CVE-2023-4863 Security Vulnerability: CloudLinux Takes Action – Mitigation for CloudLinux OS Servers

ByLinux Admin October 6, 2023

A newly discovered critical WebP 0-day security vulnerability, identified as CVE-2023-4863, CloudLinux OS team We are actively addressing and mitigating the security issue within our software.

To summarize the impact on different CloudLinux versions:

CloudLinux 7: No vulnerability found.
CloudLinux 8: Fixed version is libwebp-1.0.0-8.el8_8.1, please update your OS to this version.
CloudLinux 9: Fixed version is libwebp-1.2.0-7.el9_2, please update your OS to this version.

Details on Vulnerability:

Critical vulnerabilities associated with improperly crafted WebP images and with the potential to exploit not only the Chrome browser but also the webmproject/libwebp library from Google, have recently been identified at The University of Toronto’s Munk School.

The impact of the WebP library libwebp vulnerability goes beyond web browsers and Chrome-powered applications, such as 1Password for macOS. This is of particular concern because the libwebp library is widely used across various operating systems and popular application frameworks for rendering .webp images, including the widely-used Electron framework. Consequently, the libwebp vulnerability extends to commonly used software, including Pillow, ffmpeg, and Gimp.

To exploit this vulnerability, an attacker can utilize a maliciously crafted .webp lossless file, which triggers an overflow in the vulnerable library. This could potentially lead to crashing the application or executing arbitrary code remotely, especially in web browsers that are compiled with this library.

To address the WebP 0day (libwebp) vulnerability, follow these steps:

Update the library to the following versions from the AlmaLinux repo:

- CentOS 8: libwebp-1.0.0-8.el8_8.1
- CentOS 9: libwebp-1.2.0-7.el9_2
- CentOS 7: Not affected

These updates are already available in the repositories, and they can be obtained either automatically or manually.
CloudLinux servers with AlmaLinux repositories activated will receive these updates automatically, or they can be manually applied if necessary.

For manual update, run:

yum update libwebp –enablerepo=appstream

It is crucial to promptly address this vulnerability by updating the libwebp library to ensure the security and stability of your system.

SEO: Benefits Costs and Feasability

Search Engine Optimization (SEO) is a crucial strategy for enhancing a website‘s visibility in organic search results, driving traffic, and improving online presence. By optimizing content and keywords, businesses can attract targeted audiences, improve brand credibility, and enhance user experience. SEO offers long-term benefits by continuously drawing organic traffic without the need for ongoing ad… […]

Easy WordPress Speed Optimization – 10 Simple Tips

Optimizing the speed of a WordPress website is essential for ensuring a superior user experience and achieving higher rankings in search engine results. Slow websites not only deter visitors but also impact your site’s SEO negatively. Fortunately, there are various strategies you can employ to enhance your website‘s performance. This comprehensive guide outlines ten simple… […]

CVE-2023-4863 Security Vulnerability: CloudLinux Takes Action – Mitigation for CloudLinux OS Servers

Details on Vulnerability:

To address the WebP 0day (libwebp) vulnerability, follow these steps:

Linux Mint 17.3 “Rosa” MATE released!

How To Install MongoDB On CentOS 8 / RHEL 8

How to Save cURL Output to a File?

Linux Mint 17.2 codenamed ‘Rafaela’

Evaluating CentOS Alternatives: What to Look for in Your …

BEST Web Hosting

TECHNOBABBLE

How to build a website with WordPress and what are the best plugins to use

Drupal Hosting

© Copyright

Details on Vulnerability:

To address the WebP 0day (libwebp) vulnerability, follow these steps:

Related Posts

© Copyright