Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2103 libwebp security update 11 June 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libwebp Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-36332 CVE-2020-36331 CVE-2020-36330 CVE-2020-36329 CVE-2020-36328 CVE-2018-25014 CVE-2018-25013 CVE-2018-25011 CVE-2018-25010 CVE-2018-25009 Reference: ESB-2021.1959 ESB-2021.1914 Original Bulletin: http://www.debian.org/security/2021/dsa-4930 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4930-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 10, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libwebp CVE ID : CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 Multiple vulnerabilities were discovered in libwebp, the implementation of the WebP image format, which could result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed images are processed. For the stable distribution (buster), these problems have been fixed in version 0.6.1-2+deb10u1. We recommend that you upgrade your libwebp packages. For the detailed security status of libwebp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libwebp Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDCfg0ACgkQEMKTtsN8 TjaaKBAAqMJfe5aH4Gh14SpB7h2S5JJUK+eo/aPo1tXn7BoLiF4O5g05+McyUOdE HI9ibolUfv+HoZlCDC93MBJvopWgd1/oqReHML5n2GXPBESYXpRstL04qwaRqu9g AvofhX88EwHefTXmljVTL4W1KgMJuhhPxVLdimxoqd0/hjagZtA7B7R05khigC5k nHMFoRogSPjI9H4vI2raYaOqC26zmrZNbk/CRVhuUbtDOG9qy9okjc+6KM9RcbXC ha++EhrGXPjCg5SwrQAZ50nW3Jwif2WpSeULfTrqHr2E8nHGUCHDMMtdDwegFH/X FK0dVaNPgrayw1Dji+fhBQz3qR7pl/1DK+gsLtREafxY0+AxZ57kCi51CykT/dLs eC4bOPaoho91KuLFrT+X/AyAASS/00VuroFJB4sWQUvEpBCnWPUW1m3NvjsyoYuj 0wmQMVM5Bb/aYuWAM+/V9MeoklmtIn+OPAXqsVvLxdbB0GScwJV86/NvsN6Nde6c twImfMCK1V75FPrIsxx37M52AYWvALgXbWoVi4aQPyPeDerQdgUPL1FzTGzem0NQ PnXhuE27H/pJz79DosW8md0RFr+tfPgZ8CeTirXSUUXFiqhcXR/w1lqN2vlmfm8V dmwgzvu9A7ZhG++JRqbbMx2D+NS4coGgRdA7XPuRrdNKniRIDhQ= =pN/j - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYMLal+NLKJtyKPYoAQh2SQ/+P5aK4+BaT+q6kHJv4TL8UFW2i3Cf956Q dD3qRhiHm2TsZJxe6S86BHzitLH7DvkRaKghZUHu2LpgkL2nJUM5mghGhtsKy48e WPzq8Iz1EVKHI+ktkXhBbIhqBRM0rVAT7E51PMbOqeJWEYYEw/10Zal2V2HT1rho WGFf/8TtqBo6UOMCxq49wfMz6pL7kUmpgagvSCndIOrRDufxAuzNTwCUmelXMjuU GiVemnLp7FSUAYsGPF0zZW5DRQcBdlblDkL6Np1YZGP/bweZ5SHr5kEjPQtbTPe0 ThNrr8hjtaYe37SpadTd23+WGd+U4fxZ21UFFCbdPlnmUGqowxCPRn2GlG4zqGRw zxQs8XZDLcrr9m0hgFbw10Kn0hEsCx6WXS9B8064N+/NSeIwwc8Fid/l8U/r1S32 aHbl6ZIX2MkwmhX8kPfzrSkHppccXOpGk8WyyHiPmmmjUu5IRHwX5LgMKEdSYQE8 +y8pUaRCDpLUO/WkoFTXex54/BQo1KMMIR+BmzJGSI5VbO4ejNyBF/lhzFkdOpOg TsTixHrbOMzhbGhWvqXeqZ7fXTH2+G9yE/LV5nyRFkOPrmhI6dk8k03EeDsWf7Gb slDlp2SSws4qzJu7ji08B6tLGdd3YQ4hSxGA+MNOmz/ITXRUkPVNDG3OuSfmoqP0 1+vFe3kh1cg= =EcDO -----END PGP SIGNATURE-----