cve-2023-4863
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium (Debian) |
Fix Released
|
Unknown
|
|||
chromium-browser (Ubuntu) |
Fix Released
|
Critical
|
Nathan Teodosio | ||
firefox (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
firefox-esr (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
libwebp (Debian) |
Fix Released
|
Unknown
|
|||
libwebp (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
thunderbird (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[$NA][1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06
https:/
high profile remote vulnerability
themusicgod1@
chromium-browser:
Installed: 1:85.0.
Candidate: 1:85.0.
Version table:
current available snap:
chromium 116.0.5845.179
fix is in:
chromium 116.0.5845.187
ubuntu: 22.04.3 LTS jammy
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: chromium-browser 1:85.0.
ProcVersionSign
Uname: Linux 6.2.0-26-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Tue Sep 12 08:38:06 2023
DiskUsage:
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda2 ext4 228G 162G 55G 75% /
tmpfs tmpfs 3.9G 66M 3.8G 2% /dev/shm
/dev/sda2 ext4 228G 162G 55G 75% /
InstallationDate: Installed on 2017-04-18 (2337 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
MachineType: MSI MS-7994
ProcKernelCmdLine: BOOT_IMAGE=
Snap.Changes: no changes found
Snap.ChromeDriv
Snap.ChromiumVe
SourcePackage: chromium-browser
UpgradeStatus: Upgraded to jammy on 2023-06-14 (89 days ago)
dmi.bios.date: 12/16/2016
dmi.bios.release: 5.12
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 5.80
dmi.board.
dmi.board.name: H110M GAMING (MS-7994)
dmi.board.vendor: MSI
dmi.board.version: 1.0
dmi.chassis.
dmi.chassis.type: 3
dmi.chassis.vendor: MSI
dmi.chassis.
dmi.modalias: dmi:bvnAmerican
dmi.product.family: Default string
dmi.product.name: MS-7994
dmi.product.sku: Default string
dmi.product.
dmi.sys.vendor: MSI
mtime.conffile.
CVE References
Changed in chromium (Debian): | |
status: | Unknown → New |
tags: | added: mantic |
Changed in libwebp (Debian): | |
status: | Unknown → New |
information type: | Private Security → Public Security |
Changed in chromium-browser (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → Critical |
assignee: | nobody → Nathan Teodosio (nteodosio) |
Changed in libwebp (Debian): | |
status: | New → Confirmed |
Changed in chromium-browser (Ubuntu): | |
status: | In Progress → Fix Released |
Changed in libwebp (Debian): | |
status: | Confirmed → Fix Released |
Changed in chromium (Debian): | |
status: | New → Fix Released |
also appears valid for 23.04 lunar:
==> Installing the chromium snap
chromium 116.0.5845.179 from Canonical✓ installed