Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-4863 (GCVE-0-2023-4863)
Vulnerability from cvelistv5 – Published: 2023-09-12 14:24 – Updated: 2025-10-21 23:05
VLAI
EPSS
CISA KEV
Summary
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Severity
8.8 (High)
CWE
- Heap buffer overflow
Assigner
References
45 references
Impacted products
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 75d8c2b1-8c26-406a-b06a-7d4b7a0a022c
Exploited: Yes
Timestamps
First Seen: 2023-09-13
Asserted: 2023-09-13
Scope
Notes: KEV entry: Google Chromium WebP Heap-Based Buffer Overflow Vulnerability | Affected: Google / Chromium WebP | Description: Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-787 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Chromium WebP |
| Due Date | 2023-10-04 |
| Date Added | 2023-09-13 |
| Vendorproject | |
| Vulnerabilityname | Google Chromium WebP Heap-Based Buffer Overflow Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 13:24 UTC
| Updated: 2026-02-06 07:53 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:48:10.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1479274"
},
{
"tags": [
"x_transferred"
],
"url": "https://en.bandisoft.com/honeyview/history/"
},
{
"tags": [
"x_transferred"
],
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37478403"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5496"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5497"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5498"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-05"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.isosceles.com/the-webp-0day/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
},
{
"tags": [
"x_transferred"
],
"url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bentley.com/advisories/be-2023-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-10"
},
{
"url": "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4863",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-28T05:00:18.341149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-09-13",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:38.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-13T00:00:00.000Z",
"value": "CVE-2023-4863 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "116.0.5845.187",
"status": "affected",
"version": "116.0.5845.187",
"versionType": "custom"
}
]
},
{
"product": "libwebp",
"vendor": "Google",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "1.3.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap buffer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-07T11:07:27.027Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"
},
{
"url": "https://crbug.com/1479274"
},
{
"url": "https://en.bandisoft.com/honeyview/history/"
},
{
"url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"
},
{
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"
},
{
"url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2023-4863"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231"
},
{
"url": "https://news.ycombinator.com/item?id=37478403"
},
{
"url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5496"
},
{
"url": "https://www.debian.org/security/2023/dsa-5497"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5498"
},
{
"url": "https://security.gentoo.org/glsa/202309-05"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
},
{
"url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"
},
{
"url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/21/4"
},
{
"url": "https://blog.isosceles.com/the-webp-0day/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230929-0011/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"
},
{
"url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"
},
{
"url": "https://www.bentley.com/advisories/be-2023-0001/"
},
{
"url": "https://security.gentoo.org/glsa/202401-10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-4863",
"datePublished": "2023-09-12T14:24:59.275Z",
"dateReserved": "2023-09-09T01:02:58.312Z",
"dateUpdated": "2025-10-21T23:05:38.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2023-4863",
"cwes": "[\"CWE-787\"]",
"dateAdded": "2023-09-13",
"dueDate": "2023-10-04",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863",
"product": "Chromium WebP",
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.",
"vendorProject": "Google",
"vulnerabilityName": "Google Chromium WebP Heap-Based Buffer Overflow Vulnerability"
},
"epss": {
"cve": "CVE-2023-4863",
"date": "2026-05-28",
"epss": "0.93301",
"percentile": "0.99815"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-4863\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2023-09-12T15:15:24.327\",\"lastModified\":\"2025-10-24T14:07:28.793\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)\"},{\"lang\":\"es\",\"value\":\"El desbordamiento del b\u00fafer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permit\u00eda a un atacante remoto realizar una escritura en memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: cr\u00edtica)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2023-09-13\",\"cisaActionDue\":\"2023-10-04\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Google Chromium WebP Heap-Based Buffer Overflow Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"116.0.5845.187\",\"matchCriteriaId\":\"856C1821-5D22-4A4E-859D-8F5305255AB7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionEndExcluding\":\"102.15.1\",\"matchCriteriaId\":\"54B8855E-19B9-4D20-9B93-A5219F077335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"117.0.1\",\"matchCriteriaId\":\"FBA8858E-AB6C-4708-820D-3F9D8D5A077F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionStartIncluding\":\"115.1.0\",\"versionEndExcluding\":\"115.2.1\",\"matchCriteriaId\":\"6C494574-4187-4BC7-816B-6C1C288D711E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"102.15.1\",\"matchCriteriaId\":\"A073724D-52BD-4426-B58D-7A8BD24B8F8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"115.0\",\"versionEndExcluding\":\"115.2.2\",\"matchCriteriaId\":\"952BEC0C-2DB0-476A-AF62-1269F8635B4A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"116.0.1938.81\",\"matchCriteriaId\":\"0C8F8BD1-1D13-4605-BF19-E4292E2D6A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:teams:*:*:*:*:*:macos:*:*\",\"versionEndExcluding\":\"1.6.00.26463\",\"matchCriteriaId\":\"11C16818-7453-46CB-89C2-2A4D4452A198\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:teams:*:*:*:*:desktop:*:*:*\",\"versionEndExcluding\":\"1.6.00.26474\",\"matchCriteriaId\":\"46625A28-312D-4406-87AE-8A7C93222A45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:webp_image_extension:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.62681.0\",\"matchCriteriaId\":\"201D3850-75A4-4CB4-A312-B01BF51C7C8A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.3.2\",\"matchCriteriaId\":\"2804DDE4-B0A4-4B7F-A318-F491B6316B34\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bentley:seequent_leapfrog:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.2\",\"matchCriteriaId\":\"E50A797C-2C6C-46A5-A9D0-8CD877EBA3CD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bandisoft:honeyview:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.51\",\"matchCriteriaId\":\"A9D1BE06-A20B-43F3-B78D-21F2FF20026C\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/21/4\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/1\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/3\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/4\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/5\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/6\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/7\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/8\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/1\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/7\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/1\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/2\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/4\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.isosceles.com/the-webp-0day/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1215231\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1479274\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://en.bandisoft.com/honeyview/history/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webmproject/libwebp/releases/tag/v1.3.2\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37478403\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2023-4863\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202309-05\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-10\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230929-0011/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.bentley.com/advisories/be-2023-0001/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5496\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5497\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5498\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/21/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/26/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/28/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.isosceles.com/the-webp-0day/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1215231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1479274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://en.bandisoft.com/honeyview/history/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/webmproject/libwebp/releases/tag/v1.3.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37478403\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2023-4863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202309-05\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230929-0011/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.bentley.com/advisories/be-2023-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5497\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5498\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://crbug.com/1479274\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://en.bandisoft.com/honeyview/history/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-4863\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1215231\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37478403\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5496\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5497\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5498\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202309-05\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/webmproject/libwebp/releases/tag/v1.3.2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/21/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.isosceles.com/the-webp-0day/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/26/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/26/7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230929-0011/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bentley.com/advisories/be-2023-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-19T07:48:10.265Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4863\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-11-28T05:00:18.341149Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-09-13\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-09-13T00:00:00.000Z\", \"value\": \"CVE-2023-4863 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-03T14:04:35.481Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"116.0.5845.187\", \"lessThan\": \"116.0.5845.187\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Google\", \"product\": \"libwebp\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.3.2\", \"lessThan\": \"1.3.2\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html\"}, {\"url\": \"https://crbug.com/1479274\"}, {\"url\": \"https://en.bandisoft.com/honeyview/history/\"}, {\"url\": \"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\"}, {\"url\": \"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/\"}, {\"url\": \"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a\"}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2023-4863\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1215231\"}, {\"url\": \"https://news.ycombinator.com/item?id=37478403\"}, {\"url\": \"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5496\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5497\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5498\"}, {\"url\": \"https://security.gentoo.org/glsa/202309-05\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\"}, {\"url\": \"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/\"}, {\"url\": \"https://github.com/webmproject/libwebp/releases/tag/v1.3.2\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/21/4\"}, {\"url\": \"https://blog.isosceles.com/the-webp-0day/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/3\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/4\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/5\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/8\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/7\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/6\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/26/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/26/7\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/28/4\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230929-0011/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/\"}, {\"url\": \"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16\"}, {\"url\": \"https://www.bentley.com/advisories/be-2023-0001/\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Heap buffer overflow\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2024-01-07T11:07:27.027Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-4863\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:38.429Z\", \"dateReserved\": \"2023-09-09T01:02:58.312Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2023-09-12T14:24:59.275Z\", \"assignerShortName\": \"Chrome\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
OPENSUSE-SU-2023:0278-1
Vulnerability from csaf_opensuse - Published: 2023-10-02 09:07 - Updated: 2023-10-02 09:07Summary
Security update for seamonkey
Severity
Important
Notes
Title of the patch: Security update for seamonkey
Description of the patch: This update for seamonkey fixes the following issues:
update to SeaMonkey 2.53.17.1
* Upstream libwebp security fix bug 1852749.
* CVE-2023-4863: Heap buffer overflow in libwebp bug 1852649.
* Fix bad string encoded in ansi. l10n fr problem only bug 1847887.
* SeaMonkey 2.53.17 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.17 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 115.3
and Thunderbird 115.3 ESR plus many enhancements have been
backported. We will continue to enhance SeaMonkey security in
subsequent 2.53.x beta and release versions as fast as we are able
to.
update to SeaMonkey 2.53.17
* Fix macOS Contacts permission request bug 1826719.
* Remove SeaMonkey 2.57 links from debugQA bug 1829683.
* Treat opening urls from the library as external bug 1619108.
* Disable spam warning for autogenerated links in plaintext messages
bug 619031.
* Switch SeaMonkey build files to Python 3 bug 1635849.
* Remove empty overlays from Composer bug 1828533.
* Move xpfe autocomplete to comm-central suite bug 1418512.
* Remove nsIPrefBranch2 and nsIPrefBranchInternal bug 1374847.
* SeaMonkey 2.53.17 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.17 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 102.11
and Thunderbird 102.11 ESR plus many enhancements have been
backported. We will continue to enhance SeaMonkey security in
subsequent 2.53.x beta and release versions as fast as we are able
to.
Update to SeaMonkey 2.53.16
* No throbber in plaintext editor bug 85498.
* Remove unused gridlines class from EdAdvancedEdit bug 1806632.
* Remove ESR 91 links from debugQA bug 1804534.
* Rename devtools/shim to devtools/startup bug 1812367.
* Remove unused seltype=text|cell css bug 1806653.
* Implement new shared tree styling bug 1807802.
* Use `win.focus()` in macWindowMenu.js bug 1807817.
* Remove WCAP provider bug 1579020.
* Remove ftp/file tree view support bug 1239239.
* Change calendar list tree to a list bug 1561530.
* Various other updates to the calendar code.
* Continue the switch from Python 2 to Python 3 in the build system.
* Verified compatibility with Rust 1.66.1.
* SeaMonkey 2.53.16 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.16 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 102.9
and Thunderbird 102.9 ESR plus many enhancements have been
backported. We will continue to enhance SeaMonkey security in
subsequent 2.53.x beta and release versions as fast as we are able
to.
Update to SeaMonkey 2.53.15
* Microtasks and promises bug 1193394.
* Implement queueMicrotask()bug 1480236.
* Remove old synchronous contentPrefService from the tree bug 886907
and bug 1392929.
* Remove remaining uses of 'general.useragent.locale' bug 1410736
and bug 1410738.
* Migrate to intl.locale.requested.locale list from
'general.useragent.locale' bug 1441016.
* Introduce a pref to store BCP47 locale list bug 1414390, bug
1423532 and bug 1441026.
* Remove synchronous certificate verification APIs from
nsIX509CertDB bug 1453741 and bug 1453778.
* Taskbar preview's favicon appears blank bug 1475524.
* Call Imagelibs decodeImageAsyncWindows using a callback bug
1790695.
* Remove PermissionsService from process Windows sandboxing code bug
1788233, bug 1789782 and bug 1794394.
* Security info dialog doesn't show cert status anymore bug 1293378.
* Replace nsIPlatfromCharset in mailnews bug 1381762.
* Replace use of nsMsgI18NFileSystemCharset() with
NS_CopyUnicodeToNative/NS_CopyNativeToUnicode() bug 1506422.
* Cater for Outlook's/Hotmail's 'Deleted' folder bug 1320191.
* Make some filter methods scriptable bug 1497513.
* Fix crash in nsMsgFilterAfterTheFact::ApplyFilter() caused by
async reset of 'm_curFolder' bug 537017.
* Localize messages from nsIMsgFolder.logRuleHitFail() bug 1352731.
* Add logging of message filter runs and actions bug 697522.
* Check that we got a non-null header before running a filter on it
(and crashing) bug 1563959.
* With CONDSTORE, eliminate unneeded flag fetches at startup bug
1428097.
* Fix so custom tags (keywords) are visible to all users bug 583677.
* Improve handling of tags on shared folders bug 1596371.
* Allow setting/resetting junk marking by user for yahoo/aol to
stick bug 1260059.
* Don't check subject if spellchecker is not ready bug 1069787.
* Grammar issues in mailnews_account_settings.xhtml bug 1793291.
* Remove use of nsIMemory bug 1792578.
* Replace obsolete GetStringBundleService call in SeaMonkey bug
1794400.
* SeaMonkey crashes on MacOS Ventura 13.0 bug 1797696.
* Continue the switch from Python 2 to Python 3 in the build system.
* Added support for clang 15 and macOS SDK 11.3.
* Verified compatibility with Rust 1.65.
* SeaMonkey 2.53.15 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.15 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 102.6
and Thunderbird 102.5 ESR plus many enhancements have been
backported. We will continue to enhance SeaMonkey security in
subsequent 2.53.x beta and release versions as fast as we are able
to.
Patchnames: openSUSE-2023-278
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP5:seamonkey-2.53.17.1-bp155.2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP5:seamonkey-2.53.17.1-bp155.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP5:seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP5:seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:seamonkey-2.53.17.1-bp155.2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:seamonkey-2.53.17.1-bp155.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for seamonkey",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for seamonkey fixes the following issues:\n\nupdate to SeaMonkey 2.53.17.1\n\n * Upstream libwebp security fix bug 1852749.\n * CVE-2023-4863: Heap buffer overflow in libwebp bug 1852649.\n * Fix bad string encoded in ansi. l10n fr problem only bug 1847887.\n * SeaMonkey 2.53.17 uses the same backend as Firefox and contains\n the relevant Firefox 60.8 security fixes.\n * SeaMonkey 2.53.17 shares most parts of the mail and news code with\n Thunderbird. Please read the Thunderbird 60.8.0 release notes for\n specific security fixes in this release.\n * Additional important security fixes up to Current Firefox 115.3\n and Thunderbird 115.3 ESR plus many enhancements have been\n backported. We will continue to enhance SeaMonkey security in\n subsequent 2.53.x beta and release versions as fast as we are able\n to.\n\nupdate to SeaMonkey 2.53.17\n\n * Fix macOS Contacts permission request bug 1826719.\n * Remove SeaMonkey 2.57 links from debugQA bug 1829683.\n * Treat opening urls from the library as external bug 1619108.\n * Disable spam warning for autogenerated links in plaintext messages\n bug 619031.\n * Switch SeaMonkey build files to Python 3 bug 1635849.\n * Remove empty overlays from Composer bug 1828533.\n * Move xpfe autocomplete to comm-central suite bug 1418512.\n * Remove nsIPrefBranch2 and nsIPrefBranchInternal bug 1374847.\n * SeaMonkey 2.53.17 uses the same backend as Firefox and contains\n the relevant Firefox 60.8 security fixes.\n * SeaMonkey 2.53.17 shares most parts of the mail and news code with\n Thunderbird. Please read the Thunderbird 60.8.0 release notes for\n specific security fixes in this release.\n * Additional important security fixes up to Current Firefox 102.11\n and Thunderbird 102.11 ESR plus many enhancements have been\n backported. We will continue to enhance SeaMonkey security in\n subsequent 2.53.x beta and release versions as fast as we are able\n to.\n\nUpdate to SeaMonkey 2.53.16\n\n * No throbber in plaintext editor bug 85498.\n * Remove unused gridlines class from EdAdvancedEdit bug 1806632.\n * Remove ESR 91 links from debugQA bug 1804534.\n * Rename devtools/shim to devtools/startup bug 1812367.\n * Remove unused seltype=text|cell css bug 1806653.\n * Implement new shared tree styling bug 1807802.\n * Use `win.focus()` in macWindowMenu.js bug 1807817.\n * Remove WCAP provider bug 1579020.\n * Remove ftp/file tree view support bug 1239239.\n * Change calendar list tree to a list bug 1561530.\n * Various other updates to the calendar code.\n * Continue the switch from Python 2 to Python 3 in the build system.\n * Verified compatibility with Rust 1.66.1.\n * SeaMonkey 2.53.16 uses the same backend as Firefox and contains\n the relevant Firefox 60.8 security fixes.\n * SeaMonkey 2.53.16 shares most parts of the mail and news code with\n Thunderbird. Please read the Thunderbird 60.8.0 release notes for\n specific security fixes in this release.\n * Additional important security fixes up to Current Firefox 102.9\n and Thunderbird 102.9 ESR plus many enhancements have been\n backported. We will continue to enhance SeaMonkey security in\n subsequent 2.53.x beta and release versions as fast as we are able\n to.\n\nUpdate to SeaMonkey 2.53.15\n\n * Microtasks and promises bug 1193394.\n * Implement queueMicrotask()bug 1480236.\n * Remove old synchronous contentPrefService from the tree bug 886907\n and bug 1392929.\n * Remove remaining uses of \u0027general.useragent.locale\u0027 bug 1410736\n and bug 1410738.\n * Migrate to intl.locale.requested.locale list from\n \u0027general.useragent.locale\u0027 bug 1441016.\n * Introduce a pref to store BCP47 locale list bug 1414390, bug\n 1423532 and bug 1441026.\n * Remove synchronous certificate verification APIs from\n nsIX509CertDB bug 1453741 and bug 1453778.\n * Taskbar preview\u0027s favicon appears blank bug 1475524.\n * Call Imagelibs decodeImageAsyncWindows using a callback bug\n 1790695.\n * Remove PermissionsService from process Windows sandboxing code bug\n 1788233, bug 1789782 and bug 1794394.\n * Security info dialog doesn\u0027t show cert status anymore bug 1293378.\n * Replace nsIPlatfromCharset in mailnews bug 1381762.\n * Replace use of nsMsgI18NFileSystemCharset() with\n NS_CopyUnicodeToNative/NS_CopyNativeToUnicode() bug 1506422.\n * Cater for Outlook\u0027s/Hotmail\u0027s \u0027Deleted\u0027 folder bug 1320191.\n * Make some filter methods scriptable bug 1497513.\n * Fix crash in nsMsgFilterAfterTheFact::ApplyFilter() caused by\n async reset of \u0027m_curFolder\u0027 bug 537017.\n * Localize messages from nsIMsgFolder.logRuleHitFail() bug 1352731.\n * Add logging of message filter runs and actions bug 697522.\n * Check that we got a non-null header before running a filter on it\n (and crashing) bug 1563959.\n * With CONDSTORE, eliminate unneeded flag fetches at startup bug\n 1428097.\n * Fix so custom tags (keywords) are visible to all users bug 583677.\n * Improve handling of tags on shared folders bug 1596371.\n * Allow setting/resetting junk marking by user for yahoo/aol to\n stick bug 1260059.\n * Don\u0027t check subject if spellchecker is not ready bug 1069787.\n * Grammar issues in mailnews_account_settings.xhtml bug 1793291.\n * Remove use of nsIMemory bug 1792578.\n * Replace obsolete GetStringBundleService call in SeaMonkey bug\n 1794400.\n * SeaMonkey crashes on MacOS Ventura 13.0 bug 1797696.\n * Continue the switch from Python 2 to Python 3 in the build system.\n * Added support for clang 15 and macOS SDK 11.3.\n * Verified compatibility with Rust 1.65.\n * SeaMonkey 2.53.15 uses the same backend as Firefox and contains\n the relevant Firefox 60.8 security fixes.\n * SeaMonkey 2.53.15 shares most parts of the mail and news code with\n Thunderbird. Please read the Thunderbird 60.8.0 release notes for\n specific security fixes in this release.\n * Additional important security fixes up to Current Firefox 102.6\n and Thunderbird 102.5 ESR plus many enhancements have been\n backported. We will continue to enhance SeaMonkey security in\n subsequent 2.53.x beta and release versions as fast as we are able\n to.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2023-278",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0278-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2023:0278-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5SOOP74GTYPZCPPWK473Q6QVJGSGCJQL/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2023:0278-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5SOOP74GTYPZCPPWK473Q6QVJGSGCJQL/"
},
{
"category": "self",
"summary": "SUSE Bug 1207332",
"url": "https://bugzilla.suse.com/1207332"
},
{
"category": "self",
"summary": "SUSE Bug 1209994",
"url": "https://bugzilla.suse.com/1209994"
},
{
"category": "self",
"summary": "SUSE Bug 1213986",
"url": "https://bugzilla.suse.com/1213986"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4863/"
}
],
"title": "Security update for seamonkey",
"tracking": {
"current_release_date": "2023-10-02T09:07:31Z",
"generator": {
"date": "2023-10-02T09:07:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2023:0278-1",
"initial_release_date": "2023-10-02T09:07:31Z",
"revision_history": [
{
"date": "2023-10-02T09:07:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.53.17.1-bp155.2.3.1.aarch64",
"product": {
"name": "seamonkey-2.53.17.1-bp155.2.3.1.aarch64",
"product_id": "seamonkey-2.53.17.1-bp155.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64",
"product": {
"name": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64",
"product_id": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64",
"product": {
"name": "seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64",
"product_id": "seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.53.17.1-bp155.2.3.1.x86_64",
"product": {
"name": "seamonkey-2.53.17.1-bp155.2.3.1.x86_64",
"product_id": "seamonkey-2.53.17.1-bp155.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64",
"product": {
"name": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64",
"product_id": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64",
"product": {
"name": "seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64",
"product_id": "seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP5",
"product": {
"name": "SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.53.17.1-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:seamonkey-2.53.17.1-bp155.2.3.1.aarch64"
},
"product_reference": "seamonkey-2.53.17.1-bp155.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.53.17.1-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:seamonkey-2.53.17.1-bp155.2.3.1.x86_64"
},
"product_reference": "seamonkey-2.53.17.1-bp155.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64"
},
"product_reference": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64"
},
"product_reference": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64"
},
"product_reference": "seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64"
},
"product_reference": "seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.53.17.1-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:seamonkey-2.53.17.1-bp155.2.3.1.aarch64"
},
"product_reference": "seamonkey-2.53.17.1-bp155.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.53.17.1-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:seamonkey-2.53.17.1-bp155.2.3.1.x86_64"
},
"product_reference": "seamonkey-2.53.17.1-bp155.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64"
},
"product_reference": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64"
},
"product_reference": "seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64"
},
"product_reference": "seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64"
},
"product_reference": "seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4863"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP5:seamonkey-2.53.17.1-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:seamonkey-2.53.17.1-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:seamonkey-2.53.17.1-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:seamonkey-2.53.17.1-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4863",
"url": "https://www.suse.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "SUSE Bug 1215231 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1215231"
},
{
"category": "external",
"summary": "SUSE Bug 1217115 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217115"
},
{
"category": "external",
"summary": "SUSE Bug 1217117 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP5:seamonkey-2.53.17.1-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:seamonkey-2.53.17.1-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:seamonkey-2.53.17.1-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:seamonkey-2.53.17.1-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP5:seamonkey-2.53.17.1-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:seamonkey-2.53.17.1-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:seamonkey-2.53.17.1-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:seamonkey-2.53.17.1-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:seamonkey-dom-inspector-2.53.17.1-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:seamonkey-irc-2.53.17.1-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:seamonkey-irc-2.53.17.1-bp155.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-02T09:07:31Z",
"details": "important"
}
],
"title": "CVE-2023-4863"
}
]
}
OPENSUSE-SU-2024:13227-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
MozillaFirefox-117.0.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: MozillaFirefox-117.0.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the MozillaFirefox-117.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13227
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
7 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-4863/ | self |
| https://www.suse.com/security/cve/CVE-2023-4863 | external |
| https://bugzilla.suse.com/1215231 | external |
| https://bugzilla.suse.com/1217115 | external |
| https://bugzilla.suse.com/1217117 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "MozillaFirefox-117.0.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the MozillaFirefox-117.0.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13227",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13227-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4863/"
}
],
"title": "MozillaFirefox-117.0.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13227-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-117.0.1-1.1.aarch64",
"product": {
"name": "MozillaFirefox-117.0.1-1.1.aarch64",
"product_id": "MozillaFirefox-117.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-117.0.1-1.1.aarch64",
"product": {
"name": "MozillaFirefox-branding-upstream-117.0.1-1.1.aarch64",
"product_id": "MozillaFirefox-branding-upstream-117.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-117.0.1-1.1.aarch64",
"product": {
"name": "MozillaFirefox-devel-117.0.1-1.1.aarch64",
"product_id": "MozillaFirefox-devel-117.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-117.0.1-1.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-117.0.1-1.1.aarch64",
"product_id": "MozillaFirefox-translations-common-117.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-117.0.1-1.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-other-117.0.1-1.1.aarch64",
"product_id": "MozillaFirefox-translations-other-117.0.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-117.0.1-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-117.0.1-1.1.ppc64le",
"product_id": "MozillaFirefox-117.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-117.0.1-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-branding-upstream-117.0.1-1.1.ppc64le",
"product_id": "MozillaFirefox-branding-upstream-117.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-117.0.1-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-devel-117.0.1-1.1.ppc64le",
"product_id": "MozillaFirefox-devel-117.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-117.0.1-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-117.0.1-1.1.ppc64le",
"product_id": "MozillaFirefox-translations-common-117.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-117.0.1-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-other-117.0.1-1.1.ppc64le",
"product_id": "MozillaFirefox-translations-other-117.0.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-117.0.1-1.1.s390x",
"product": {
"name": "MozillaFirefox-117.0.1-1.1.s390x",
"product_id": "MozillaFirefox-117.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-117.0.1-1.1.s390x",
"product": {
"name": "MozillaFirefox-branding-upstream-117.0.1-1.1.s390x",
"product_id": "MozillaFirefox-branding-upstream-117.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-117.0.1-1.1.s390x",
"product": {
"name": "MozillaFirefox-devel-117.0.1-1.1.s390x",
"product_id": "MozillaFirefox-devel-117.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-117.0.1-1.1.s390x",
"product": {
"name": "MozillaFirefox-translations-common-117.0.1-1.1.s390x",
"product_id": "MozillaFirefox-translations-common-117.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-117.0.1-1.1.s390x",
"product": {
"name": "MozillaFirefox-translations-other-117.0.1-1.1.s390x",
"product_id": "MozillaFirefox-translations-other-117.0.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-117.0.1-1.1.x86_64",
"product": {
"name": "MozillaFirefox-117.0.1-1.1.x86_64",
"product_id": "MozillaFirefox-117.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-117.0.1-1.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-117.0.1-1.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-117.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-117.0.1-1.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-117.0.1-1.1.x86_64",
"product_id": "MozillaFirefox-devel-117.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-117.0.1-1.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-117.0.1-1.1.x86_64",
"product_id": "MozillaFirefox-translations-common-117.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-117.0.1-1.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-117.0.1-1.1.x86_64",
"product_id": "MozillaFirefox-translations-other-117.0.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-117.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.aarch64"
},
"product_reference": "MozillaFirefox-117.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-117.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-117.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-117.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.s390x"
},
"product_reference": "MozillaFirefox-117.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-117.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.x86_64"
},
"product_reference": "MozillaFirefox-117.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-117.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.aarch64"
},
"product_reference": "MozillaFirefox-branding-upstream-117.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-117.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-branding-upstream-117.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-117.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.s390x"
},
"product_reference": "MozillaFirefox-branding-upstream-117.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-117.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-117.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-117.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-117.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-117.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-117.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-117.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.s390x"
},
"product_reference": "MozillaFirefox-devel-117.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-117.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-117.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-117.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-117.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-117.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-117.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-117.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-117.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-117.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-117.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-117.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-117.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-117.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-117.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-117.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.s390x"
},
"product_reference": "MozillaFirefox-translations-other-117.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-117.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-117.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4863"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4863",
"url": "https://www.suse.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "SUSE Bug 1215231 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1215231"
},
{
"category": "external",
"summary": "SUSE Bug 1217115 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217115"
},
{
"category": "external",
"summary": "SUSE Bug 1217117 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-117.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-117.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-117.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-117.0.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-117.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4863"
}
]
}
OPENSUSE-SU-2024:13228-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
MozillaThunderbird-115.2.2-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: MozillaThunderbird-115.2.2-1.1 on GA media
Description of the patch: These are all security issues fixed in the MozillaThunderbird-115.2.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13228
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
7 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-4863/ | self |
| https://www.suse.com/security/cve/CVE-2023-4863 | external |
| https://bugzilla.suse.com/1215231 | external |
| https://bugzilla.suse.com/1217115 | external |
| https://bugzilla.suse.com/1217117 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "MozillaThunderbird-115.2.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the MozillaThunderbird-115.2.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13228",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13228-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4863/"
}
],
"title": "MozillaThunderbird-115.2.2-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13228-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-115.2.2-1.1.aarch64",
"product": {
"name": "MozillaThunderbird-115.2.2-1.1.aarch64",
"product_id": "MozillaThunderbird-115.2.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-115.2.2-1.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-common-115.2.2-1.1.aarch64",
"product_id": "MozillaThunderbird-translations-common-115.2.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-115.2.2-1.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-other-115.2.2-1.1.aarch64",
"product_id": "MozillaThunderbird-translations-other-115.2.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-115.2.2-1.1.ppc64le",
"product": {
"name": "MozillaThunderbird-115.2.2-1.1.ppc64le",
"product_id": "MozillaThunderbird-115.2.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-115.2.2-1.1.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-common-115.2.2-1.1.ppc64le",
"product_id": "MozillaThunderbird-translations-common-115.2.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-115.2.2-1.1.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-other-115.2.2-1.1.ppc64le",
"product_id": "MozillaThunderbird-translations-other-115.2.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-115.2.2-1.1.s390x",
"product": {
"name": "MozillaThunderbird-115.2.2-1.1.s390x",
"product_id": "MozillaThunderbird-115.2.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-115.2.2-1.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-common-115.2.2-1.1.s390x",
"product_id": "MozillaThunderbird-translations-common-115.2.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-115.2.2-1.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-other-115.2.2-1.1.s390x",
"product_id": "MozillaThunderbird-translations-other-115.2.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-115.2.2-1.1.x86_64",
"product": {
"name": "MozillaThunderbird-115.2.2-1.1.x86_64",
"product_id": "MozillaThunderbird-115.2.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-115.2.2-1.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-115.2.2-1.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-115.2.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-115.2.2-1.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-115.2.2-1.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-115.2.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-115.2.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.aarch64"
},
"product_reference": "MozillaThunderbird-115.2.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-115.2.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.ppc64le"
},
"product_reference": "MozillaThunderbird-115.2.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-115.2.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.s390x"
},
"product_reference": "MozillaThunderbird-115.2.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-115.2.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.x86_64"
},
"product_reference": "MozillaThunderbird-115.2.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-115.2.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-115.2.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-115.2.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-common-115.2.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-115.2.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-115.2.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-115.2.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-115.2.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-115.2.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-115.2.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-115.2.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-other-115.2.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-115.2.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-115.2.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-115.2.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-115.2.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4863"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4863",
"url": "https://www.suse.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "SUSE Bug 1215231 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1215231"
},
{
"category": "external",
"summary": "SUSE Bug 1217115 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217115"
},
{
"category": "external",
"summary": "SUSE Bug 1217117 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-115.2.2-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.2.2-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.2.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4863"
}
]
}
OPENSUSE-SU-2024:13229-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
chromedriver-116.0.5845.187-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: chromedriver-116.0.5845.187-1.1 on GA media
Description of the patch: These are all security issues fixed in the chromedriver-116.0.5845.187-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13229
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
7 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-4863/ | self |
| https://www.suse.com/security/cve/CVE-2023-4863 | external |
| https://bugzilla.suse.com/1215231 | external |
| https://bugzilla.suse.com/1217115 | external |
| https://bugzilla.suse.com/1217117 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "chromedriver-116.0.5845.187-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the chromedriver-116.0.5845.187-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13229",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13229-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4863/"
}
],
"title": "chromedriver-116.0.5845.187-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13229-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-116.0.5845.187-1.1.aarch64",
"product": {
"name": "chromedriver-116.0.5845.187-1.1.aarch64",
"product_id": "chromedriver-116.0.5845.187-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-116.0.5845.187-1.1.aarch64",
"product": {
"name": "chromium-116.0.5845.187-1.1.aarch64",
"product_id": "chromium-116.0.5845.187-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-116.0.5845.187-1.1.ppc64le",
"product": {
"name": "chromedriver-116.0.5845.187-1.1.ppc64le",
"product_id": "chromedriver-116.0.5845.187-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "chromium-116.0.5845.187-1.1.ppc64le",
"product": {
"name": "chromium-116.0.5845.187-1.1.ppc64le",
"product_id": "chromium-116.0.5845.187-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-116.0.5845.187-1.1.s390x",
"product": {
"name": "chromedriver-116.0.5845.187-1.1.s390x",
"product_id": "chromedriver-116.0.5845.187-1.1.s390x"
}
},
{
"category": "product_version",
"name": "chromium-116.0.5845.187-1.1.s390x",
"product": {
"name": "chromium-116.0.5845.187-1.1.s390x",
"product_id": "chromium-116.0.5845.187-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-116.0.5845.187-1.1.x86_64",
"product": {
"name": "chromedriver-116.0.5845.187-1.1.x86_64",
"product_id": "chromedriver-116.0.5845.187-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-116.0.5845.187-1.1.x86_64",
"product": {
"name": "chromium-116.0.5845.187-1.1.x86_64",
"product_id": "chromium-116.0.5845.187-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-116.0.5845.187-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.aarch64"
},
"product_reference": "chromedriver-116.0.5845.187-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-116.0.5845.187-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.ppc64le"
},
"product_reference": "chromedriver-116.0.5845.187-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-116.0.5845.187-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.s390x"
},
"product_reference": "chromedriver-116.0.5845.187-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-116.0.5845.187-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.x86_64"
},
"product_reference": "chromedriver-116.0.5845.187-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-116.0.5845.187-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.aarch64"
},
"product_reference": "chromium-116.0.5845.187-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-116.0.5845.187-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.ppc64le"
},
"product_reference": "chromium-116.0.5845.187-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-116.0.5845.187-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.s390x"
},
"product_reference": "chromium-116.0.5845.187-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-116.0.5845.187-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.x86_64"
},
"product_reference": "chromium-116.0.5845.187-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4863"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.x86_64",
"openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.aarch64",
"openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.s390x",
"openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4863",
"url": "https://www.suse.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "SUSE Bug 1215231 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1215231"
},
{
"category": "external",
"summary": "SUSE Bug 1217115 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217115"
},
{
"category": "external",
"summary": "SUSE Bug 1217117 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.x86_64",
"openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.aarch64",
"openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.s390x",
"openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-116.0.5845.187-1.1.x86_64",
"openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.aarch64",
"openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.s390x",
"openSUSE Tumbleweed:chromium-116.0.5845.187-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4863"
}
]
}
OPENSUSE-SU-2024:13231-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libsharpyuv0-1.3.1-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: libsharpyuv0-1.3.1-2.1 on GA media
Description of the patch: These are all security issues fixed in the libsharpyuv0-1.3.1-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13231
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp7-1.3.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp7-1.3.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp7-1.3.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp7-1.3.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
7 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-4863/ | self |
| https://www.suse.com/security/cve/CVE-2023-4863 | external |
| https://bugzilla.suse.com/1215231 | external |
| https://bugzilla.suse.com/1217115 | external |
| https://bugzilla.suse.com/1217117 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libsharpyuv0-1.3.1-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libsharpyuv0-1.3.1-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13231",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13231-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4863/"
}
],
"title": "libsharpyuv0-1.3.1-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13231-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsharpyuv0-1.3.1-2.1.aarch64",
"product": {
"name": "libsharpyuv0-1.3.1-2.1.aarch64",
"product_id": "libsharpyuv0-1.3.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsharpyuv0-32bit-1.3.1-2.1.aarch64",
"product": {
"name": "libsharpyuv0-32bit-1.3.1-2.1.aarch64",
"product_id": "libsharpyuv0-32bit-1.3.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebp-devel-1.3.1-2.1.aarch64",
"product": {
"name": "libwebp-devel-1.3.1-2.1.aarch64",
"product_id": "libwebp-devel-1.3.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebp-devel-32bit-1.3.1-2.1.aarch64",
"product": {
"name": "libwebp-devel-32bit-1.3.1-2.1.aarch64",
"product_id": "libwebp-devel-32bit-1.3.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebp-tools-1.3.1-2.1.aarch64",
"product": {
"name": "libwebp-tools-1.3.1-2.1.aarch64",
"product_id": "libwebp-tools-1.3.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebp7-1.3.1-2.1.aarch64",
"product": {
"name": "libwebp7-1.3.1-2.1.aarch64",
"product_id": "libwebp7-1.3.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebp7-32bit-1.3.1-2.1.aarch64",
"product": {
"name": "libwebp7-32bit-1.3.1-2.1.aarch64",
"product_id": "libwebp7-32bit-1.3.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebpdecoder3-1.3.1-2.1.aarch64",
"product": {
"name": "libwebpdecoder3-1.3.1-2.1.aarch64",
"product_id": "libwebpdecoder3-1.3.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebpdecoder3-32bit-1.3.1-2.1.aarch64",
"product": {
"name": "libwebpdecoder3-32bit-1.3.1-2.1.aarch64",
"product_id": "libwebpdecoder3-32bit-1.3.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebpdemux2-1.3.1-2.1.aarch64",
"product": {
"name": "libwebpdemux2-1.3.1-2.1.aarch64",
"product_id": "libwebpdemux2-1.3.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebpdemux2-32bit-1.3.1-2.1.aarch64",
"product": {
"name": "libwebpdemux2-32bit-1.3.1-2.1.aarch64",
"product_id": "libwebpdemux2-32bit-1.3.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebpmux3-1.3.1-2.1.aarch64",
"product": {
"name": "libwebpmux3-1.3.1-2.1.aarch64",
"product_id": "libwebpmux3-1.3.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebpmux3-32bit-1.3.1-2.1.aarch64",
"product": {
"name": "libwebpmux3-32bit-1.3.1-2.1.aarch64",
"product_id": "libwebpmux3-32bit-1.3.1-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsharpyuv0-1.3.1-2.1.ppc64le",
"product": {
"name": "libsharpyuv0-1.3.1-2.1.ppc64le",
"product_id": "libsharpyuv0-1.3.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsharpyuv0-32bit-1.3.1-2.1.ppc64le",
"product": {
"name": "libsharpyuv0-32bit-1.3.1-2.1.ppc64le",
"product_id": "libsharpyuv0-32bit-1.3.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebp-devel-1.3.1-2.1.ppc64le",
"product": {
"name": "libwebp-devel-1.3.1-2.1.ppc64le",
"product_id": "libwebp-devel-1.3.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebp-devel-32bit-1.3.1-2.1.ppc64le",
"product": {
"name": "libwebp-devel-32bit-1.3.1-2.1.ppc64le",
"product_id": "libwebp-devel-32bit-1.3.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebp-tools-1.3.1-2.1.ppc64le",
"product": {
"name": "libwebp-tools-1.3.1-2.1.ppc64le",
"product_id": "libwebp-tools-1.3.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebp7-1.3.1-2.1.ppc64le",
"product": {
"name": "libwebp7-1.3.1-2.1.ppc64le",
"product_id": "libwebp7-1.3.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebp7-32bit-1.3.1-2.1.ppc64le",
"product": {
"name": "libwebp7-32bit-1.3.1-2.1.ppc64le",
"product_id": "libwebp7-32bit-1.3.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebpdecoder3-1.3.1-2.1.ppc64le",
"product": {
"name": "libwebpdecoder3-1.3.1-2.1.ppc64le",
"product_id": "libwebpdecoder3-1.3.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebpdecoder3-32bit-1.3.1-2.1.ppc64le",
"product": {
"name": "libwebpdecoder3-32bit-1.3.1-2.1.ppc64le",
"product_id": "libwebpdecoder3-32bit-1.3.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebpdemux2-1.3.1-2.1.ppc64le",
"product": {
"name": "libwebpdemux2-1.3.1-2.1.ppc64le",
"product_id": "libwebpdemux2-1.3.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebpdemux2-32bit-1.3.1-2.1.ppc64le",
"product": {
"name": "libwebpdemux2-32bit-1.3.1-2.1.ppc64le",
"product_id": "libwebpdemux2-32bit-1.3.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebpmux3-1.3.1-2.1.ppc64le",
"product": {
"name": "libwebpmux3-1.3.1-2.1.ppc64le",
"product_id": "libwebpmux3-1.3.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebpmux3-32bit-1.3.1-2.1.ppc64le",
"product": {
"name": "libwebpmux3-32bit-1.3.1-2.1.ppc64le",
"product_id": "libwebpmux3-32bit-1.3.1-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsharpyuv0-1.3.1-2.1.s390x",
"product": {
"name": "libsharpyuv0-1.3.1-2.1.s390x",
"product_id": "libsharpyuv0-1.3.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libsharpyuv0-32bit-1.3.1-2.1.s390x",
"product": {
"name": "libsharpyuv0-32bit-1.3.1-2.1.s390x",
"product_id": "libsharpyuv0-32bit-1.3.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebp-devel-1.3.1-2.1.s390x",
"product": {
"name": "libwebp-devel-1.3.1-2.1.s390x",
"product_id": "libwebp-devel-1.3.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebp-devel-32bit-1.3.1-2.1.s390x",
"product": {
"name": "libwebp-devel-32bit-1.3.1-2.1.s390x",
"product_id": "libwebp-devel-32bit-1.3.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebp-tools-1.3.1-2.1.s390x",
"product": {
"name": "libwebp-tools-1.3.1-2.1.s390x",
"product_id": "libwebp-tools-1.3.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebp7-1.3.1-2.1.s390x",
"product": {
"name": "libwebp7-1.3.1-2.1.s390x",
"product_id": "libwebp7-1.3.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebp7-32bit-1.3.1-2.1.s390x",
"product": {
"name": "libwebp7-32bit-1.3.1-2.1.s390x",
"product_id": "libwebp7-32bit-1.3.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebpdecoder3-1.3.1-2.1.s390x",
"product": {
"name": "libwebpdecoder3-1.3.1-2.1.s390x",
"product_id": "libwebpdecoder3-1.3.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebpdecoder3-32bit-1.3.1-2.1.s390x",
"product": {
"name": "libwebpdecoder3-32bit-1.3.1-2.1.s390x",
"product_id": "libwebpdecoder3-32bit-1.3.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebpdemux2-1.3.1-2.1.s390x",
"product": {
"name": "libwebpdemux2-1.3.1-2.1.s390x",
"product_id": "libwebpdemux2-1.3.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebpdemux2-32bit-1.3.1-2.1.s390x",
"product": {
"name": "libwebpdemux2-32bit-1.3.1-2.1.s390x",
"product_id": "libwebpdemux2-32bit-1.3.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebpmux3-1.3.1-2.1.s390x",
"product": {
"name": "libwebpmux3-1.3.1-2.1.s390x",
"product_id": "libwebpmux3-1.3.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebpmux3-32bit-1.3.1-2.1.s390x",
"product": {
"name": "libwebpmux3-32bit-1.3.1-2.1.s390x",
"product_id": "libwebpmux3-32bit-1.3.1-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsharpyuv0-1.3.1-2.1.x86_64",
"product": {
"name": "libsharpyuv0-1.3.1-2.1.x86_64",
"product_id": "libsharpyuv0-1.3.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsharpyuv0-32bit-1.3.1-2.1.x86_64",
"product": {
"name": "libsharpyuv0-32bit-1.3.1-2.1.x86_64",
"product_id": "libsharpyuv0-32bit-1.3.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebp-devel-1.3.1-2.1.x86_64",
"product": {
"name": "libwebp-devel-1.3.1-2.1.x86_64",
"product_id": "libwebp-devel-1.3.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebp-devel-32bit-1.3.1-2.1.x86_64",
"product": {
"name": "libwebp-devel-32bit-1.3.1-2.1.x86_64",
"product_id": "libwebp-devel-32bit-1.3.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebp-tools-1.3.1-2.1.x86_64",
"product": {
"name": "libwebp-tools-1.3.1-2.1.x86_64",
"product_id": "libwebp-tools-1.3.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebp7-1.3.1-2.1.x86_64",
"product": {
"name": "libwebp7-1.3.1-2.1.x86_64",
"product_id": "libwebp7-1.3.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebp7-32bit-1.3.1-2.1.x86_64",
"product": {
"name": "libwebp7-32bit-1.3.1-2.1.x86_64",
"product_id": "libwebp7-32bit-1.3.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebpdecoder3-1.3.1-2.1.x86_64",
"product": {
"name": "libwebpdecoder3-1.3.1-2.1.x86_64",
"product_id": "libwebpdecoder3-1.3.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebpdecoder3-32bit-1.3.1-2.1.x86_64",
"product": {
"name": "libwebpdecoder3-32bit-1.3.1-2.1.x86_64",
"product_id": "libwebpdecoder3-32bit-1.3.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebpdemux2-1.3.1-2.1.x86_64",
"product": {
"name": "libwebpdemux2-1.3.1-2.1.x86_64",
"product_id": "libwebpdemux2-1.3.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebpdemux2-32bit-1.3.1-2.1.x86_64",
"product": {
"name": "libwebpdemux2-32bit-1.3.1-2.1.x86_64",
"product_id": "libwebpdemux2-32bit-1.3.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebpmux3-1.3.1-2.1.x86_64",
"product": {
"name": "libwebpmux3-1.3.1-2.1.x86_64",
"product_id": "libwebpmux3-1.3.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebpmux3-32bit-1.3.1-2.1.x86_64",
"product": {
"name": "libwebpmux3-32bit-1.3.1-2.1.x86_64",
"product_id": "libwebpmux3-32bit-1.3.1-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsharpyuv0-1.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.aarch64"
},
"product_reference": "libsharpyuv0-1.3.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsharpyuv0-1.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.ppc64le"
},
"product_reference": "libsharpyuv0-1.3.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsharpyuv0-1.3.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.s390x"
},
"product_reference": "libsharpyuv0-1.3.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsharpyuv0-1.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.x86_64"
},
"product_reference": "libsharpyuv0-1.3.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsharpyuv0-32bit-1.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.aarch64"
},
"product_reference": "libsharpyuv0-32bit-1.3.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsharpyuv0-32bit-1.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.ppc64le"
},
"product_reference": "libsharpyuv0-32bit-1.3.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsharpyuv0-32bit-1.3.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.s390x"
},
"product_reference": "libsharpyuv0-32bit-1.3.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsharpyuv0-32bit-1.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.x86_64"
},
"product_reference": "libsharpyuv0-32bit-1.3.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-1.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.aarch64"
},
"product_reference": "libwebp-devel-1.3.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-1.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.ppc64le"
},
"product_reference": "libwebp-devel-1.3.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-1.3.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.s390x"
},
"product_reference": "libwebp-devel-1.3.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-1.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.x86_64"
},
"product_reference": "libwebp-devel-1.3.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-32bit-1.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.aarch64"
},
"product_reference": "libwebp-devel-32bit-1.3.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-32bit-1.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.ppc64le"
},
"product_reference": "libwebp-devel-32bit-1.3.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-32bit-1.3.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.s390x"
},
"product_reference": "libwebp-devel-32bit-1.3.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-devel-32bit-1.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.x86_64"
},
"product_reference": "libwebp-devel-32bit-1.3.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-1.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.aarch64"
},
"product_reference": "libwebp-tools-1.3.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-1.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.ppc64le"
},
"product_reference": "libwebp-tools-1.3.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-1.3.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.s390x"
},
"product_reference": "libwebp-tools-1.3.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp-tools-1.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.x86_64"
},
"product_reference": "libwebp-tools-1.3.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp7-1.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp7-1.3.1-2.1.aarch64"
},
"product_reference": "libwebp7-1.3.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp7-1.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp7-1.3.1-2.1.ppc64le"
},
"product_reference": "libwebp7-1.3.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp7-1.3.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp7-1.3.1-2.1.s390x"
},
"product_reference": "libwebp7-1.3.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp7-1.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp7-1.3.1-2.1.x86_64"
},
"product_reference": "libwebp7-1.3.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp7-32bit-1.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.aarch64"
},
"product_reference": "libwebp7-32bit-1.3.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp7-32bit-1.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.ppc64le"
},
"product_reference": "libwebp7-32bit-1.3.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp7-32bit-1.3.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.s390x"
},
"product_reference": "libwebp7-32bit-1.3.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebp7-32bit-1.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.x86_64"
},
"product_reference": "libwebp7-32bit-1.3.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdecoder3-1.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.aarch64"
},
"product_reference": "libwebpdecoder3-1.3.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdecoder3-1.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.ppc64le"
},
"product_reference": "libwebpdecoder3-1.3.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdecoder3-1.3.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.s390x"
},
"product_reference": "libwebpdecoder3-1.3.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdecoder3-1.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.x86_64"
},
"product_reference": "libwebpdecoder3-1.3.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdecoder3-32bit-1.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.aarch64"
},
"product_reference": "libwebpdecoder3-32bit-1.3.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdecoder3-32bit-1.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.ppc64le"
},
"product_reference": "libwebpdecoder3-32bit-1.3.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdecoder3-32bit-1.3.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.s390x"
},
"product_reference": "libwebpdecoder3-32bit-1.3.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdecoder3-32bit-1.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.x86_64"
},
"product_reference": "libwebpdecoder3-32bit-1.3.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdemux2-1.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.aarch64"
},
"product_reference": "libwebpdemux2-1.3.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdemux2-1.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.ppc64le"
},
"product_reference": "libwebpdemux2-1.3.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdemux2-1.3.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.s390x"
},
"product_reference": "libwebpdemux2-1.3.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdemux2-1.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.x86_64"
},
"product_reference": "libwebpdemux2-1.3.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdemux2-32bit-1.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.aarch64"
},
"product_reference": "libwebpdemux2-32bit-1.3.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdemux2-32bit-1.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.ppc64le"
},
"product_reference": "libwebpdemux2-32bit-1.3.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdemux2-32bit-1.3.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.s390x"
},
"product_reference": "libwebpdemux2-32bit-1.3.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpdemux2-32bit-1.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.x86_64"
},
"product_reference": "libwebpdemux2-32bit-1.3.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpmux3-1.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.aarch64"
},
"product_reference": "libwebpmux3-1.3.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpmux3-1.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.ppc64le"
},
"product_reference": "libwebpmux3-1.3.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpmux3-1.3.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.s390x"
},
"product_reference": "libwebpmux3-1.3.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpmux3-1.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.x86_64"
},
"product_reference": "libwebpmux3-1.3.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpmux3-32bit-1.3.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.aarch64"
},
"product_reference": "libwebpmux3-32bit-1.3.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpmux3-32bit-1.3.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.ppc64le"
},
"product_reference": "libwebpmux3-32bit-1.3.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpmux3-32bit-1.3.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.s390x"
},
"product_reference": "libwebpmux3-32bit-1.3.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebpmux3-32bit-1.3.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.x86_64"
},
"product_reference": "libwebpmux3-32bit-1.3.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4863"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp7-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp7-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp7-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp7-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4863",
"url": "https://www.suse.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "SUSE Bug 1215231 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1215231"
},
{
"category": "external",
"summary": "SUSE Bug 1217115 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217115"
},
{
"category": "external",
"summary": "SUSE Bug 1217117 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp7-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp7-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp7-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp7-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libsharpyuv0-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libsharpyuv0-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp-devel-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp-devel-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp-tools-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp7-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp7-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp7-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp7-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebp7-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpdecoder3-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpdecoder3-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpdemux2-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpdemux2-32bit-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpmux3-1.3.1-2.1.x86_64",
"openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.aarch64",
"openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.ppc64le",
"openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.s390x",
"openSUSE Tumbleweed:libwebpmux3-32bit-1.3.1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4863"
}
]
}
OPENSUSE-SU-2024:13232-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ungoogled-chromium-116.0.5845.179-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ungoogled-chromium-116.0.5845.179-1.1 on GA media
Description of the patch: These are all security issues fixed in the ungoogled-chromium-116.0.5845.179-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13232
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
37 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ungoogled-chromium-116.0.5845.179-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ungoogled-chromium-116.0.5845.179-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13232",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13232-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4427 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4427/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4428 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4429 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4430 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4430/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4431 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4431/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4572 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4761 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4762 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4763 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4764 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4863/"
}
],
"title": "ungoogled-chromium-116.0.5845.179-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13232-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"product": {
"name": "ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"product_id": "ungoogled-chromium-116.0.5845.179-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"product": {
"name": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"product_id": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"product": {
"name": "ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"product_id": "ungoogled-chromium-116.0.5845.179-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"product": {
"name": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"product_id": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ungoogled-chromium-116.0.5845.179-1.1.s390x",
"product": {
"name": "ungoogled-chromium-116.0.5845.179-1.1.s390x",
"product_id": "ungoogled-chromium-116.0.5845.179-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"product": {
"name": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"product_id": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"product": {
"name": "ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"product_id": "ungoogled-chromium-116.0.5845.179-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64",
"product": {
"name": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64",
"product_id": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ungoogled-chromium-116.0.5845.179-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64"
},
"product_reference": "ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ungoogled-chromium-116.0.5845.179-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le"
},
"product_reference": "ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ungoogled-chromium-116.0.5845.179-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x"
},
"product_reference": "ungoogled-chromium-116.0.5845.179-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ungoogled-chromium-116.0.5845.179-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64"
},
"product_reference": "ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64"
},
"product_reference": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le"
},
"product_reference": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x"
},
"product_reference": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
},
"product_reference": "ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4427",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4427"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4427",
"url": "https://www.suse.com/security/cve/CVE-2023-4427"
},
{
"category": "external",
"summary": "SUSE Bug 1214487 for CVE-2023-4427",
"url": "https://bugzilla.suse.com/1214487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4427"
},
{
"cve": "CVE-2023-4428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4428"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4428",
"url": "https://www.suse.com/security/cve/CVE-2023-4428"
},
{
"category": "external",
"summary": "SUSE Bug 1214487 for CVE-2023-4428",
"url": "https://bugzilla.suse.com/1214487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4428"
},
{
"cve": "CVE-2023-4429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4429"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4429",
"url": "https://www.suse.com/security/cve/CVE-2023-4429"
},
{
"category": "external",
"summary": "SUSE Bug 1214487 for CVE-2023-4429",
"url": "https://bugzilla.suse.com/1214487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4429"
},
{
"cve": "CVE-2023-4430",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4430"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4430",
"url": "https://www.suse.com/security/cve/CVE-2023-4430"
},
{
"category": "external",
"summary": "SUSE Bug 1214487 for CVE-2023-4430",
"url": "https://bugzilla.suse.com/1214487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4430"
},
{
"cve": "CVE-2023-4431",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4431"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4431",
"url": "https://www.suse.com/security/cve/CVE-2023-4431"
},
{
"category": "external",
"summary": "SUSE Bug 1214487 for CVE-2023-4431",
"url": "https://bugzilla.suse.com/1214487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4431"
},
{
"cve": "CVE-2023-4572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4572"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4572",
"url": "https://www.suse.com/security/cve/CVE-2023-4572"
},
{
"category": "external",
"summary": "SUSE Bug 1214758 for CVE-2023-4572",
"url": "https://bugzilla.suse.com/1214758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4572"
},
{
"cve": "CVE-2023-4761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4761"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4761",
"url": "https://www.suse.com/security/cve/CVE-2023-4761"
},
{
"category": "external",
"summary": "SUSE Bug 1215023 for CVE-2023-4761",
"url": "https://bugzilla.suse.com/1215023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4761"
},
{
"cve": "CVE-2023-4762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4762"
}
],
"notes": [
{
"category": "general",
"text": "Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4762",
"url": "https://www.suse.com/security/cve/CVE-2023-4762"
},
{
"category": "external",
"summary": "SUSE Bug 1215023 for CVE-2023-4762",
"url": "https://bugzilla.suse.com/1215023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4762"
},
{
"cve": "CVE-2023-4763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4763"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4763",
"url": "https://www.suse.com/security/cve/CVE-2023-4763"
},
{
"category": "external",
"summary": "SUSE Bug 1215023 for CVE-2023-4763",
"url": "https://bugzilla.suse.com/1215023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4763"
},
{
"cve": "CVE-2023-4764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4764"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4764",
"url": "https://www.suse.com/security/cve/CVE-2023-4764"
},
{
"category": "external",
"summary": "SUSE Bug 1215023 for CVE-2023-4764",
"url": "https://bugzilla.suse.com/1215023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4764"
},
{
"cve": "CVE-2023-4863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4863"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4863",
"url": "https://www.suse.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "SUSE Bug 1215231 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1215231"
},
{
"category": "external",
"summary": "SUSE Bug 1217115 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217115"
},
{
"category": "external",
"summary": "SUSE Bug 1217117 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-116.0.5845.179-1.1.x86_64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.aarch64",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.ppc64le",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.s390x",
"openSUSE Tumbleweed:ungoogled-chromium-chromedriver-116.0.5845.179-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4863"
}
]
}
OPENSUSE-SU-2024:13255-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
seamonkey-2.53.17.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: seamonkey-2.53.17.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the seamonkey-2.53.17.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13255
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
7 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-4863/ | self |
| https://www.suse.com/security/cve/CVE-2023-4863 | external |
| https://bugzilla.suse.com/1215231 | external |
| https://bugzilla.suse.com/1217115 | external |
| https://bugzilla.suse.com/1217117 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "seamonkey-2.53.17.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the seamonkey-2.53.17.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13255",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13255-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4863/"
}
],
"title": "seamonkey-2.53.17.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13255-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.53.17.1-1.1.aarch64",
"product": {
"name": "seamonkey-2.53.17.1-1.1.aarch64",
"product_id": "seamonkey-2.53.17.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "seamonkey-dom-inspector-2.53.17.1-1.1.aarch64",
"product": {
"name": "seamonkey-dom-inspector-2.53.17.1-1.1.aarch64",
"product_id": "seamonkey-dom-inspector-2.53.17.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "seamonkey-irc-2.53.17.1-1.1.aarch64",
"product": {
"name": "seamonkey-irc-2.53.17.1-1.1.aarch64",
"product_id": "seamonkey-irc-2.53.17.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.53.17.1-1.1.ppc64le",
"product": {
"name": "seamonkey-2.53.17.1-1.1.ppc64le",
"product_id": "seamonkey-2.53.17.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "seamonkey-dom-inspector-2.53.17.1-1.1.ppc64le",
"product": {
"name": "seamonkey-dom-inspector-2.53.17.1-1.1.ppc64le",
"product_id": "seamonkey-dom-inspector-2.53.17.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "seamonkey-irc-2.53.17.1-1.1.ppc64le",
"product": {
"name": "seamonkey-irc-2.53.17.1-1.1.ppc64le",
"product_id": "seamonkey-irc-2.53.17.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.53.17.1-1.1.s390x",
"product": {
"name": "seamonkey-2.53.17.1-1.1.s390x",
"product_id": "seamonkey-2.53.17.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "seamonkey-dom-inspector-2.53.17.1-1.1.s390x",
"product": {
"name": "seamonkey-dom-inspector-2.53.17.1-1.1.s390x",
"product_id": "seamonkey-dom-inspector-2.53.17.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "seamonkey-irc-2.53.17.1-1.1.s390x",
"product": {
"name": "seamonkey-irc-2.53.17.1-1.1.s390x",
"product_id": "seamonkey-irc-2.53.17.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.53.17.1-1.1.x86_64",
"product": {
"name": "seamonkey-2.53.17.1-1.1.x86_64",
"product_id": "seamonkey-2.53.17.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "seamonkey-dom-inspector-2.53.17.1-1.1.x86_64",
"product": {
"name": "seamonkey-dom-inspector-2.53.17.1-1.1.x86_64",
"product_id": "seamonkey-dom-inspector-2.53.17.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "seamonkey-irc-2.53.17.1-1.1.x86_64",
"product": {
"name": "seamonkey-irc-2.53.17.1-1.1.x86_64",
"product_id": "seamonkey-irc-2.53.17.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.53.17.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.aarch64"
},
"product_reference": "seamonkey-2.53.17.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.53.17.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.ppc64le"
},
"product_reference": "seamonkey-2.53.17.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.53.17.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.s390x"
},
"product_reference": "seamonkey-2.53.17.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.53.17.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.x86_64"
},
"product_reference": "seamonkey-2.53.17.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-dom-inspector-2.53.17.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.aarch64"
},
"product_reference": "seamonkey-dom-inspector-2.53.17.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-dom-inspector-2.53.17.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.ppc64le"
},
"product_reference": "seamonkey-dom-inspector-2.53.17.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-dom-inspector-2.53.17.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.s390x"
},
"product_reference": "seamonkey-dom-inspector-2.53.17.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-dom-inspector-2.53.17.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.x86_64"
},
"product_reference": "seamonkey-dom-inspector-2.53.17.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-irc-2.53.17.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.aarch64"
},
"product_reference": "seamonkey-irc-2.53.17.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-irc-2.53.17.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.ppc64le"
},
"product_reference": "seamonkey-irc-2.53.17.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-irc-2.53.17.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.s390x"
},
"product_reference": "seamonkey-irc-2.53.17.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-irc-2.53.17.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.x86_64"
},
"product_reference": "seamonkey-irc-2.53.17.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4863"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4863",
"url": "https://www.suse.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "SUSE Bug 1215231 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1215231"
},
{
"category": "external",
"summary": "SUSE Bug 1217115 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217115"
},
{
"category": "external",
"summary": "SUSE Bug 1217117 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.17.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.17.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.17.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4863"
}
]
}
OPENSUSE-SU-2024:13265-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
element-desktop-1.11.43-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: element-desktop-1.11.43-1.1 on GA media
Description of the patch: These are all security issues fixed in the element-desktop-1.11.43-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13265
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:element-desktop-1.11.43-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:element-desktop-1.11.43-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:element-desktop-1.11.43-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:element-desktop-1.11.43-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
7 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-4863/ | self |
| https://www.suse.com/security/cve/CVE-2023-4863 | external |
| https://bugzilla.suse.com/1215231 | external |
| https://bugzilla.suse.com/1217115 | external |
| https://bugzilla.suse.com/1217117 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "element-desktop-1.11.43-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the element-desktop-1.11.43-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13265",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13265-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4863/"
}
],
"title": "element-desktop-1.11.43-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13265-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "element-desktop-1.11.43-1.1.aarch64",
"product": {
"name": "element-desktop-1.11.43-1.1.aarch64",
"product_id": "element-desktop-1.11.43-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "element-desktop-1.11.43-1.1.ppc64le",
"product": {
"name": "element-desktop-1.11.43-1.1.ppc64le",
"product_id": "element-desktop-1.11.43-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "element-desktop-1.11.43-1.1.s390x",
"product": {
"name": "element-desktop-1.11.43-1.1.s390x",
"product_id": "element-desktop-1.11.43-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "element-desktop-1.11.43-1.1.x86_64",
"product": {
"name": "element-desktop-1.11.43-1.1.x86_64",
"product_id": "element-desktop-1.11.43-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "element-desktop-1.11.43-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:element-desktop-1.11.43-1.1.aarch64"
},
"product_reference": "element-desktop-1.11.43-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "element-desktop-1.11.43-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:element-desktop-1.11.43-1.1.ppc64le"
},
"product_reference": "element-desktop-1.11.43-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "element-desktop-1.11.43-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:element-desktop-1.11.43-1.1.s390x"
},
"product_reference": "element-desktop-1.11.43-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "element-desktop-1.11.43-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:element-desktop-1.11.43-1.1.x86_64"
},
"product_reference": "element-desktop-1.11.43-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4863"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:element-desktop-1.11.43-1.1.aarch64",
"openSUSE Tumbleweed:element-desktop-1.11.43-1.1.ppc64le",
"openSUSE Tumbleweed:element-desktop-1.11.43-1.1.s390x",
"openSUSE Tumbleweed:element-desktop-1.11.43-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4863",
"url": "https://www.suse.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "SUSE Bug 1215231 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1215231"
},
{
"category": "external",
"summary": "SUSE Bug 1217115 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217115"
},
{
"category": "external",
"summary": "SUSE Bug 1217117 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:element-desktop-1.11.43-1.1.aarch64",
"openSUSE Tumbleweed:element-desktop-1.11.43-1.1.ppc64le",
"openSUSE Tumbleweed:element-desktop-1.11.43-1.1.s390x",
"openSUSE Tumbleweed:element-desktop-1.11.43-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:element-desktop-1.11.43-1.1.aarch64",
"openSUSE Tumbleweed:element-desktop-1.11.43-1.1.ppc64le",
"openSUSE Tumbleweed:element-desktop-1.11.43-1.1.s390x",
"openSUSE Tumbleweed:element-desktop-1.11.43-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4863"
}
]
}
OPENSUSE-SU-2024:13266-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libmozjs-102-0-102.15.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: libmozjs-102-0-102.15.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the libmozjs-102-0-102.15.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13266
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.15.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.15.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.15.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.15.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
7 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-4863/ | self |
| https://www.suse.com/security/cve/CVE-2023-4863 | external |
| https://bugzilla.suse.com/1215231 | external |
| https://bugzilla.suse.com/1217115 | external |
| https://bugzilla.suse.com/1217117 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libmozjs-102-0-102.15.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libmozjs-102-0-102.15.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13266",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13266-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4863/"
}
],
"title": "libmozjs-102-0-102.15.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13266-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-102-0-102.15.1-1.1.aarch64",
"product": {
"name": "libmozjs-102-0-102.15.1-1.1.aarch64",
"product_id": "libmozjs-102-0-102.15.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "mozjs102-102.15.1-1.1.aarch64",
"product": {
"name": "mozjs102-102.15.1-1.1.aarch64",
"product_id": "mozjs102-102.15.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "mozjs102-devel-102.15.1-1.1.aarch64",
"product": {
"name": "mozjs102-devel-102.15.1-1.1.aarch64",
"product_id": "mozjs102-devel-102.15.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-102-0-102.15.1-1.1.ppc64le",
"product": {
"name": "libmozjs-102-0-102.15.1-1.1.ppc64le",
"product_id": "libmozjs-102-0-102.15.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mozjs102-102.15.1-1.1.ppc64le",
"product": {
"name": "mozjs102-102.15.1-1.1.ppc64le",
"product_id": "mozjs102-102.15.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mozjs102-devel-102.15.1-1.1.ppc64le",
"product": {
"name": "mozjs102-devel-102.15.1-1.1.ppc64le",
"product_id": "mozjs102-devel-102.15.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-102-0-102.15.1-1.1.s390x",
"product": {
"name": "libmozjs-102-0-102.15.1-1.1.s390x",
"product_id": "libmozjs-102-0-102.15.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "mozjs102-102.15.1-1.1.s390x",
"product": {
"name": "mozjs102-102.15.1-1.1.s390x",
"product_id": "mozjs102-102.15.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "mozjs102-devel-102.15.1-1.1.s390x",
"product": {
"name": "mozjs102-devel-102.15.1-1.1.s390x",
"product_id": "mozjs102-devel-102.15.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-102-0-102.15.1-1.1.x86_64",
"product": {
"name": "libmozjs-102-0-102.15.1-1.1.x86_64",
"product_id": "libmozjs-102-0-102.15.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozjs102-102.15.1-1.1.x86_64",
"product": {
"name": "mozjs102-102.15.1-1.1.x86_64",
"product_id": "mozjs102-102.15.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozjs102-devel-102.15.1-1.1.x86_64",
"product": {
"name": "mozjs102-devel-102.15.1-1.1.x86_64",
"product_id": "mozjs102-devel-102.15.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-102-0-102.15.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.aarch64"
},
"product_reference": "libmozjs-102-0-102.15.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-102-0-102.15.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.ppc64le"
},
"product_reference": "libmozjs-102-0-102.15.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-102-0-102.15.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.s390x"
},
"product_reference": "libmozjs-102-0-102.15.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-102-0-102.15.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.x86_64"
},
"product_reference": "libmozjs-102-0-102.15.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-102.15.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-102.15.1-1.1.aarch64"
},
"product_reference": "mozjs102-102.15.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-102.15.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-102.15.1-1.1.ppc64le"
},
"product_reference": "mozjs102-102.15.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-102.15.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-102.15.1-1.1.s390x"
},
"product_reference": "mozjs102-102.15.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-102.15.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-102.15.1-1.1.x86_64"
},
"product_reference": "mozjs102-102.15.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-devel-102.15.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.aarch64"
},
"product_reference": "mozjs102-devel-102.15.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-devel-102.15.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.ppc64le"
},
"product_reference": "mozjs102-devel-102.15.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-devel-102.15.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.s390x"
},
"product_reference": "mozjs102-devel-102.15.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-devel-102.15.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.x86_64"
},
"product_reference": "mozjs102-devel-102.15.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4863"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.15.1-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.15.1-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.15.1-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.15.1-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4863",
"url": "https://www.suse.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "SUSE Bug 1215231 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1215231"
},
{
"category": "external",
"summary": "SUSE Bug 1217115 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217115"
},
{
"category": "external",
"summary": "SUSE Bug 1217117 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.15.1-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.15.1-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.15.1-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.15.1-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.15.1-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.15.1-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.15.1-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.15.1-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.15.1-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.15.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4863"
}
]
}
OPENSUSE-SU-2024:13270-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
matrix-synapse-1.93.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: matrix-synapse-1.93.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the matrix-synapse-1.93.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13270
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "matrix-synapse-1.93.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the matrix-synapse-1.93.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13270",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13270-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-41335 page",
"url": "https://www.suse.com/security/cve/CVE-2023-41335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42453 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42453/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4863/"
}
],
"title": "matrix-synapse-1.93.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13270-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "matrix-synapse-1.93.0-1.1.aarch64",
"product": {
"name": "matrix-synapse-1.93.0-1.1.aarch64",
"product_id": "matrix-synapse-1.93.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "matrix-synapse-1.93.0-1.1.ppc64le",
"product": {
"name": "matrix-synapse-1.93.0-1.1.ppc64le",
"product_id": "matrix-synapse-1.93.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "matrix-synapse-1.93.0-1.1.s390x",
"product": {
"name": "matrix-synapse-1.93.0-1.1.s390x",
"product_id": "matrix-synapse-1.93.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "matrix-synapse-1.93.0-1.1.x86_64",
"product": {
"name": "matrix-synapse-1.93.0-1.1.x86_64",
"product_id": "matrix-synapse-1.93.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "matrix-synapse-1.93.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.aarch64"
},
"product_reference": "matrix-synapse-1.93.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "matrix-synapse-1.93.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.ppc64le"
},
"product_reference": "matrix-synapse-1.93.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "matrix-synapse-1.93.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.s390x"
},
"product_reference": "matrix-synapse-1.93.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "matrix-synapse-1.93.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.x86_64"
},
"product_reference": "matrix-synapse-1.93.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-41335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-41335"
}
],
"notes": [
{
"category": "general",
"text": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn\u0027t grant the server any added capabilities-it already learns the users\u0027 passwords as part of the authentication process-it does disrupt the expectation that passwords won\u0027t be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.aarch64",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.ppc64le",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.s390x",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-41335",
"url": "https://www.suse.com/security/cve/CVE-2023-41335"
},
{
"category": "external",
"summary": "SUSE Bug 1215757 for CVE-2023-41335",
"url": "https://bugzilla.suse.com/1215757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.aarch64",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.ppc64le",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.s390x",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.aarch64",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.ppc64le",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.s390x",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-41335"
},
{
"cve": "CVE-2023-42453",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42453"
}
],
"notes": [
{
"category": "general",
"text": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.aarch64",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.ppc64le",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.s390x",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42453",
"url": "https://www.suse.com/security/cve/CVE-2023-42453"
},
{
"category": "external",
"summary": "SUSE Bug 1215757 for CVE-2023-42453",
"url": "https://bugzilla.suse.com/1215757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.aarch64",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.ppc64le",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.s390x",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.aarch64",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.ppc64le",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.s390x",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-42453"
},
{
"cve": "CVE-2023-4863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4863"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.aarch64",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.ppc64le",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.s390x",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4863",
"url": "https://www.suse.com/security/cve/CVE-2023-4863"
},
{
"category": "external",
"summary": "SUSE Bug 1215231 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1215231"
},
{
"category": "external",
"summary": "SUSE Bug 1217115 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217115"
},
{
"category": "external",
"summary": "SUSE Bug 1217117 for CVE-2023-4863",
"url": "https://bugzilla.suse.com/1217117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.aarch64",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.ppc64le",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.s390x",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.aarch64",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.ppc64le",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.s390x",
"openSUSE Tumbleweed:matrix-synapse-1.93.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4863"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…