CVE-2023-5217
Description
Important: firefox security update
CISA KEV
- Vendor
- Product
- Chromium libvpx
- Due date
- 2023-10-23
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5434.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5539.html
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5537.html
Vendor advisory: alma — https://bugzilla.redhat.com/2241806
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5537
Vendor advisory: cisa-kev — https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html; https://nvd.nist.gov/vuln/detail/CVE-2023-5217
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5435
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2023-5217.html
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5428
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2023-5217
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5435.html
Vendor advisory: alma — https://bugzilla.redhat.com/2241191
Vendor advisory: alma — https://bugzilla.redhat.com/2240896
Vendor advisory: alma — https://bugzilla.redhat.com/2240894
Vendor advisory: alma — https://bugzilla.redhat.com/2240893
Vendor advisory: alma — https://bugzilla.redhat.com/2222652
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5539
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5435
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5434
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5537
Exploits
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rocky | 8 | fixed | |
| rhel | 9 | fixed | |
| almalinux | 9 | fixed | thunderbird-115.3.1-1.el9_2.alma.x86_64.rpm |
| debian | bookworm | fixed | 117.0.5938.132-1~deb12u1 |
| debian | bullseye | fixed | 117.0.5938.132-1~deb11u1 |
| debian | forky | fixed | 117.0.5938.132-1 |
| debian | sid | fixed | 117.0.5938.132-1 |
| debian | trixie | fixed | 117.0.5938.132-1 |
| sles | affected | | |
| rocky | 9 | fixed | |
References
- https://errata.rockylinux.org/RLSA-2023:5537
- https://access.redhat.com/errata/RHSA-2023:5434
- https://access.redhat.com/errata/RHSA-2023:5435
- https://access.redhat.com/errata/RHSA-2023:5539
- https://bugzilla.redhat.com/2222652
- https://bugzilla.redhat.com/2240893
- https://bugzilla.redhat.com/2240894
- https://bugzilla.redhat.com/2240896
- https://bugzilla.redhat.com/2241191
- https://errata.almalinux.org/9/ALSA-2023-5435.html
- https://security-tracker.debian.org/tracker/CVE-2023-5217
- https://errata.rockylinux.org/RLSA-2023:5428
- https://www.suse.com/security/cve/CVE-2023-5217.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-5217
- https://github.com/electron/electron/pull/40022
- https://github.com/electron/electron/pull/40023
- https://github.com/electron/electron/pull/40024
- https://github.com/electron/electron/pull/40025
- https://github.com/electron/electron/pull/40026
- https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282
- https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
Verify integrity in audit chain (admin only). AS-IS.