important: libwebp/libsolv security update
important
An update for libwebp/libsolv is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
libwebp:
libsolv:
Security Fix(es):
libwebp: This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.(CVE-2023-5129)
libwebp: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.(CVE-2023-4863)
libwebp: bugfix
libsolv: A flaw was found in libsolv. A buffer overflow vulnerability could cause a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2021-3200)
libsolv: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.F2B12.