Topic: CVE-2023-4863 in libwebp7.x86_64-1.0.3-1.el7.remi

Hi All,

The version of libwebp installed with php8.0-gd (And possibly other versions) from remi-safe seems to be vulnerable for CVE-2023-4863(https://nvd.nist.gov/vuln/detail/CVE-2023-4863).

The affected version installed on our CentOs7 server is: libwebp7.x86_64-1.0.3-1.el7.remi

Are there any plans to patch libwebp?
If not, are there any other recommendations to mitigate this issue?

Thanks!

Re: CVE-2023-4863 in libwebp7.x86_64-1.0.3-1.el7.remi

Fixed in libwebp7-1.0.3-2.el7.remi.x86_64

Please notice that EL-7 is close to its EOL in 9 months
I heartily recommend to upgrade ASAP to a more recent version
especially if you want modern features (such as PHP 8.x)

Laptop:  Fedora 40 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: AlmaLinux 8 with EPEL, rpmfusion, remi

Re: CVE-2023-4863 in libwebp7.x86_64-1.0.3-1.el7.remi

Awesome! Thanks for the quick response.

We are indeed moving away from CentOs7 and PHP<8.0.