github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.11] Add security update to 8.10.3 (#168468) (#168476)

Browse source 
# Backport

This will backport the following commits from `main` to `8.11`:
- [Add security update to 8.10.3
(#168468)](https://github.com/elastic/kibana/pull/168468)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Brandon
Morelli","email":"brandon.morelli@elastic.co"},"sourceCommit":{"committedDate":"2023-10-10T13:31:40Z","message":"Add
security update to 8.10.3
(#168468)","sha":"348563b52f8ed037f02db0860594c179ec938659","branchLabelMapping":{"^v8.12.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Docs","release_note:skip","v8.11.0","v8.10.3","v8.12.0"],"number":168468,"url":"https://github.com/elastic/kibana/pull/168468","mergeCommit":{"message":"Add
security update to 8.10.3
(#168468)","sha":"348563b52f8ed037f02db0860594c179ec938659"}},"sourceBranch":"main","suggestedTargetBranches":["8.11","8.10"],"targetPullRequestStates":[{"branch":"8.11","label":"v8.11.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.10","label":"v8.10.3","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.12.0","labelRegex":"^v8.12.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/168468","number":168468,"mergeCommit":{"message":"Add
security update to 8.10.3
(#168468)","sha":"348563b52f8ed037f02db0860594c179ec938659"}}]}]
BACKPORT-->

Co-authored-by: Brandon Morelli <brandon.morelli@elastic.co>
This commit is contained in:
Kibana Machine 2023-10-10 09:55:46 -04:00 committed by GitHub
parent ef15dcb9ca
commit 3032bd9b0f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

14
docs/CHANGELOG.asciidoc
View file

@ -54,7 +54,19 @@ Review important information about the {kib} 8.x releases.
[[release-notes-8.10.3]]
== {kib} 8.10.3
The 8.10.3 release includes the following bug fixes.
[float]
[[security-update-8.10.3]]
=== Security updates
* **Kibana heap buffer overflow vulnerability**
+
On Sept 11, 2023, Google Chrome announced CVE-2023-4863, described as “Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page”. Kibana includes a bundled version of headless Chromium that is only used for Kibanas reporting capabilities and which is affected by this vulnerability. An exploit for Kibana has not been identified, however as a resolution, the bundled version of Chromium is updated in this release.
+
The issue is resolved in 8.10.3.
+
For more information, see our related
https://discuss.elastic.co/t/kibana-8-10-3-7-17-14-security-update/344735[security
announcement].
[float]
[[enhancement-v8.10.3]]