Action not permitted
Modal body text goes here.
cve-2020-36328
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://seclists.org/fulldisclosure/2021/Jul/54 | Mailing List, Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1956829 | Issue Tracking, Patch, Release Notes, Third Party Advisory | |
secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html | Mailing List, Third Party Advisory | |
secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html | Mailing List, Third Party Advisory | |
secalert@redhat.com | https://security.netapp.com/advisory/ntap-20211112-0001/ | Third Party Advisory | |
secalert@redhat.com | https://support.apple.com/kb/HT212601 | Third Party Advisory | |
secalert@redhat.com | https://www.debian.org/security/2021/dsa-4930 | Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:23:10.457Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" }, { "name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html" }, { "name": "DSA-4930", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4930" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT212601" }, { "name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Jul/54" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211112-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libwebp", "vendor": "n/a", "versions": [ { "status": "affected", "version": "libwebp 1.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-12T08:06:24", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" }, { "name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html" }, { "name": "DSA-4930", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4930" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT212601" }, { "name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Jul/54" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211112-0001/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-36328", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "libwebp", "version": { "version_data": [ { "version_value": "libwebp 1.0.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" }, { "name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html" }, { "name": "DSA-4930", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4930" }, { "name": "https://support.apple.com/kb/HT212601", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212601" }, { "name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Jul/54" }, { "name": "https://security.netapp.com/advisory/ntap-20211112-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211112-0001/" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-36328", "datePublished": "2021-05-21T16:14:21", "dateReserved": "2021-05-04T00:00:00", "dateUpdated": "2024-08-04T17:23:10.457Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-36328\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-05-21T17:15:08.270\",\"lastModified\":\"2023-01-09T16:41:59.350\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en libwebp en versiones anteriores a 1.0.1.\u0026#xa0;Un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n WebPDecodeRGBInto es posible debido a una verificaci\u00f3n no v\u00e1lida del tama\u00f1o del b\u00fafer.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1\",\"matchCriteriaId\":\"97062C06-0227-489B-8E3C-B62050B69C41\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7CF3019-975D-40BB-A8A4-894E62BD3797\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:14.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF4D8B45-0EA9-4DE7-941C-FB79CFD2CB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:14.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC1AB01D-4E13-4AB1-811F-429135BF5E12\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2021/Jul/54\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1956829\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211112-0001/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212601\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4930\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
var-202105-1461
Vulnerability from variot
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. libwebp Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Versions of libwebp prior to 1.0.1 have security vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7
iOS 14.7 and iPadOS 14.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212601.
iOS 14.7 released July 19, 2021; iPadOS 14.7 released July 21, 2021
ActionKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A shortcut may be able to bypass Internet permission requirements Description: An input validation issue was addressed with improved input validation. CVE-2021-30763: Zachary Keffaber (@QuickUpdate5)
Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30781: tr3e
AVEVideoEncoder Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30748: George Nosenko
CoreAudio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A logic issue was addressed with improved validation. CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A race condition was addressed with improved state handling. CVE-2021-30786: ryuzaki
CoreText Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of Knownsec 404 team
Crash Reporter Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2021-30774: Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University
CVMS Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to gain root privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications
dyld Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved validation. CVE-2021-30768: Linus Henze (pinauten.de)
Find My Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to access Find My data Description: A permissions issue was addressed with improved validation. CVE-2021-30804: Csaba Fitzl (@theevilbit) of Offensive Security
FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2021-30760: Sunglin of Knownsec 404 team
FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative
FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative
Identity Service Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2021-30773: Linus Henze (pinauten.de)
Image Processing Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30802: Matthew Denton of Google Chrome Security
ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of Trend Micro
Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved state management. CVE-2021-30769: Linus Henze (pinauten.de)
Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A logic issue was addressed with improved validation. CVE-2021-30770: Linus Henze (pinauten.de)
libxml2 Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-3518
Measure Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Multiple issues in libwebp Description: Multiple issues were addressed by updating to version 1.2.0. CVE-2018-25010 CVE-2018-25011 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331
Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved validation. CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro
Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30792: Anonymous working with Trend Micro Zero Day Initiative
Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30791: Anonymous working with Trend Micro Zero Day Initiative
TCC Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro
WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-30758: Christoph Guttandin of Media Codings
WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30795: Sergei Glazunov of Google Project Zero
WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: This issue was addressed with improved checks. CVE-2021-30797: Ivan Fratric of Google Project Zero
WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30799: Sergei Glazunov of Google Project Zero
Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30800: vm_call, Nozhdar Abdulkhaleq Shukri
Additional recognition
Assets We would like to acknowledge Cees Elzinga for their assistance.
CoreText We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
Safari We would like to acknowledge an anonymous researcher for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be "14.7"
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8YACgkQZcsbuWJ6 jjB5LBAAkEy25fNpo8rg42bsyJwWsSQQxPN79JFxQ6L8tqdsM+MZk86dUKtsRQ47 mxarMf4uBwiIOtrGSCGHLIxXAzLqPY47NDhO+ls0dVxGMETkoR/287AeLnw2ITh3 DM0H/pco4hRhPh8neYTMjNPMAgkepx+r7IqbaHWapn42nRC4/2VkEtVGltVDLs3L K0UQP0cjy2w9KvRF33H3uKNCaCTJrVkDBLKWC7rPPpomwp3bfmbQHjs0ixV5Y8l5 3MfNmCuhIt34zAjVELvbE/PUXgkmsECbXHNZOct7ZLAbceneVKtSmynDtoEN0ajM JiJ6j+FCtdfB3xHk3cHqB6sQZm7fDxdK3z91MZvSZwwmdhJeHD/TxcItRlHNOYA1 FSi0Q954DpIqz3Fs4DGE7Vwz0g5+o5qup8cnw9oLXBdqZwWANuLsQlHlioPbcDhl r1DmwtghmDYFUeSMnzHu/iuRepEju+BRMS3ybCm5j+I3kyvAV8pyvqNNRLfJn+w+ Wl/lwXTtXbgsNPR7WJCBJffxB0gOGZaIG1blSGCY89t2if0vD95R5sRsrnaxuqWc qmtRdBfbmjxk/G+6t1sd4wFglTNovHiLIHXh17cwdIWMB35yFs7VA35833/rF4Oo jOF1D12o58uAewxAsK+cTixe7I9U5Awkad2Jz19V3qHnRWGqtVg\x8e1h -----END PGP SIGNATURE-----
. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1979134 - Placeholder bug for OCP 4.6.0 extras release
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: libwebp security update Advisory ID: RHSA-2021:2260-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2260 Issue date: 2021-06-07 CVE Names: CVE-2018-25011 CVE-2020-36328 CVE-2020-36329 =====================================================================
- Summary:
An update for libwebp is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: libwebp-0.3.0-10.el7_9.src.rpm
x86_64: libwebp-0.3.0-10.el7_9.i686.rpm libwebp-0.3.0-10.el7_9.x86_64.rpm libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm libwebp-devel-0.3.0-10.el7_9.i686.rpm libwebp-devel-0.3.0-10.el7_9.x86_64.rpm libwebp-java-0.3.0-10.el7_9.x86_64.rpm libwebp-tools-0.3.0-10.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: libwebp-0.3.0-10.el7_9.src.rpm
x86_64: libwebp-0.3.0-10.el7_9.i686.rpm libwebp-0.3.0-10.el7_9.x86_64.rpm libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm libwebp-devel-0.3.0-10.el7_9.i686.rpm libwebp-devel-0.3.0-10.el7_9.x86_64.rpm libwebp-java-0.3.0-10.el7_9.x86_64.rpm libwebp-tools-0.3.0-10.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: libwebp-0.3.0-10.el7_9.src.rpm
ppc64: libwebp-0.3.0-10.el7_9.ppc.rpm libwebp-0.3.0-10.el7_9.ppc64.rpm libwebp-debuginfo-0.3.0-10.el7_9.ppc.rpm libwebp-debuginfo-0.3.0-10.el7_9.ppc64.rpm
ppc64le: libwebp-0.3.0-10.el7_9.ppc64le.rpm libwebp-debuginfo-0.3.0-10.el7_9.ppc64le.rpm
s390x: libwebp-0.3.0-10.el7_9.s390.rpm libwebp-0.3.0-10.el7_9.s390x.rpm libwebp-debuginfo-0.3.0-10.el7_9.s390.rpm libwebp-debuginfo-0.3.0-10.el7_9.s390x.rpm
x86_64: libwebp-0.3.0-10.el7_9.i686.rpm libwebp-0.3.0-10.el7_9.x86_64.rpm libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: libwebp-debuginfo-0.3.0-10.el7_9.ppc.rpm libwebp-debuginfo-0.3.0-10.el7_9.ppc64.rpm libwebp-devel-0.3.0-10.el7_9.ppc.rpm libwebp-devel-0.3.0-10.el7_9.ppc64.rpm libwebp-java-0.3.0-10.el7_9.ppc64.rpm libwebp-tools-0.3.0-10.el7_9.ppc64.rpm
ppc64le: libwebp-debuginfo-0.3.0-10.el7_9.ppc64le.rpm libwebp-devel-0.3.0-10.el7_9.ppc64le.rpm libwebp-java-0.3.0-10.el7_9.ppc64le.rpm libwebp-tools-0.3.0-10.el7_9.ppc64le.rpm
s390x: libwebp-debuginfo-0.3.0-10.el7_9.s390.rpm libwebp-debuginfo-0.3.0-10.el7_9.s390x.rpm libwebp-devel-0.3.0-10.el7_9.s390.rpm libwebp-devel-0.3.0-10.el7_9.s390x.rpm libwebp-java-0.3.0-10.el7_9.s390x.rpm libwebp-tools-0.3.0-10.el7_9.s390x.rpm
x86_64: libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm libwebp-devel-0.3.0-10.el7_9.i686.rpm libwebp-devel-0.3.0-10.el7_9.x86_64.rpm libwebp-java-0.3.0-10.el7_9.x86_64.rpm libwebp-tools-0.3.0-10.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: libwebp-0.3.0-10.el7_9.src.rpm
x86_64: libwebp-0.3.0-10.el7_9.i686.rpm libwebp-0.3.0-10.el7_9.x86_64.rpm libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm libwebp-devel-0.3.0-10.el7_9.i686.rpm libwebp-devel-0.3.0-10.el7_9.x86_64.rpm libwebp-java-0.3.0-10.el7_9.x86_64.rpm libwebp-tools-0.3.0-10.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-25011 https://access.redhat.com/security/cve/CVE-2020-36328 https://access.redhat.com/security/cve/CVE-2020-36329 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYL4OxtzjgjWX9erEAQi1Yw//ZajpWKH7bKTBXifw2DXrc61fOReKCwR9 sQ/djSkMMo+hwhFNtqq9zHDmI81tuOzBRgzA0FzA6qeNZGzsJmNX/RrNgnep9um7 X08Dvb6+5VuHWBrrBv26wV5wGq/t2VKgGXSoJi6CDDDRlLn/RiAJzuZqhdhp3Ijn xBHIDIEYoNTYoDvbvZUVhY1kRKJ2sr3UxjcWPqDCNZdu51Z8ssW5up/Uh3NaY8yv iB7PIoIHrtBD0nGQcy5h4qE47wFbe9RdLTOaqGDAGaOrHWWT56eC72YnCYKMxO4K 8X9EXjhEmmH4a4Pl4dND7D1wiiOQe5kSA8IhYdgHVZQyo9WBJTD6g6C5IERwwjat s3Z7vhzA+/cLEo8+Jc5orRGoLArU5rOl4uqh64AEPaON9UB8bMOnqm24y+Ebyi0B S+zZ2kQ1FGeQIMnrjAer3OUcVnf26e6qNWBK+HCjdfmbhgtZxTtXyOKcM4lSFVcm LY8pLMWzZpcSCpYh15YtRRCWr4bJyX1UD8V3l2Zzek9zmFq5ogVX78KBYV3c4oWn ReVMDEpXb3bYoV/EsMk7WOaDBKM1eU2OjVp2e7r2Fnt8GESxSpZ1pKegkxXdPnmX EmPhXKZNnwh4Z4Aw2AYIsQVo9QTyvCnZjfjAy9WfIqbyg8OTGJOeQqQLlKsq6ddb YXjUcIgJv2g= =kWSg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 7) - noarch
- Description:
The Qt Image Formats in an add-on module for the core Qt Gui library that provides support for additional image formats including MNG, TGA, TIFF, WBMP, and WebP. 8) - aarch64, ppc64le, s390x, x86_64
3
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202105-1461", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "libwebp", "scope": "lt", "trust": 1.0, "vendor": "webmproject", "version": "1.0.1" }, { "model": "ontap select deploy administration utility", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "iphone os", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "14.7" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "ipados", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "14.7" }, { "model": "libwebp", "scope": null, "trust": 0.8, "vendor": "the webm", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "ontap select deploy administration utility", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "red hat enterprise linux", "scope": null, "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": null }, { "model": "ipados", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "ios", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-016582" }, { "db": "NVD", "id": "CVE-2020-36328" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:ipados:14.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:14.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36328" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "163504" }, { "db": "PACKETSTORM", "id": "162998" }, { "db": "PACKETSTORM", "id": "163028" }, { "db": "PACKETSTORM", "id": "163029" }, { "db": "PACKETSTORM", "id": "163058" }, { "db": "PACKETSTORM", "id": "163061" } ], "trust": 0.6 }, "cve": "CVE-2020-36328", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-36328", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-391907", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-36328", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36328", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202105-1380", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-391907", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-36328", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-391907" }, { "db": "VULMON", "id": "CVE-2020-36328" }, { "db": "JVNDB", "id": "JVNDB-2018-016582" }, { "db": "CNNVD", "id": "CNNVD-202105-1380" }, { "db": "NVD", "id": "CVE-2020-36328" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. libwebp Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Versions of libwebp prior to 1.0.1 have security vulnerabilities. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7\n\niOS 14.7 and iPadOS 14.7 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212601. \n\niOS 14.7 released July 19, 2021; iPadOS 14.7 released July 21, 2021\n\nActionKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A shortcut may be able to bypass Internet permission\nrequirements\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2021-30763: Zachary Keffaber (@QuickUpdate5)\n\nAudio\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30781: tr3e\n\nAVEVideoEncoder\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30748: George Nosenko\n\nCoreAudio\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Playing a malicious audio file may lead to an unexpected\napplication termination\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab\n\nCoreGraphics\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30786: ryuzaki\n\nCoreText\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of\nKnownsec 404 team\n\nCrash Reporter\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30774: Yizhuo Wang of Group of Software Security In\nProgress (G.O.S.S.I.P) at Shanghai Jiao Tong University\n\nCVMS\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to gain root privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video\nCommunications\n\ndyld\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30768: Linus Henze (pinauten.de)\n\nFind My\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to access Find My data\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2021-30804: Csaba Fitzl (@theevilbit) of Offensive Security\n\nFontParser\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2021-30760: Sunglin of Knownsec 404 team\n\nFontParser\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted tiff file may lead to a\ndenial-of-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative\n\nFontParser\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A stack overflow was addressed with improved input\nvalidation. \nCVE-2021-30759: hjy79425575 working with Trend Micro Zero Day\nInitiative\n\nIdentity Service\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to bypass code signing\nchecks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2021-30773: Linus Henze (pinauten.de)\n\nImage Processing\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30802: Matthew Denton of Google Chrome Security\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of\nTrend Micro\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30769: Linus Henze (pinauten.de)\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An attacker that has already achieved kernel code execution\nmay be able to bypass kernel memory mitigations\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30770: Linus Henze (pinauten.de)\n\nlibxml2\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2021-3518\n\nMeasure\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Multiple issues in libwebp\nDescription: Multiple issues were addressed by updating to version\n1.2.0. \nCVE-2018-25010\nCVE-2018-25011\nCVE-2018-25014\nCVE-2020-36328\nCVE-2020-36329\nCVE-2020-36330\nCVE-2020-36331\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-30792: Anonymous working with Trend Micro Zero Day\nInitiative\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted file may disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30791: Anonymous working with Trend Micro Zero Day\nInitiative\n\nTCC\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-30758: Christoph Guttandin of Media Codings\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30795: Sergei Glazunov of Google Project Zero\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30797: Ivan Fratric of Google Project Zero\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2021-30799: Sergei Glazunov of Google Project Zero\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Joining a malicious Wi-Fi network may result in a denial of\nservice or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30800: vm_call, Nozhdar Abdulkhaleq Shukri\n\nAdditional recognition\n\nAssets\nWe would like to acknowledge Cees Elzinga for their assistance. \n\nCoreText\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSafari\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n* Navigate to Settings\n* Select General\n* Select About\n* The version after applying this update will be \"14.7\"\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8YACgkQZcsbuWJ6\njjB5LBAAkEy25fNpo8rg42bsyJwWsSQQxPN79JFxQ6L8tqdsM+MZk86dUKtsRQ47\nmxarMf4uBwiIOtrGSCGHLIxXAzLqPY47NDhO+ls0dVxGMETkoR/287AeLnw2ITh3\nDM0H/pco4hRhPh8neYTMjNPMAgkepx+r7IqbaHWapn42nRC4/2VkEtVGltVDLs3L\nK0UQP0cjy2w9KvRF33H3uKNCaCTJrVkDBLKWC7rPPpomwp3bfmbQHjs0ixV5Y8l5\n3MfNmCuhIt34zAjVELvbE/PUXgkmsECbXHNZOct7ZLAbceneVKtSmynDtoEN0ajM\nJiJ6j+FCtdfB3xHk3cHqB6sQZm7fDxdK3z91MZvSZwwmdhJeHD/TxcItRlHNOYA1\nFSi0Q954DpIqz3Fs4DGE7Vwz0g5+o5qup8cnw9oLXBdqZwWANuLsQlHlioPbcDhl\nr1DmwtghmDYFUeSMnzHu/iuRepEju+BRMS3ybCm5j+I3kyvAV8pyvqNNRLfJn+w+\nWl/lwXTtXbgsNPR7WJCBJffxB0gOGZaIG1blSGCY89t2if0vD95R5sRsrnaxuqWc\nqmtRdBfbmjxk/G+6t1sd4wFglTNovHiLIHXh17cwdIWMB35yFs7VA35833/rF4Oo\njOF1D12o58uAewxAsK+cTixe7I9U5Awkad2Jz19V3qHnRWGqtVg\\x8e1h\n-----END PGP SIGNATURE-----\n\n\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1979134 - Placeholder bug for OCP 4.6.0 extras release\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: libwebp security update\nAdvisory ID: RHSA-2021:2260-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2260\nIssue date: 2021-06-07\nCVE Names: CVE-2018-25011 CVE-2020-36328 CVE-2020-36329 \n=====================================================================\n\n1. Summary:\n\nAn update for libwebp is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe libwebp packages provide a library and tools for the WebP graphics\nformat. WebP is an image format with a lossy compression of digital\nphotographic images. WebP consists of a codec based on the VP8 format, and\na container based on the Resource Interchange File Format (RIFF). \nWebmasters, web developers and browser developers can use WebP to compress,\narchive, and distribute digital images more efficiently. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibwebp-0.3.0-10.el7_9.src.rpm\n\nx86_64:\nlibwebp-0.3.0-10.el7_9.i686.rpm\nlibwebp-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.i686.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibwebp-debuginfo-0.3.0-10.el7_9.i686.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-devel-0.3.0-10.el7_9.i686.rpm\nlibwebp-devel-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-java-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-tools-0.3.0-10.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibwebp-0.3.0-10.el7_9.src.rpm\n\nx86_64:\nlibwebp-0.3.0-10.el7_9.i686.rpm\nlibwebp-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.i686.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nlibwebp-debuginfo-0.3.0-10.el7_9.i686.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-devel-0.3.0-10.el7_9.i686.rpm\nlibwebp-devel-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-java-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-tools-0.3.0-10.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibwebp-0.3.0-10.el7_9.src.rpm\n\nppc64:\nlibwebp-0.3.0-10.el7_9.ppc.rpm\nlibwebp-0.3.0-10.el7_9.ppc64.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.ppc.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.ppc64.rpm\n\nppc64le:\nlibwebp-0.3.0-10.el7_9.ppc64le.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.ppc64le.rpm\n\ns390x:\nlibwebp-0.3.0-10.el7_9.s390.rpm\nlibwebp-0.3.0-10.el7_9.s390x.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.s390.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.s390x.rpm\n\nx86_64:\nlibwebp-0.3.0-10.el7_9.i686.rpm\nlibwebp-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.i686.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nlibwebp-debuginfo-0.3.0-10.el7_9.ppc.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.ppc64.rpm\nlibwebp-devel-0.3.0-10.el7_9.ppc.rpm\nlibwebp-devel-0.3.0-10.el7_9.ppc64.rpm\nlibwebp-java-0.3.0-10.el7_9.ppc64.rpm\nlibwebp-tools-0.3.0-10.el7_9.ppc64.rpm\n\nppc64le:\nlibwebp-debuginfo-0.3.0-10.el7_9.ppc64le.rpm\nlibwebp-devel-0.3.0-10.el7_9.ppc64le.rpm\nlibwebp-java-0.3.0-10.el7_9.ppc64le.rpm\nlibwebp-tools-0.3.0-10.el7_9.ppc64le.rpm\n\ns390x:\nlibwebp-debuginfo-0.3.0-10.el7_9.s390.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.s390x.rpm\nlibwebp-devel-0.3.0-10.el7_9.s390.rpm\nlibwebp-devel-0.3.0-10.el7_9.s390x.rpm\nlibwebp-java-0.3.0-10.el7_9.s390x.rpm\nlibwebp-tools-0.3.0-10.el7_9.s390x.rpm\n\nx86_64:\nlibwebp-debuginfo-0.3.0-10.el7_9.i686.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-devel-0.3.0-10.el7_9.i686.rpm\nlibwebp-devel-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-java-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-tools-0.3.0-10.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibwebp-0.3.0-10.el7_9.src.rpm\n\nx86_64:\nlibwebp-0.3.0-10.el7_9.i686.rpm\nlibwebp-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.i686.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibwebp-debuginfo-0.3.0-10.el7_9.i686.rpm\nlibwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-devel-0.3.0-10.el7_9.i686.rpm\nlibwebp-devel-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-java-0.3.0-10.el7_9.x86_64.rpm\nlibwebp-tools-0.3.0-10.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-25011\nhttps://access.redhat.com/security/cve/CVE-2020-36328\nhttps://access.redhat.com/security/cve/CVE-2020-36329\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYL4OxtzjgjWX9erEAQi1Yw//ZajpWKH7bKTBXifw2DXrc61fOReKCwR9\nsQ/djSkMMo+hwhFNtqq9zHDmI81tuOzBRgzA0FzA6qeNZGzsJmNX/RrNgnep9um7\nX08Dvb6+5VuHWBrrBv26wV5wGq/t2VKgGXSoJi6CDDDRlLn/RiAJzuZqhdhp3Ijn\nxBHIDIEYoNTYoDvbvZUVhY1kRKJ2sr3UxjcWPqDCNZdu51Z8ssW5up/Uh3NaY8yv\niB7PIoIHrtBD0nGQcy5h4qE47wFbe9RdLTOaqGDAGaOrHWWT56eC72YnCYKMxO4K\n8X9EXjhEmmH4a4Pl4dND7D1wiiOQe5kSA8IhYdgHVZQyo9WBJTD6g6C5IERwwjat\ns3Z7vhzA+/cLEo8+Jc5orRGoLArU5rOl4uqh64AEPaON9UB8bMOnqm24y+Ebyi0B\nS+zZ2kQ1FGeQIMnrjAer3OUcVnf26e6qNWBK+HCjdfmbhgtZxTtXyOKcM4lSFVcm\nLY8pLMWzZpcSCpYh15YtRRCWr4bJyX1UD8V3l2Zzek9zmFq5ogVX78KBYV3c4oWn\nReVMDEpXb3bYoV/EsMk7WOaDBKM1eU2OjVp2e7r2Fnt8GESxSpZ1pKegkxXdPnmX\nEmPhXKZNnwh4Z4Aw2AYIsQVo9QTyvCnZjfjAy9WfIqbyg8OTGJOeQqQLlKsq6ddb\nYXjUcIgJv2g=\n=kWSg\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 7) - noarch\n\n3. Description:\n\nThe Qt Image Formats in an add-on module for the core Qt Gui library that\nprovides support for additional image formats including MNG, TGA, TIFF,\nWBMP, and WebP. 8) - aarch64, ppc64le, s390x, x86_64\n\n3", "sources": [ { "db": "NVD", "id": "CVE-2020-36328" }, { "db": "JVNDB", "id": "JVNDB-2018-016582" }, { "db": "VULHUB", "id": "VHN-391907" }, { "db": "VULMON", "id": "CVE-2020-36328" }, { "db": "PACKETSTORM", "id": "163645" }, { "db": "PACKETSTORM", "id": "163504" }, { "db": "PACKETSTORM", "id": "162998" }, { "db": "PACKETSTORM", "id": "163028" }, { "db": "PACKETSTORM", "id": "163029" }, { "db": "PACKETSTORM", "id": "163058" }, { "db": "PACKETSTORM", "id": "163061" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36328", "trust": 4.1 }, { "db": "PACKETSTORM", "id": "163058", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "163504", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "163028", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162998", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-016582", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202105-1380", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "163645", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021090829", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072216", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021061420", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060725", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060939", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071517", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1965", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2102", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1880", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1959", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2485.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2388", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2036", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2070", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "163061", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "163029", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-391907", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-36328", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-391907" }, { "db": "VULMON", "id": "CVE-2020-36328" }, { "db": "JVNDB", "id": "JVNDB-2018-016582" }, { "db": "PACKETSTORM", "id": "163645" }, { "db": "PACKETSTORM", "id": "163504" }, { "db": "PACKETSTORM", "id": "162998" }, { "db": "PACKETSTORM", "id": "163028" }, { "db": "PACKETSTORM", "id": "163029" }, { "db": "PACKETSTORM", "id": "163058" }, { "db": "PACKETSTORM", "id": "163061" }, { "db": "CNNVD", "id": "CNNVD-202105-1380" }, { "db": "NVD", "id": "CVE-2020-36328" } ] }, "id": "VAR-202105-1461", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-391907" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:28:54.681000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Bug\u00a01956829", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" }, { "title": "libwebp Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151879" }, { "title": "Debian Security Advisories: DSA-4930-1 libwebp -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6dad0021173658916444dfc89f8d2495" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-36328" }, { "db": "JVNDB", "id": "JVNDB-2018-016582" }, { "db": "CNNVD", "id": "CNNVD-202105-1380" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-119", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-391907" }, { "db": "JVNDB", "id": "JVNDB-2018-016582" }, { "db": "NVD", "id": "CVE-2020-36328" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://www.debian.org/security/2021/dsa-4930" }, { "trust": 1.8, "url": "https://support.apple.com/kb/ht212601" }, { "trust": 1.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20211112-0001/" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2021/jul/54" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36328" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36329" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25011" }, { "trust": 0.6, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-36329" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-36328" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2018-25011" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1959" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163028/red-hat-security-advisory-2021-2328-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060725" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/libwebp-five-vulnerabilities-35580" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2485.2" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1965" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163504/red-hat-security-advisory-2021-2643-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072216" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162998/red-hat-security-advisory-2021-2260-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163058/red-hat-security-advisory-2021-2365-01.html" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212601" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060939" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1880" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021061420" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071517" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163645/apple-security-advisory-2021-07-21-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2036" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2102" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2388" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2070" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021090829" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.5, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://support.apple.com/ht212601." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30768" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30781" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30773" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30776" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30780" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30759" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30789" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30786" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30775" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30748" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30779" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30774" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30763" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30760" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30770" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30769" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30785" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3583" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7598" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3570" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:2641" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7598" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2643" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3570" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3583" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2260" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2328" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25014" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2354" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2365" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2364" } ], "sources": [ { "db": "VULHUB", "id": "VHN-391907" }, { "db": "VULMON", "id": "CVE-2020-36328" }, { "db": "JVNDB", "id": "JVNDB-2018-016582" }, { "db": "PACKETSTORM", "id": "163645" }, { "db": "PACKETSTORM", "id": "163504" }, { "db": "PACKETSTORM", "id": "162998" }, { "db": "PACKETSTORM", "id": "163028" }, { "db": "PACKETSTORM", "id": "163029" }, { "db": "PACKETSTORM", "id": "163058" }, { "db": "PACKETSTORM", "id": "163061" }, { "db": "CNNVD", "id": "CNNVD-202105-1380" }, { "db": "NVD", "id": "CVE-2020-36328" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-391907" }, { "db": "VULMON", "id": "CVE-2020-36328" }, { "db": "JVNDB", "id": "JVNDB-2018-016582" }, { "db": "PACKETSTORM", "id": "163645" }, { "db": "PACKETSTORM", "id": "163504" }, { "db": "PACKETSTORM", "id": "162998" }, { "db": "PACKETSTORM", "id": "163028" }, { "db": "PACKETSTORM", "id": "163029" }, { "db": "PACKETSTORM", "id": "163058" }, { "db": "PACKETSTORM", "id": "163061" }, { "db": "CNNVD", "id": "CNNVD-202105-1380" }, { "db": "NVD", "id": "CVE-2020-36328" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-05-21T00:00:00", "db": "VULHUB", "id": "VHN-391907" }, { "date": "2021-05-21T00:00:00", "db": "VULMON", "id": "CVE-2020-36328" }, { "date": "2022-01-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-016582" }, { "date": "2021-07-23T15:29:39", "db": "PACKETSTORM", "id": "163645" }, { "date": "2021-07-14T15:29:37", "db": "PACKETSTORM", "id": "163504" }, { "date": "2021-06-07T13:58:06", "db": "PACKETSTORM", "id": "162998" }, { "date": "2021-06-09T13:21:49", "db": "PACKETSTORM", "id": "163028" }, { "date": "2021-06-09T13:22:14", "db": "PACKETSTORM", "id": "163029" }, { "date": "2021-06-10T13:39:19", "db": "PACKETSTORM", "id": "163058" }, { "date": "2021-06-10T13:42:06", "db": "PACKETSTORM", "id": "163061" }, { "date": "2021-05-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1380" }, { "date": "2021-05-21T17:15:08.270000", "db": "NVD", "id": "CVE-2020-36328" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-09T00:00:00", "db": "VULHUB", "id": "VHN-391907" }, { "date": "2021-07-23T00:00:00", "db": "VULMON", "id": "CVE-2020-36328" }, { "date": "2022-01-27T09:07:00", "db": "JVNDB", "id": "JVNDB-2018-016582" }, { "date": "2021-11-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1380" }, { "date": "2023-01-09T16:41:59.350000", "db": "NVD", "id": "CVE-2020-36328" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-1380" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "libwebp\u00a0 Out-of-bounds Vulnerability in Microsoft", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-016582" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-1380" } ], "trust": 0.6 } }
rhsa-2021_2328
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for qt5-qtimageformats is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Qt Image Formats in an add-on module for the core Qt Gui library that provides support for additional image formats including MNG, TGA, TIFF, WBMP, and WebP.\n\nSecurity Fix(es):\n\n* libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011)\n\n* libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)\n\n* libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328)\n\n* libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2328", "url": "https://access.redhat.com/errata/RHSA-2021:2328" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1956829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "category": "external", "summary": "1956843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843" }, { "category": "external", "summary": "1956919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, { "category": "external", "summary": "1956927", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2328.json" } ], "title": "Red Hat Security Advisory: qt5-qtimageformats security update", "tracking": { "current_release_date": "2024-11-05T23:41:12+00:00", "generator": { "date": "2024-11-05T23:41:12+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:2328", "initial_release_date": "2021-06-08T22:42:52+00:00", "revision_history": [ { "date": "2021-06-08T22:42:52+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-08T22:42:52+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:41:12+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.src", "product": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.src", "product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "product": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=ppc" } } }, { "category": "product_version", "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "product": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "product": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=ppc64" } } }, { "category": "product_version", "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "product": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "product": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=s390" } } }, { "category": "product_version", "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "product": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=s390" } } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "product": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=s390x" } } }, { "category": "product_version", "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "product": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "product": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=ppc64le" } } }, { "category": "product_version", "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "product": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "product": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=i686" } } }, { "category": "product_version", "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "product": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "product": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "product_id": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats@5.9.7-2.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "product": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "product_id": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats-debuginfo@5.9.7-2.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "product": { "name": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "product_id": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/qt5-qtimageformats-doc@5.9.7-2.el7_9?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.src", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" }, "product_reference": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.src", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" }, "product_reference": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.src", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" }, "product_reference": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.src", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64" }, "product_reference": "qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64" }, "product_reference": "qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" }, "product_reference": "qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "relates_to_product_reference": "7Workstation-optional-7.9.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-25011", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956919" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in PutLE16()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-25011" }, { "category": "external", "summary": "RHBZ#1956919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-25011", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25011" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011" } ], "release_date": "2018-07-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-08T22:42:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2328" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in PutLE16()" }, { "cve": "CVE-2018-25014", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956927" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: use of uninitialized value in ReadSymbol()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7 and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-25014" }, { "category": "external", "summary": "RHBZ#1956927", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-25014", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25014" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25014", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25014" } ], "release_date": "2018-08-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-08T22:42:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2328" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libwebp: use of uninitialized value in ReadSymbol()" }, { "cve": "CVE-2020-36328", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956829" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in WebPDecode*Into functions", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36328" }, { "category": "external", "summary": "RHBZ#1956829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36328", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36328" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-08T22:42:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2328" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions" }, { "cve": "CVE-2020-36329", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956843" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36329" }, { "category": "external", "summary": "RHBZ#1956843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36329", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36329" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-08T22:42:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2328" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Server-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Server-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Server-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.src", "7Workstation-optional-7.9.Z:qt5-qtimageformats-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.i686", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.ppc64le", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.s390x", "7Workstation-optional-7.9.Z:qt5-qtimageformats-debuginfo-0:5.9.7-2.el7_9.x86_64", "7Workstation-optional-7.9.Z:qt5-qtimageformats-doc-0:5.9.7-2.el7_9.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c" } ] }
rhsa-2021_2365
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for libwebp is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011)\n\n* libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328)\n\n* libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2365", "url": "https://access.redhat.com/errata/RHSA-2021:2365" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1956829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "category": "external", "summary": "1956843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843" }, { "category": "external", "summary": "1956919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2365.json" } ], "title": "Red Hat Security Advisory: libwebp security update", "tracking": { "current_release_date": "2024-11-05T23:41:36+00:00", "generator": { "date": "2024-11-05T23:41:36+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:2365", "initial_release_date": "2021-06-09T13:36:17+00:00", "revision_history": [ { "date": "2021-06-09T13:36:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-09T13:36:18+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:41:36+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.1::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-4.el8_1.src", "product": { "name": "libwebp-0:1.0.0-4.el8_1.src", "product_id": "libwebp-0:1.0.0-4.el8_1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-4.el8_1?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-4.el8_1.aarch64", "product": { "name": "libwebp-0:1.0.0-4.el8_1.aarch64", "product_id": "libwebp-0:1.0.0-4.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-4.el8_1?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-4.el8_1.aarch64", "product": { "name": "libwebp-devel-0:1.0.0-4.el8_1.aarch64", "product_id": "libwebp-devel-0:1.0.0-4.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-4.el8_1?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-4.el8_1.aarch64", "product": { "name": "libwebp-debugsource-0:1.0.0-4.el8_1.aarch64", "product_id": "libwebp-debugsource-0:1.0.0-4.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-4.el8_1?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64", "product": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64", "product_id": "libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-4.el8_1?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64", "product_id": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-4.el8_1?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64", "product_id": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-4.el8_1?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-4.el8_1.ppc64le", "product": { "name": "libwebp-0:1.0.0-4.el8_1.ppc64le", "product_id": "libwebp-0:1.0.0-4.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-4.el8_1?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-4.el8_1.ppc64le", "product": { "name": "libwebp-devel-0:1.0.0-4.el8_1.ppc64le", "product_id": "libwebp-devel-0:1.0.0-4.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-4.el8_1?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le", "product": { "name": "libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le", "product_id": "libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-4.el8_1?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le", "product": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le", "product_id": "libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-4.el8_1?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le", "product_id": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-4.el8_1?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le", "product_id": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-4.el8_1?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-4.el8_1.i686", "product": { "name": "libwebp-0:1.0.0-4.el8_1.i686", "product_id": "libwebp-0:1.0.0-4.el8_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-4.el8_1?arch=i686" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-4.el8_1.i686", "product": { "name": "libwebp-devel-0:1.0.0-4.el8_1.i686", "product_id": "libwebp-devel-0:1.0.0-4.el8_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-4.el8_1?arch=i686" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-4.el8_1.i686", "product": { "name": "libwebp-debugsource-0:1.0.0-4.el8_1.i686", "product_id": "libwebp-debugsource-0:1.0.0-4.el8_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-4.el8_1?arch=i686" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.i686", "product": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.i686", "product_id": "libwebp-debuginfo-0:1.0.0-4.el8_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-4.el8_1?arch=i686" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686", "product_id": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-4.el8_1?arch=i686" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686", "product_id": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-4.el8_1?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-4.el8_1.x86_64", "product": { "name": "libwebp-0:1.0.0-4.el8_1.x86_64", "product_id": "libwebp-0:1.0.0-4.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-4.el8_1?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-4.el8_1.x86_64", "product": { "name": "libwebp-devel-0:1.0.0-4.el8_1.x86_64", "product_id": "libwebp-devel-0:1.0.0-4.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-4.el8_1?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-4.el8_1.x86_64", "product": { "name": "libwebp-debugsource-0:1.0.0-4.el8_1.x86_64", "product_id": "libwebp-debugsource-0:1.0.0-4.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-4.el8_1?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64", "product": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64", "product_id": "libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-4.el8_1?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64", "product_id": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-4.el8_1?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64", "product_id": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-4.el8_1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-4.el8_1.s390x", "product": { "name": "libwebp-0:1.0.0-4.el8_1.s390x", "product_id": "libwebp-0:1.0.0-4.el8_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-4.el8_1?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-4.el8_1.s390x", "product": { "name": "libwebp-devel-0:1.0.0-4.el8_1.s390x", "product_id": "libwebp-devel-0:1.0.0-4.el8_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-4.el8_1?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-4.el8_1.s390x", "product": { "name": "libwebp-debugsource-0:1.0.0-4.el8_1.s390x", "product_id": "libwebp-debugsource-0:1.0.0-4.el8_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-4.el8_1?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.s390x", "product": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.s390x", "product_id": "libwebp-debuginfo-0:1.0.0-4.el8_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-4.el8_1?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x", "product_id": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-4.el8_1?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x", "product_id": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-4.el8_1?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-4.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.aarch64" }, "product_reference": "libwebp-0:1.0.0-4.el8_1.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-4.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.i686" }, "product_reference": "libwebp-0:1.0.0-4.el8_1.i686", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-4.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.ppc64le" }, "product_reference": "libwebp-0:1.0.0-4.el8_1.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-4.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.s390x" }, "product_reference": "libwebp-0:1.0.0-4.el8_1.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-4.el8_1.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.src" }, "product_reference": "libwebp-0:1.0.0-4.el8_1.src", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-4.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.x86_64" }, "product_reference": "libwebp-0:1.0.0-4.el8_1.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64" }, "product_reference": "libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.i686" }, "product_reference": "libwebp-debuginfo-0:1.0.0-4.el8_1.i686", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le" }, "product_reference": "libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.s390x" }, "product_reference": "libwebp-debuginfo-0:1.0.0-4.el8_1.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64" }, "product_reference": "libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-4.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.aarch64" }, "product_reference": "libwebp-debugsource-0:1.0.0-4.el8_1.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-4.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.i686" }, "product_reference": "libwebp-debugsource-0:1.0.0-4.el8_1.i686", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le" }, "product_reference": "libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-4.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.s390x" }, "product_reference": "libwebp-debugsource-0:1.0.0-4.el8_1.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-4.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.x86_64" }, "product_reference": "libwebp-debugsource-0:1.0.0-4.el8_1.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-4.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.aarch64" }, "product_reference": "libwebp-devel-0:1.0.0-4.el8_1.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-4.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.i686" }, "product_reference": "libwebp-devel-0:1.0.0-4.el8_1.i686", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-4.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.ppc64le" }, "product_reference": "libwebp-devel-0:1.0.0-4.el8_1.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-4.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.s390x" }, "product_reference": "libwebp-devel-0:1.0.0-4.el8_1.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-4.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.x86_64" }, "product_reference": "libwebp-devel-0:1.0.0-4.el8_1.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)", "product_id": "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-25011", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956919" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in PutLE16()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.src", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-25011" }, { "category": "external", "summary": "RHBZ#1956919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-25011", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25011" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011" } ], "release_date": "2018-07-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-09T13:36:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.src", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2365" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.src", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in PutLE16()" }, { "cve": "CVE-2020-36328", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956829" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in WebPDecode*Into functions", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.src", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36328" }, { "category": "external", "summary": "RHBZ#1956829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36328", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36328" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-09T13:36:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.src", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2365" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.src", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions" }, { "cve": "CVE-2020-36329", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956843" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.src", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36329" }, { "category": "external", "summary": "RHBZ#1956843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36329", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36329" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-09T13:36:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.src", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2365" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.src", "AppStream-8.1.0.Z.EUS:libwebp-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_1.x86_64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.aarch64", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.i686", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.ppc64le", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.s390x", "AppStream-8.1.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c" } ] }
rhsa-2021_2364
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011)\n\n* libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328)\n\n* libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2364", "url": "https://access.redhat.com/errata/RHSA-2021:2364" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1956829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "category": "external", "summary": "1956843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843" }, { "category": "external", "summary": "1956919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2364.json" } ], "title": "Red Hat Security Advisory: libwebp security update", "tracking": { "current_release_date": "2024-11-05T23:41:28+00:00", "generator": { "date": "2024-11-05T23:41:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:2364", "initial_release_date": "2021-06-09T13:55:20+00:00", "revision_history": [ { "date": "2021-06-09T13:55:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-09T13:55:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:41:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.2::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-4.el8_2.src", "product": { "name": "libwebp-0:1.0.0-4.el8_2.src", "product_id": "libwebp-0:1.0.0-4.el8_2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-4.el8_2?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-4.el8_2.aarch64", "product": { "name": "libwebp-0:1.0.0-4.el8_2.aarch64", "product_id": "libwebp-0:1.0.0-4.el8_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-4.el8_2?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-4.el8_2.aarch64", "product": { "name": "libwebp-devel-0:1.0.0-4.el8_2.aarch64", "product_id": "libwebp-devel-0:1.0.0-4.el8_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-4.el8_2?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-4.el8_2.aarch64", "product": { "name": "libwebp-debugsource-0:1.0.0-4.el8_2.aarch64", "product_id": "libwebp-debugsource-0:1.0.0-4.el8_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-4.el8_2?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64", "product": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64", "product_id": "libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-4.el8_2?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64", "product_id": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-4.el8_2?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64", "product_id": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-4.el8_2?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-4.el8_2.ppc64le", "product": { "name": "libwebp-0:1.0.0-4.el8_2.ppc64le", "product_id": "libwebp-0:1.0.0-4.el8_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-4.el8_2?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-4.el8_2.ppc64le", "product": { "name": "libwebp-devel-0:1.0.0-4.el8_2.ppc64le", "product_id": "libwebp-devel-0:1.0.0-4.el8_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-4.el8_2?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le", "product": { "name": "libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le", "product_id": "libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-4.el8_2?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le", "product": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le", "product_id": "libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-4.el8_2?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le", "product_id": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-4.el8_2?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le", "product_id": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-4.el8_2?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-4.el8_2.i686", "product": { "name": "libwebp-0:1.0.0-4.el8_2.i686", "product_id": "libwebp-0:1.0.0-4.el8_2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-4.el8_2?arch=i686" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-4.el8_2.i686", "product": { "name": "libwebp-devel-0:1.0.0-4.el8_2.i686", "product_id": "libwebp-devel-0:1.0.0-4.el8_2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-4.el8_2?arch=i686" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-4.el8_2.i686", "product": { "name": "libwebp-debugsource-0:1.0.0-4.el8_2.i686", "product_id": "libwebp-debugsource-0:1.0.0-4.el8_2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-4.el8_2?arch=i686" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.i686", "product": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.i686", "product_id": "libwebp-debuginfo-0:1.0.0-4.el8_2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-4.el8_2?arch=i686" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686", "product_id": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-4.el8_2?arch=i686" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686", "product_id": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-4.el8_2?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-4.el8_2.x86_64", "product": { "name": "libwebp-0:1.0.0-4.el8_2.x86_64", "product_id": "libwebp-0:1.0.0-4.el8_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-4.el8_2?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-4.el8_2.x86_64", "product": { "name": "libwebp-devel-0:1.0.0-4.el8_2.x86_64", "product_id": "libwebp-devel-0:1.0.0-4.el8_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-4.el8_2?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-4.el8_2.x86_64", "product": { "name": "libwebp-debugsource-0:1.0.0-4.el8_2.x86_64", "product_id": "libwebp-debugsource-0:1.0.0-4.el8_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-4.el8_2?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64", "product": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64", "product_id": "libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-4.el8_2?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64", "product_id": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-4.el8_2?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64", "product_id": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-4.el8_2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-4.el8_2.s390x", "product": { "name": "libwebp-0:1.0.0-4.el8_2.s390x", "product_id": "libwebp-0:1.0.0-4.el8_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-4.el8_2?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-4.el8_2.s390x", "product": { "name": "libwebp-devel-0:1.0.0-4.el8_2.s390x", "product_id": "libwebp-devel-0:1.0.0-4.el8_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-4.el8_2?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-4.el8_2.s390x", "product": { "name": "libwebp-debugsource-0:1.0.0-4.el8_2.s390x", "product_id": "libwebp-debugsource-0:1.0.0-4.el8_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-4.el8_2?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.s390x", "product": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.s390x", "product_id": "libwebp-debuginfo-0:1.0.0-4.el8_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-4.el8_2?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x", "product_id": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-4.el8_2?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x", "product_id": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-4.el8_2?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-4.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.aarch64" }, "product_reference": "libwebp-0:1.0.0-4.el8_2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-4.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.i686" }, "product_reference": "libwebp-0:1.0.0-4.el8_2.i686", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-4.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.ppc64le" }, "product_reference": "libwebp-0:1.0.0-4.el8_2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-4.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.s390x" }, "product_reference": "libwebp-0:1.0.0-4.el8_2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-4.el8_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.src" }, "product_reference": "libwebp-0:1.0.0-4.el8_2.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-4.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.x86_64" }, "product_reference": "libwebp-0:1.0.0-4.el8_2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64" }, "product_reference": "libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.i686" }, "product_reference": "libwebp-debuginfo-0:1.0.0-4.el8_2.i686", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le" }, "product_reference": "libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.s390x" }, "product_reference": "libwebp-debuginfo-0:1.0.0-4.el8_2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64" }, "product_reference": "libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-4.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.aarch64" }, "product_reference": "libwebp-debugsource-0:1.0.0-4.el8_2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-4.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.i686" }, "product_reference": "libwebp-debugsource-0:1.0.0-4.el8_2.i686", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le" }, "product_reference": "libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-4.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.s390x" }, "product_reference": "libwebp-debugsource-0:1.0.0-4.el8_2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-4.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.x86_64" }, "product_reference": "libwebp-debugsource-0:1.0.0-4.el8_2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-4.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.aarch64" }, "product_reference": "libwebp-devel-0:1.0.0-4.el8_2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-4.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.i686" }, "product_reference": "libwebp-devel-0:1.0.0-4.el8_2.i686", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-4.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.ppc64le" }, "product_reference": "libwebp-devel-0:1.0.0-4.el8_2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-4.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.s390x" }, "product_reference": "libwebp-devel-0:1.0.0-4.el8_2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-4.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.x86_64" }, "product_reference": "libwebp-devel-0:1.0.0-4.el8_2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-25011", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956919" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in PutLE16()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.src", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-25011" }, { "category": "external", "summary": "RHBZ#1956919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-25011", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25011" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011" } ], "release_date": "2018-07-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-09T13:55:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.src", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2364" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.src", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in PutLE16()" }, { "cve": "CVE-2020-36328", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956829" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in WebPDecode*Into functions", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.src", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36328" }, { "category": "external", "summary": "RHBZ#1956829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36328", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36328" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-09T13:55:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.src", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2364" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.src", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions" }, { "cve": "CVE-2020-36329", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956843" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.src", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36329" }, { "category": "external", "summary": "RHBZ#1956843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36329", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36329" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-09T13:55:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.src", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2364" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.src", "AppStream-8.2.0.Z.EUS:libwebp-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-debugsource-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-devel-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-java-debuginfo-0:1.0.0-4.el8_2.x86_64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.aarch64", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.i686", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.ppc64le", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.s390x", "AppStream-8.2.0.Z.EUS:libwebp-tools-debuginfo-0:1.0.0-4.el8_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c" } ] }
rhsa-2021_2260
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for libwebp is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011)\n\n* libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328)\n\n* libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2260", "url": "https://access.redhat.com/errata/RHSA-2021:2260" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1956829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "category": "external", "summary": "1956843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843" }, { "category": "external", "summary": "1956919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2260.json" } ], "title": "Red Hat Security Advisory: libwebp security update", "tracking": { "current_release_date": "2024-11-05T23:38:58+00:00", "generator": { "date": "2024-11-05T23:38:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:2260", "initial_release_date": "2021-06-07T12:29:03+00:00", "revision_history": [ { "date": "2021-06-07T12:29:03+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-07T12:29:03+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:38:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Client (v. 7)", "product": { "name": "Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:0.3.0-10.el7_9.src", "product": { "name": "libwebp-0:0.3.0-10.el7_9.src", "product_id": "libwebp-0:0.3.0-10.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@0.3.0-10.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:0.3.0-10.el7_9.i686", "product": { "name": "libwebp-0:0.3.0-10.el7_9.i686", "product_id": "libwebp-0:0.3.0-10.el7_9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@0.3.0-10.el7_9?arch=i686" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "product": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "product_id": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@0.3.0-10.el7_9?arch=i686" } } }, { "category": "product_version", "name": "libwebp-devel-0:0.3.0-10.el7_9.i686", "product": { "name": "libwebp-devel-0:0.3.0-10.el7_9.i686", "product_id": "libwebp-devel-0:0.3.0-10.el7_9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@0.3.0-10.el7_9?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:0.3.0-10.el7_9.x86_64", "product": { "name": "libwebp-0:0.3.0-10.el7_9.x86_64", "product_id": "libwebp-0:0.3.0-10.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@0.3.0-10.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "product": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "product_id": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@0.3.0-10.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-devel-0:0.3.0-10.el7_9.x86_64", "product": { "name": "libwebp-devel-0:0.3.0-10.el7_9.x86_64", "product_id": "libwebp-devel-0:0.3.0-10.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@0.3.0-10.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-java-0:0.3.0-10.el7_9.x86_64", "product": { "name": "libwebp-java-0:0.3.0-10.el7_9.x86_64", "product_id": "libwebp-java-0:0.3.0-10.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java@0.3.0-10.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-tools-0:0.3.0-10.el7_9.x86_64", "product": { "name": "libwebp-tools-0:0.3.0-10.el7_9.x86_64", "product_id": "libwebp-tools-0:0.3.0-10.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools@0.3.0-10.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:0.3.0-10.el7_9.ppc", "product": { "name": "libwebp-0:0.3.0-10.el7_9.ppc", "product_id": "libwebp-0:0.3.0-10.el7_9.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@0.3.0-10.el7_9?arch=ppc" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "product": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "product_id": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@0.3.0-10.el7_9?arch=ppc" } } }, { "category": "product_version", "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc", "product": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc", "product_id": "libwebp-devel-0:0.3.0-10.el7_9.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@0.3.0-10.el7_9?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:0.3.0-10.el7_9.ppc64", "product": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64", "product_id": "libwebp-0:0.3.0-10.el7_9.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@0.3.0-10.el7_9?arch=ppc64" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "product": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "product_id": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@0.3.0-10.el7_9?arch=ppc64" } } }, { "category": "product_version", "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64", "product": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64", "product_id": "libwebp-devel-0:0.3.0-10.el7_9.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@0.3.0-10.el7_9?arch=ppc64" } } }, { "category": "product_version", "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64", "product": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64", "product_id": "libwebp-java-0:0.3.0-10.el7_9.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java@0.3.0-10.el7_9?arch=ppc64" } } }, { "category": "product_version", "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64", "product": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64", "product_id": "libwebp-tools-0:0.3.0-10.el7_9.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools@0.3.0-10.el7_9?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:0.3.0-10.el7_9.s390", "product": { "name": "libwebp-0:0.3.0-10.el7_9.s390", "product_id": "libwebp-0:0.3.0-10.el7_9.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@0.3.0-10.el7_9?arch=s390" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "product": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "product_id": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@0.3.0-10.el7_9?arch=s390" } } }, { "category": "product_version", "name": "libwebp-devel-0:0.3.0-10.el7_9.s390", "product": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390", "product_id": "libwebp-devel-0:0.3.0-10.el7_9.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@0.3.0-10.el7_9?arch=s390" } } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:0.3.0-10.el7_9.s390x", "product": { "name": "libwebp-0:0.3.0-10.el7_9.s390x", "product_id": "libwebp-0:0.3.0-10.el7_9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@0.3.0-10.el7_9?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "product": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "product_id": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@0.3.0-10.el7_9?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-devel-0:0.3.0-10.el7_9.s390x", "product": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390x", "product_id": "libwebp-devel-0:0.3.0-10.el7_9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@0.3.0-10.el7_9?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-java-0:0.3.0-10.el7_9.s390x", "product": { "name": "libwebp-java-0:0.3.0-10.el7_9.s390x", "product_id": "libwebp-java-0:0.3.0-10.el7_9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java@0.3.0-10.el7_9?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-tools-0:0.3.0-10.el7_9.s390x", "product": { "name": "libwebp-tools-0:0.3.0-10.el7_9.s390x", "product_id": "libwebp-tools-0:0.3.0-10.el7_9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools@0.3.0-10.el7_9?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:0.3.0-10.el7_9.ppc64le", "product": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64le", "product_id": "libwebp-0:0.3.0-10.el7_9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@0.3.0-10.el7_9?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "product": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "product_id": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@0.3.0-10.el7_9?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "product": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "product_id": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@0.3.0-10.el7_9?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64le", "product": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64le", "product_id": "libwebp-java-0:0.3.0-10.el7_9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java@0.3.0-10.el7_9?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "product": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "product_id": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools@0.3.0-10.el7_9?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.src" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.src", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Client-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.src", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.src", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.src" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.src", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Server-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.src", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.src" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.src", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Workstation-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.src", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.i686", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-devel-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-java-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.s390x", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-0:0.3.0-10.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" }, "product_reference": "libwebp-tools-0:0.3.0-10.el7_9.x86_64", "relates_to_product_reference": "7Workstation-optional-7.9.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-25011", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956919" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in PutLE16()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-25011" }, { "category": "external", "summary": "RHBZ#1956919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-25011", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25011" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011" } ], "release_date": "2018-07-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-07T12:29:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2260" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in PutLE16()" }, { "cve": "CVE-2020-36328", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956829" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in WebPDecode*Into functions", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36328" }, { "category": "external", "summary": "RHBZ#1956829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36328", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36328" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-07T12:29:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2260" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions" }, { "cve": "CVE-2020-36329", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956843" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36329" }, { "category": "external", "summary": "RHBZ#1956843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36329", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36329" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-07T12:29:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2260" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Client-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Client-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7ComputeNode-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7ComputeNode-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Server-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Server-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.src", "7Workstation-optional-7.9.Z:libwebp-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-debuginfo-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.i686", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-devel-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-java-0:0.3.0-10.el7_9.x86_64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.ppc64le", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.s390x", "7Workstation-optional-7.9.Z:libwebp-tools-0:0.3.0-10.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c" } ] }
rhsa-2021_2354
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for libwebp is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011)\n\n* libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328)\n\n* libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2354", "url": "https://access.redhat.com/errata/RHSA-2021:2354" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1956829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "category": "external", "summary": "1956843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843" }, { "category": "external", "summary": "1956919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2354.json" } ], "title": "Red Hat Security Advisory: libwebp security update", "tracking": { "current_release_date": "2024-11-05T23:40:54+00:00", "generator": { "date": "2024-11-05T23:40:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:2354", "initial_release_date": "2021-06-09T00:32:03+00:00", "revision_history": [ { "date": "2021-06-09T00:32:03+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-09T00:32:03+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:40:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-3.el8_4.src", "product": { "name": "libwebp-0:1.0.0-3.el8_4.src", "product_id": "libwebp-0:1.0.0-3.el8_4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-3.el8_4?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-3.el8_4.aarch64", "product": { "name": "libwebp-0:1.0.0-3.el8_4.aarch64", "product_id": "libwebp-0:1.0.0-3.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-3.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-3.el8_4.aarch64", "product": { "name": "libwebp-devel-0:1.0.0-3.el8_4.aarch64", "product_id": "libwebp-devel-0:1.0.0-3.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-3.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-3.el8_4.aarch64", "product": { "name": "libwebp-debugsource-0:1.0.0-3.el8_4.aarch64", "product_id": "libwebp-debugsource-0:1.0.0-3.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-3.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64", "product": { "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64", "product_id": "libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-3.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64", "product_id": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-3.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64", "product_id": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-3.el8_4?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-3.el8_4.ppc64le", "product": { "name": "libwebp-0:1.0.0-3.el8_4.ppc64le", "product_id": "libwebp-0:1.0.0-3.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-3.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-3.el8_4.ppc64le", "product": { "name": "libwebp-devel-0:1.0.0-3.el8_4.ppc64le", "product_id": "libwebp-devel-0:1.0.0-3.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-3.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le", "product": { "name": "libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le", "product_id": "libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-3.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le", "product": { "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le", "product_id": "libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-3.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le", "product_id": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-3.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le", "product_id": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-3.el8_4?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-3.el8_4.i686", "product": { "name": "libwebp-0:1.0.0-3.el8_4.i686", "product_id": "libwebp-0:1.0.0-3.el8_4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-3.el8_4?arch=i686" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-3.el8_4.i686", "product": { "name": "libwebp-devel-0:1.0.0-3.el8_4.i686", "product_id": "libwebp-devel-0:1.0.0-3.el8_4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-3.el8_4?arch=i686" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-3.el8_4.i686", "product": { "name": "libwebp-debugsource-0:1.0.0-3.el8_4.i686", "product_id": "libwebp-debugsource-0:1.0.0-3.el8_4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-3.el8_4?arch=i686" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.i686", "product": { "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.i686", "product_id": "libwebp-debuginfo-0:1.0.0-3.el8_4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-3.el8_4?arch=i686" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686", "product_id": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-3.el8_4?arch=i686" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686", "product_id": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-3.el8_4?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-3.el8_4.x86_64", "product": { "name": "libwebp-0:1.0.0-3.el8_4.x86_64", "product_id": "libwebp-0:1.0.0-3.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-3.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-3.el8_4.x86_64", "product": { "name": "libwebp-devel-0:1.0.0-3.el8_4.x86_64", "product_id": "libwebp-devel-0:1.0.0-3.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-3.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-3.el8_4.x86_64", "product": { "name": "libwebp-debugsource-0:1.0.0-3.el8_4.x86_64", "product_id": "libwebp-debugsource-0:1.0.0-3.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-3.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64", "product": { "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64", "product_id": "libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-3.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64", "product_id": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-3.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64", "product_id": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-3.el8_4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libwebp-0:1.0.0-3.el8_4.s390x", "product": { "name": "libwebp-0:1.0.0-3.el8_4.s390x", "product_id": "libwebp-0:1.0.0-3.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp@1.0.0-3.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-devel-0:1.0.0-3.el8_4.s390x", "product": { "name": "libwebp-devel-0:1.0.0-3.el8_4.s390x", "product_id": "libwebp-devel-0:1.0.0-3.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-devel@1.0.0-3.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-debugsource-0:1.0.0-3.el8_4.s390x", "product": { "name": "libwebp-debugsource-0:1.0.0-3.el8_4.s390x", "product_id": "libwebp-debugsource-0:1.0.0-3.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debugsource@1.0.0-3.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.s390x", "product": { "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.s390x", "product_id": "libwebp-debuginfo-0:1.0.0-3.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-debuginfo@1.0.0-3.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x", "product": { "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x", "product_id": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-java-debuginfo@1.0.0-3.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x", "product": { "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x", "product_id": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libwebp-tools-debuginfo@1.0.0-3.el8_4?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-3.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.aarch64" }, "product_reference": "libwebp-0:1.0.0-3.el8_4.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-3.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.i686" }, "product_reference": "libwebp-0:1.0.0-3.el8_4.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-3.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.ppc64le" }, "product_reference": "libwebp-0:1.0.0-3.el8_4.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-3.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.s390x" }, "product_reference": "libwebp-0:1.0.0-3.el8_4.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-3.el8_4.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.src" }, "product_reference": "libwebp-0:1.0.0-3.el8_4.src", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-0:1.0.0-3.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.x86_64" }, "product_reference": "libwebp-0:1.0.0-3.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64" }, "product_reference": "libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.i686" }, "product_reference": "libwebp-debuginfo-0:1.0.0-3.el8_4.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le" }, "product_reference": "libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.s390x" }, "product_reference": "libwebp-debuginfo-0:1.0.0-3.el8_4.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64" }, "product_reference": "libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-3.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.aarch64" }, "product_reference": "libwebp-debugsource-0:1.0.0-3.el8_4.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-3.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.i686" }, "product_reference": "libwebp-debugsource-0:1.0.0-3.el8_4.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le" }, "product_reference": "libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-3.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.s390x" }, "product_reference": "libwebp-debugsource-0:1.0.0-3.el8_4.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-debugsource-0:1.0.0-3.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.x86_64" }, "product_reference": "libwebp-debugsource-0:1.0.0-3.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-3.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.aarch64" }, "product_reference": "libwebp-devel-0:1.0.0-3.el8_4.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-3.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.i686" }, "product_reference": "libwebp-devel-0:1.0.0-3.el8_4.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-3.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.ppc64le" }, "product_reference": "libwebp-devel-0:1.0.0-3.el8_4.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-3.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.s390x" }, "product_reference": "libwebp-devel-0:1.0.0-3.el8_4.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-devel-0:1.0.0-3.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.x86_64" }, "product_reference": "libwebp-devel-0:1.0.0-3.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64" }, "product_reference": "libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64" }, "product_reference": "libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-25011", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956919" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in PutLE16()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-25011" }, { "category": "external", "summary": "RHBZ#1956919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-25011", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25011" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011" } ], "release_date": "2018-07-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-09T00:32:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in PutLE16()" }, { "cve": "CVE-2020-36328", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956829" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in WebPDecode*Into functions", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36328" }, { "category": "external", "summary": "RHBZ#1956829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36328", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36328" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-09T00:32:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions" }, { "cve": "CVE-2020-36329", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956843" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36329" }, { "category": "external", "summary": "RHBZ#1956843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36329", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36329" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-09T00:32:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2354" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.src", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-debugsource-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-devel-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-java-debuginfo-0:1.0.0-3.el8_4.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.i686", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libwebp-tools-debuginfo-0:1.0.0-3.el8_4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c" } ] }
rhba-2021_2854
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The Migration Toolkit for Containers (MTC) 1.4.6 is now available.", "title": "Topic" }, { "category": "general", "text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHBA-2021:2854", "url": "https://access.redhat.com/errata/RHBA-2021:2854" }, { "category": "external", "summary": "1981537", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981537" }, { "category": "external", "summary": "1981794", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981794" }, { "category": "external", "summary": "MIG-752", "url": "https://issues.redhat.com/browse/MIG-752" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhba-2021_2854.json" } ], "title": "Red Hat Bug Fix Advisory: Migration Toolkit for Containers (MTC) 1.4.6 release advisory", "tracking": { "current_release_date": "2024-11-05T15:59:21+00:00", "generator": { "date": "2024-11-05T15:59:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHBA-2021:2854", "initial_release_date": "2021-07-21T17:05:20+00:00", "revision_history": [ { "date": "2021-07-21T17:05:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-07-21T17:05:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T15:59:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "8Base-RHMTC-1.4", "product": { "name": "8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhmt:1.4::el8" } } }, { "category": "product_name", "name": "7Server-RHMTC-1.4", "product": { "name": "7Server-RHMTC-1.4", "product_id": "7Server-RHMTC-1.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhmt:1.4::el7" } } } ], "category": "product_family", "name": "Red Hat Migration Toolkit" }, { "branches": [ { "category": "product_version", "name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "product": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "product": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "product": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "product": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.4.6-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "product": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "product": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "product": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "product": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.4.6-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.4.6-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "product": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.4.6-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64", "product": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64", "product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.4.6-4" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 as a component of 7Server-RHMTC-1.4", "product_id": "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64" }, "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "relates_to_product_reference": "7Server-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64" }, "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64" }, "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64" }, "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64" }, "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64" }, "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64" }, "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" }, "product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-25011", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956919" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in PutLE16()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-25011" }, { "category": "external", "summary": "RHBZ#1956919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-25011", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25011" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011" } ], "release_date": "2018-07-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in PutLE16()" }, { "acknowledgments": [ { "names": [ "the Mozilla project" ] } ], "cve": "CVE-2020-25648", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2020-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887319" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nss: TLS 1.3 CCS flood remote DoS Attack", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects servers that are compiled with the NSS library and when the TLS 1.3 protocol is used.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25648" }, { "category": "external", "summary": "RHBZ#1887319", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887319" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25648", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25648" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25648", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25648" }, { "category": "external", "summary": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes" } ], "release_date": "2020-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nss: TLS 1.3 CCS flood remote DoS Attack" }, { "cve": "CVE-2020-25692", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2020-11-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1894567" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "openldap: NULL pointer dereference for unauthenticated packet in slapd", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability affects the server side only. As a result, OpenLDAP client components, such as the component shipped in Red Hat Enterprise Linux 8, are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25692" }, { "category": "external", "summary": "RHBZ#1894567", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894567" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25692", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25692" } ], "release_date": "2020-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openldap: NULL pointer dereference for unauthenticated packet in slapd" }, { "cve": "CVE-2020-26541", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-10-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1886285" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of service problem.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: security bypass in certs/blacklist.c and certs/system_keyring.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26541" }, { "category": "external", "summary": "RHBZ#1886285", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886285" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26541", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26541" } ], "release_date": "2020-09-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: security bypass in certs/blacklist.c and certs/system_keyring.c" }, { "cve": "CVE-2020-27216", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2020-10-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1891132" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system\u0027s temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: local temporary directory hijacking vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-27216" }, { "category": "external", "summary": "RHBZ#1891132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891132" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27216", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27216" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053" } ], "release_date": "2020-10-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" }, { "category": "workaround", "details": "Jetty users should create temp folders outside the normal /tmp structure, and ensure that their permissions are set so as not to be accessible by an attacker.", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: local temporary directory hijacking vulnerability" }, { "cve": "CVE-2020-27218", "cwe": { "id": "CWE-226", "name": "Sensitive Information in Resource Not Removed Before Reuse" }, "discovery_date": "2020-11-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1902826" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: buffer not correctly recycled in Gzip Request inflation", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-27218" }, { "category": "external", "summary": "RHBZ#1902826", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902826" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27218", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27218" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27218", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27218" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8" } ], "release_date": "2020-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: buffer not correctly recycled in Gzip Request inflation" }, { "cve": "CVE-2020-27223", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1934116" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-27223" }, { "category": "external", "summary": "RHBZ#1934116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27223", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27223" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7" } ], "release_date": "2021-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS" }, { "cve": "CVE-2020-36328", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956829" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in WebPDecode*Into functions", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36328" }, { "category": "external", "summary": "RHBZ#1956829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36328", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36328" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions" }, { "cve": "CVE-2020-36329", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956843" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36329" }, { "category": "external", "summary": "RHBZ#1956843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36329", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36329" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3516", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954225" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2\u0027s xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "The only known exploitation path of this flaw is via the xmllint tool.\n\nThis flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3516" }, { "category": "external", "summary": "RHBZ#1954225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3516", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3516" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" }, { "category": "workaround", "details": "This flaw can be mitigated by not using xmllint with the --html and --push options together.", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3517", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954232" } ], "notes": [ { "category": "description", "text": "There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3517" }, { "category": "external", "summary": "RHBZ#1954232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3518", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954242" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3518" }, { "category": "external", "summary": "RHBZ#1954242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3518", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c" }, { "cve": "CVE-2021-3520", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954559" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.", "title": "Vulnerability description" }, { "category": "summary", "text": "lz4: memory corruption due to an integer overflow bug caused by memmove argument", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3520" }, { "category": "external", "summary": "RHBZ#1954559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3520", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3520" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520" } ], "release_date": "2021-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "lz4: memory corruption due to an integer overflow bug caused by memmove argument" }, { "acknowledgments": [ { "names": [ "yuawn" ], "organization": "NSLab NTU Taiwan" } ], "cve": "CVE-2021-3537", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956522" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode", "title": "Vulnerability summary" }, { "category": "other", "text": "For the flaw to be exploitable, the document must be parsed in recovery mode and post validated (e.g.: when used in the `xmlling` tool, both `-recover` and `-postvalid` options must be used for the flaw to be exploitable)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3537" }, { "category": "external", "summary": "RHBZ#1956522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3537", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3537" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537" } ], "release_date": "2021-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode" }, { "acknowledgments": [ { "names": [ "Sebastian Pipping" ] } ], "cve": "CVE-2021-3541", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1950515" } ], "notes": [ { "category": "description", "text": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3541" }, { "category": "external", "summary": "RHBZ#1950515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3541", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541" } ], "release_date": "2021-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms" }, { "acknowledgments": [ { "names": [ "Demi M. Obenour" ] } ], "cve": "CVE-2021-20271", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "discovery_date": "2021-03-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1934125" } ], "notes": [ { "category": "description", "text": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "rpm: Signature checks bypass via corrupted rpm package", "title": "Vulnerability summary" }, { "category": "other", "text": "To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM. It is strongly recommended to only use RPMs from trusted repositories.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20271" }, { "category": "external", "summary": "RHBZ#1934125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20271", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20271" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20271", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20271" } ], "release_date": "2021-03-11T22:53:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rpm: Signature checks bypass via corrupted rpm package" }, { "cve": "CVE-2021-21642", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1952146" } ], "notes": [ { "category": "description", "text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn\u0027t configure to prevent XML external entity (XXE) attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21642" }, { "category": "external", "summary": "RHBZ#1952146", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952146" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21642", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21642" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21642", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21642" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2204", "url": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2204" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks." }, { "cve": "CVE-2021-21643", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1952148" } ], "notes": [ { "category": "description", "text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21643" }, { "category": "external", "summary": "RHBZ#1952148", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952148" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21643", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21643" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21643", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21643" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254", "url": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints." }, { "cve": "CVE-2021-21644", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1952151" } ], "notes": [ { "category": "description", "text": "A cross-site request forgery (CSRF) vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21644" }, { "category": "external", "summary": "RHBZ#1952151", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952151" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21644", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21644" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21644", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21644" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability." }, { "cve": "CVE-2021-21645", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1952152" } ], "notes": [ { "category": "description", "text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21645" }, { "category": "external", "summary": "RHBZ#1952152", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952152" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21645", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21645" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21645", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21645" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints." }, { "cve": "CVE-2021-27219", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1929858" } ], "notes": [ { "category": "description", "text": "An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits", "title": "Vulnerability summary" }, { "category": "other", "text": "Applications that just use GBytes to access the data are affected by this flaw but the highest threat is to data confidentiality and/or the application availability, due to possible out-of-bounds reads. However, if the data in GBytes is taken through functions such as g_bytes_unref_to_data or g_bytes_unref_to_array it might be possible to have out-of-bounds writes due to the wrongly reported size of the buffer.\n\nApplications that use g_memdup to duplicate memory with user-controlled sizes should pay extra attention to the fact that g_memdup accepts a guint size instead of gsize. Thus directly passing a gsize value to g_memdup may results in integer truncation, allocating a buffer smaller than expected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27219" }, { "category": "external", "summary": "RHBZ#1929858", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929858" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27219", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27219" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27219", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27219" } ], "release_date": "2021-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33034", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-05-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1961305" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33034" }, { "category": "external", "summary": "RHBZ#1961305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33034", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33034" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33034", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33034" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3" }, { "category": "external", "summary": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl", "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl" }, { "category": "external", "summary": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1", "url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1" } ], "release_date": "2021-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-21T17:05:20+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan" } ] }
gsd-2020-36328
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2020-36328", "description": "A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GSD-2020-36328", "references": [ "https://www.suse.com/security/cve/CVE-2020-36328.html", "https://www.debian.org/security/2021/dsa-4930", "https://access.redhat.com/errata/RHBA-2021:2854", "https://access.redhat.com/errata/RHSA-2021:2365", "https://access.redhat.com/errata/RHSA-2021:2364", "https://access.redhat.com/errata/RHSA-2021:2354", "https://access.redhat.com/errata/RHSA-2021:2328", "https://access.redhat.com/errata/RHSA-2021:2260", "https://ubuntu.com/security/CVE-2020-36328", "https://alas.aws.amazon.com/cve/html/CVE-2020-36328.html", "https://linux.oracle.com/cve/CVE-2020-36328.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-36328" ], "details": "A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GSD-2020-36328", "modified": "2023-12-13T01:21:55.467633Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-36328", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "libwebp", "version": { "version_data": [ { "version_value": "libwebp 1.0.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" }, { "name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html" }, { "name": "DSA-4930", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4930" }, { "name": "https://support.apple.com/kb/HT212601", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212601" }, { "name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Jul/54" }, { "name": "https://security.netapp.com/advisory/ntap-20211112-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211112-0001/" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c1.0.1", "affected_versions": "All versions before 1.0.1", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-787", "CWE-937" ], "date": "2021-12-01", "description": "A heap-based buffer overflow in function `WebPDecodeRGBInto` is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "fixed_versions": [ "1.0.3" ], "identifier": "CVE-2020-36328", "identifiers": [ "CVE-2020-36328" ], "not_impacted": "All versions starting from 1.0.1", "package_slug": "conan/libwebp", "pubdate": "2021-05-21", "solution": "Upgrade to version 1.0.3 or above.", "title": "Out-of-bounds Write", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-36328", "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" ], "uuid": "814bf4c1-49aa-4ee9-851b-8845abc869c6" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:ipados:14.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:14.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-36328" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829", "refsource": "MISC", "tags": [ "Issue Tracking", "Patch", "Release Notes", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" }, { "name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html" }, { "name": "DSA-4930", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4930" }, { "name": "https://support.apple.com/kb/HT212601", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT212601" }, { "name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", "refsource": "FULLDISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2021/Jul/54" }, { "name": "https://security.netapp.com/advisory/ntap-20211112-0001/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20211112-0001/" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } }, "lastModifiedDate": "2023-01-09T16:41Z", "publishedDate": "2021-05-21T17:15Z" } } }
ghsa-jxwm-333p-5cwx
Vulnerability from github
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
{ "affected": [], "aliases": [ "CVE-2020-36328" ], "database_specific": { "cwe_ids": [ "CWE-119", "CWE-787" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2021-05-21T17:15:00Z", "severity": "CRITICAL" }, "details": "A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "id": "GHSA-jxwm-333p-5cwx", "modified": "2023-01-09T18:30:22Z", "published": "2022-05-24T19:02:55Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20211112-0001" }, { "type": "WEB", "url": "https://support.apple.com/kb/HT212601" }, { "type": "WEB", "url": "https://www.debian.org/security/2021/dsa-4930" }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2021/Jul/54" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.