Is CloudLinux affected CVE-2023-4863 - libwebp vulnerability? If so, how to mitigate it?
- CloudLinux 7
- CloudLinux 8
- CloudLinux 9
The developers have reported that none of our customers tend to use the thunderbird package, so we have not built it for a long time.
The only affected packages that CloudLinux provides, besides thunderbird, are lbiwebp and alt-libwebp.
- libwebp status:
CloudLinux 7 - not affected
CloudLinux 8 fixed in
CloudLinux 9 fixed in
- alt-libwebp status: alt-libwebp-1.3.2-1 is already in our testing repositories and you can install it using this command:
# yum update alt-libwebp-1.3.2-1 --enablerepo=cloudlinux-updates-testing
Usually, it takes about a month for us to move a package from the testing repo to stable.