Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only
Back to discussions
Expand all | Collapse all

Please help investigate the vulnerability CVE-2023-4863(LibWeb) may be affected to AIX OS Systems if customer use installed Firefox browser from AIX tool box.

  • 1.  Please help investigate the vulnerability CVE-2023-4863(LibWeb) may be affected to AIX OS Systems if customer use installed Firefox browser from AIX tool box.

    Posted Tue October 24, 2023 02:51 AM
    Edited by System Admin Thu October 26, 2023 02:55 PM
    Problem Description:
    Customer by Security team has reported this vulnerability - LibWebP(CVE-2023-4863) and needs IBM AIX support team to investigate about LibWeb for Firefox browser by create ticket (Salesforce case) to support issue.
     
    IBM local support action taken.
    1. By searching in IBM support system was found the case with "Resolution Description".
        The CVE-2023-4863 was affected to Chrome and AIX is not affected.
    2. By search on url "IBM Product Security Central" in url: https://www.ibm.com/support/pages/bulletin/ for CVE-2023-4863.
        In this page reported the "Affected Products and Versions" was affected to "IBM App Connect Enterprise 12.0.1.0 - 12.0.9.0" only.
    In addition, for AIX support about to this CVE number are suggest to get support via Community channel instead of Salesforce support process.
    IBMBP(KYNDRYL) and customer would like to get help from IBM support via community channel with the following detail.
     
    1. If customer installed and use the Firefox from AIX tools box is affected or not?
     2. Is there a way to verify in AIX level, if customer was installed Firefox from AIX tools box to make sure about "WebP" or "LibWebP" are not affected to AIX OS?
    Regards,
    Charin Kumjudpai.



    ------------------------------
    CHARIN KUMJUDPAI
    ------------------------------


    #AIXOpenSource


  • 2.  RE: Please help investigate the vulnerability CVE-2023-4863(LibWeb) may be affected to AIX OS Systems if customer use installed Firefox browser from AIX tool box.

    Posted Wed October 25, 2023 12:18 PM

    Hi Charin - I am going to ask our Admin to move your question to the AIX Open Source group so the AIX experts have a chance to see your question and help you out.

    FYI here's a link to the group for future reference: https://community.ibm.com/community/user/power/communities/community-home?CommunityKey=10c1d831-47ee-4d92-a138-b03f7896f7c9



    ------------------------------
    Linda Alkire
    IBM
    Minneapolis MN
    ------------------------------

    Original Message


Related Content