[GTALUG] New and more comprehensive CVE for libwebp
D. Hugh Redelmeier
hugh at mimosa.com
Wed Sep 27 23:45:02 EDT 2023
| Date: Sat, 23 Sep 2023 00:18:03 -0400 (EDT)
| Subject: [GTALUG] why I like shared libraries -- no longer a popular position
I posted earlier about two CVEs for one bug -- one for Safari and one for
Chrome. I noted that the bug was in a library and, with static
linking, in a lot of other programs.
Well, a new, more comprehensive CVE has been released, two weeks late.
<https://arstechnica.com/security/2023/09/google-quietly-corrects-previously-submitted-disclosure-for-critical-webp-0-day/>
Since it is a "0-day" (i.e. already exploited in the real world), it is
urgent that you update. Again. But we don't know when new versions of
each affected program will be released.
More information about the talk
mailing list