Skip to main content
Sign in

CloudLinux Knowledge Base

  1. CloudLinux
  2. CloudLinux OS
  3. Known Issues

CVE-2023-4863 - libwebp vulnarability

Permanently deleted user
  • Updated

Issue

Is CloudLinux affected CVE-2023-4863 - libwebp vulnerability? If so, how to mitigate it?

Environment

  • CloudLinux 7
  • CloudLinux 8
  • CloudLinux 9
  • libwebp
  • alt-libwebp
  • thunderbird
  • CVE-2023-4863

Solution

The developers have reported that none of our customers tend to use the thunderbird package, so we have not built it for a long time.
 
The only affected packages that CloudLinux provides, besides thunderbird, are lbiwebp and alt-libwebp.

  1. libwebp status:

    CloudLinux 7 - not affected

    CloudLinux 8 fixed in libwebp-1.0.0-8.el8_8.1

    CloudLinux 9 fixed in libwebp-1.2.0-7.el9_2

  2. alt-libwebp status: alt-libwebp-1.3.2-1 is already in our testing repositories and you can install it using this command: 
    # yum update alt-libwebp-1.3.2-1 --enablerepo=cloudlinux-updates-testing

    Usually, it takes about a month for us to move a package from the testing repo to stable.

Useful Links:

https://access.redhat.com/security/cve/CVE-2023-4863

https://www.tenable.com/plugins/nessus/182136

https://blog.isosceles.com/the-webp-0day/

 

Comments

0 comments

Please sign in to leave a comment.

Related articles