An update for libwebp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1317 Final 1.0 1.0 2023-06-03 Initial 2023-06-03 2023-06-03 openEuler SA Tool V1.0 2023-06-03 libwebp security update An update for libwebp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. This is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently. Security Fix(es): A vulnerability was found in libwebp (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown code of the component Image File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2023-1999) An update for libwebp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium libwebp https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1317 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-1999 https://nvd.nist.gov/vuln/detail/CVE-2023-1999 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 libwebp-devel-1.1.0-3.oe1.aarch64.rpm libwebp-debuginfo-1.1.0-3.oe1.aarch64.rpm libwebp-tools-1.1.0-3.oe1.aarch64.rpm libwebp-java-1.1.0-3.oe1.aarch64.rpm libwebp-debugsource-1.1.0-3.oe1.aarch64.rpm libwebp-1.1.0-3.oe1.aarch64.rpm libwebp-debuginfo-1.1.0-3.oe1.aarch64.rpm libwebp-tools-1.1.0-3.oe1.aarch64.rpm libwebp-1.1.0-3.oe1.aarch64.rpm libwebp-devel-1.1.0-3.oe1.aarch64.rpm libwebp-java-1.1.0-3.oe1.aarch64.rpm libwebp-debugsource-1.1.0-3.oe1.aarch64.rpm libwebp-tools-1.2.1-3.oe2203.aarch64.rpm libwebp-java-1.2.1-3.oe2203.aarch64.rpm libwebp-debugsource-1.2.1-3.oe2203.aarch64.rpm libwebp-1.2.1-3.oe2203.aarch64.rpm libwebp-devel-1.2.1-3.oe2203.aarch64.rpm libwebp-debuginfo-1.2.1-3.oe2203.aarch64.rpm libwebp-1.2.1-3.oe2203sp1.aarch64.rpm libwebp-debugsource-1.2.1-3.oe2203sp1.aarch64.rpm libwebp-java-1.2.1-3.oe2203sp1.aarch64.rpm libwebp-debuginfo-1.2.1-3.oe2203sp1.aarch64.rpm libwebp-tools-1.2.1-3.oe2203sp1.aarch64.rpm libwebp-devel-1.2.1-3.oe2203sp1.aarch64.rpm libwebp-help-1.1.0-3.oe1.noarch.rpm libwebp-help-1.1.0-3.oe1.noarch.rpm libwebp-help-1.2.1-3.oe2203.noarch.rpm libwebp-help-1.2.1-3.oe2203sp1.noarch.rpm libwebp-1.1.0-3.oe1.src.rpm libwebp-1.1.0-3.oe1.src.rpm libwebp-1.2.1-3.oe2203.src.rpm libwebp-1.2.1-3.oe2203sp1.src.rpm libwebp-devel-1.1.0-3.oe1.x86_64.rpm libwebp-1.1.0-3.oe1.x86_64.rpm libwebp-tools-1.1.0-3.oe1.x86_64.rpm libwebp-debugsource-1.1.0-3.oe1.x86_64.rpm libwebp-debuginfo-1.1.0-3.oe1.x86_64.rpm libwebp-java-1.1.0-3.oe1.x86_64.rpm libwebp-devel-1.1.0-3.oe1.x86_64.rpm libwebp-java-1.1.0-3.oe1.x86_64.rpm libwebp-debuginfo-1.1.0-3.oe1.x86_64.rpm libwebp-tools-1.1.0-3.oe1.x86_64.rpm libwebp-debugsource-1.1.0-3.oe1.x86_64.rpm libwebp-1.1.0-3.oe1.x86_64.rpm libwebp-devel-1.2.1-3.oe2203.x86_64.rpm libwebp-debugsource-1.2.1-3.oe2203.x86_64.rpm libwebp-debuginfo-1.2.1-3.oe2203.x86_64.rpm libwebp-java-1.2.1-3.oe2203.x86_64.rpm libwebp-tools-1.2.1-3.oe2203.x86_64.rpm libwebp-1.2.1-3.oe2203.x86_64.rpm libwebp-1.2.1-3.oe2203sp1.x86_64.rpm libwebp-debuginfo-1.2.1-3.oe2203sp1.x86_64.rpm libwebp-devel-1.2.1-3.oe2203sp1.x86_64.rpm libwebp-tools-1.2.1-3.oe2203sp1.x86_64.rpm libwebp-debugsource-1.2.1-3.oe2203sp1.x86_64.rpm libwebp-java-1.2.1-3.oe2203sp1.x86_64.rpm A vulnerability was found in libwebp (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown code of the component Image File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. 2023-06-03 CVE-2023-1999 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 Medium 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L libwebp security update 2023-06-03 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1317