github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add security update to 8.10.3 (#168468)

Browse source
This commit is contained in:
Brandon Morelli 2023-10-10 06:31:40 -07:00 committed by GitHub
parent 05791d4bd1
commit 348563b52f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

14
docs/CHANGELOG.asciidoc
View file

@ -54,7 +54,19 @@ Review important information about the {kib} 8.x releases.
[[release-notes-8.10.3]]
== {kib} 8.10.3
The 8.10.3 release includes the following bug fixes.
[float]
[[security-update-8.10.3]]
=== Security updates
* **Kibana heap buffer overflow vulnerability**
+
On Sept 11, 2023, Google Chrome announced CVE-2023-4863, described as “Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page”. Kibana includes a bundled version of headless Chromium that is only used for Kibanas reporting capabilities and which is affected by this vulnerability. An exploit for Kibana has not been identified, however as a resolution, the bundled version of Chromium is updated in this release.
+
The issue is resolved in 8.10.3.
+
For more information, see our related
https://discuss.elastic.co/t/kibana-8-10-3-7-17-14-security-update/344735[security
announcement].
[float]
[[enhancement-v8.10.3]]