332
Multiple vulnerabilities were discovered in libwebp, the implementation
of the WebP image format, which could result in denial of service, memory
disclosure or potentially the execution of arbitrary code if malformed
images are processed.
For the stable distribution (buster), these problems have been fixed in
version 0.6.1-2+deb10u1.
We recommend that you upgrade your libwebp packages.
For the detailed security status of libwebp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libwebp
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDCfg0ACgkQEMKTtsN8
TjaaKBAAqMJfe5aH4Gh14SpB7h2S5JJUK+eo/aPo1tXn7BoLiF4O5g05+McyUOdE
HI9ibolUfv+HoZlCDC93MBJvopWgd1/oqReHML5n2GXPBESYXpRstL04qwaRqu9g
AvofhX88EwHefTXmljVTL4W1KgMJuhhPxVLdimxoqd0/hjagZtA7B7R05khigC5k
nHMFoRogSPjI9H4vI2raYaOqC26zmrZNbk/CRVhuUbtDOG9qy9okjc+6KM9RcbXC
ha++EhrGXPjCg5SwrQAZ50nW3Jwif2WpSeULfTrqHr2E8nHGUCHDMMtdDwegFH/X
FK0dVaNPgrayw1Dji+fhBQz3qR7pl/1DK+gsLtREafxY0+AxZ57kCi51CykT/dLs
eC4bOPaoho91KuLFrT+X/AyAASS/00VuroFJB4sWQUvEpBCnWPUW1m3NvjsyoYuj
0wmQMVM5Bb/aYuWAM+/V9MeoklmtIn+OPAXqsVvLxdbB0GScwJV86/NvsN6Nde6c
twImfMCK1V75FPrIsxx37M52AYWvALgXbWoVi4aQPyPeDerQdgUPL1FzTGzem0NQ
PnXhuE27H/pJz79DosW8md0RFr+tfPgZ8CeTirXSUUXFiqhcXR/w1lqN2vlmfm8V
dmwgzvu9A7ZhG++JRqbbMx2D+NS4coGgRdA7XPuRrdNKniRIDhQ=
=pN/j
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYMLal+NLKJtyKPYoAQh2SQ/+P5aK4+BaT+q6kHJv4TL8UFW2i3Cf956Q
dD3qRhiHm2TsZJxe6S86BHzitLH7DvkRaKghZUHu2LpgkL2nJUM5mghGhtsKy48e
WPzq8Iz1EVKHI+ktkXhBbIhqBRM0rVAT7E51PMbOqeJWEYYEw/10Zal2V2HT1rho
WGFf/8TtqBo6UOMCxq49wfMz6pL7kUmpgagvSCndIOrRDufxAuzNTwCUmelXMjuU
GiVemnLp7FSUAYsGPF0zZW5DRQcBdlblDkL6Np1YZGP/bweZ5SHr5kEjPQtbTPe0
ThNrr8hjtaYe37SpadTd23+WGd+U4fxZ21UFFCbdPlnmUGqowxCPRn2GlG4zqGRw
zxQs8XZDLcrr9m0hgFbw10Kn0hEsCx6WXS9B8064N+/NSeIwwc8Fid/l8U/r1S32
aHbl6ZIX2MkwmhX8kPfzrSkHppccXOpGk8WyyHiPmmmjUu5IRHwX5LgMKEdSYQE8
+y8pUaRCDpLUO/WkoFTXex54/BQo1KMMIR+BmzJGSI5VbO4ejNyBF/lhzFkdOpOg
TsTixHrbOMzhbGhWvqXeqZ7fXTH2+G9yE/LV5nyRFkOPrmhI6dk8k03EeDsWf7Gb
slDlp2SSws4qzJu7ji08B6tLGdd3YQ4hSxGA+MNOmz/ITXRUkPVNDG3OuSfmoqP0
1+vFe3kh1cg=
=EcDO
-----END PGP SIGNATURE-----