CVE-2023-4863 Security Vulnerability: CloudLinux Takes Action – Mitigation for CloudLinux OS Servers

CL_CVE-2023-4863 Security Vulnerability_V1 copy

A newly discovered critical WebP 0-day security vulnerability, identified as CVE-2023-4863, CloudLinux OS team We are actively addressing and mitigating the security issue within our software. 

To summarize the impact on different CloudLinux versions:

  • CloudLinux 7: No vulnerability found.
  • CloudLinux 8: Fixed version is libwebp-1.0.0-8.el8_8.1, please update your OS to this version.
  • CloudLinux 9: Fixed version is libwebp-1.2.0-7.el9_2, please update your OS to this version.

Details on Vulnerability: 

Critical vulnerabilities associated with improperly crafted WebP images and with the potential to exploit not only the Chrome browser but also the webmproject/libwebp library from Google, have recently been identified at The University of Toronto’s Munk School.

The impact of the WebP library libwebp vulnerability goes beyond web browsers and Chrome-powered applications, such as 1Password for macOS. This is of particular concern because the libwebp library is widely used across various operating systems and popular application frameworks for rendering .webp images, including the widely-used Electron framework. Consequently, the libwebp vulnerability extends to commonly used software, including Pillow, ffmpeg, and Gimp.

To exploit this vulnerability, an attacker can utilize a maliciously crafted .webp lossless file, which triggers an overflow in the vulnerable library. This could potentially lead to crashing the application or executing arbitrary code remotely, especially in web browsers that are compiled with this library.

To address the WebP 0day (libwebp) vulnerability, follow these steps:

Update the library to the following versions from the AlmaLinux repo:

    • CentOS 8: libwebp-1.0.0-8.el8_8.1
    • CentOS 9: libwebp-1.2.0-7.el9_2
    • CentOS 7: Not affected

These updates are already available in the repositories, and they can be obtained either automatically or manually.
CloudLinux servers with AlmaLinux repositories activated will receive these updates automatically, or they can be manually applied if necessary.

For manual update, run:

yum update libwebp –enablerepo=appstream

It is crucial to promptly address this vulnerability by updating the libwebp library to ensure the security and stability of your system.