Skip to main content

Trellix IPS Emergency UDS Release Bulletin - UDS-HTTP: Google Chrome WebP BuildHuffmanTable Heap Buffer Overflow Vulnerability (CVE-2023-4863)

Updated

Environment

Trellix Intrusion Prevention System (Trellix IPS)
 

Summary

NOTE: This article is viewable only by registered ServicePortal users.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

 
User-Defined Signatures (UDSs) are provided as an immediate solution to a security advisory. We write and test these signatures with the objective of a quick turnaround.
A UDS is intended to cover the known aspects of a threat and might not cover all variants. Sometimes, UDS releases might generate incorrect identification.
 
To download a UDS, perform the steps below:
  1. Click the link to the Knowledge Base article for the UDS that you need to download.

    NOTE: UDS articles are registered articles and require you to log on to the ServicePortal.
     
    UDSs
    Release Date Threat Article
    Oct 24, 2023 UDS-HTTP: Citrix NetScaler ADC And NetScaler Gateway Information Disclosure Vulnerability KB96844
    October 16, 2023 UDS for Cisco IOS XE CVE-2023-20198 & CVE-2021-1435
    • UDS-HTTP: Cisco IOS XE Web UI Privilege Escalation Vulnerability (CVE-2023-20198)
    • UDS-HTTP: Cisco IOS XE Command Injection Vulnerability (CVE-2021-1435)
    		 KB96834
    October 12, 2023 UDS for Multiple Vulnerabilities:
    • UDS-HTTP: Google Chrome VP8 Libvpx Heap Buffer Overflow Vulnerability (CVE-2023-5217)
    • UDS-HTTP: cURL SOCKS5 Proxy Handshake Handling Heap Buffer Overflow Vulnerability
    • UDS-HTTP: Atlassian Confluence Broken Access Control Vulnerability (CVE-2023-22515)
    		 KB96822
    October 4, 2023 UDS-HTTP: WS_FTP Server Insecure Deserialization Vulnerability (CVE-2023-40044) KB96809
    October 3, 2023 UDS-HTTP: Google Chrome WebP BuildHuffmanTable Heap Buffer Overflow Vulnerability (CVE-2023-4863) KB96800
     
  2. Download the .zip file attached to the article, which contains the UDS.

    NOTE: The .zip file is named using the format .
    For example  was released on November 4, 2020.
     
  3. Extract the downloaded .zip file.
    The .zip file extracts into .
To import the UDS to the Manager, perform the steps below:
  1. Log on to the Manager.
  2. Click PolicyIntrusion PreventionPolicy Types.
    • For Manager 9.x, click IPS Policies.
    • For Manager 10.x and later, including 11.x, click IPS.
       
  3. Click the Custom Attacks link at the bottom of the left pane.
  4. Click Other Actions, and then Import.
  5. Click Browse and select thefile.
     
  6. Deselect the following:
    • Import Snort Rules
    • Import Snort Macros
    • Import Snort Classifications
       
  7. Click Import.
  8. Verify that the number of UDSs that are successfully imported isn't zero (1 or greater).

Push the UDS from the Manager to the Sensors:
The imported UDS isn't pushed to the Sensor until you perform an update. You can roll out the update using either of the following methods:
 
To apply the UDS to each Sensor one by one:
  1. Open the Manager.
  2. Navigate to Devices.
  3. From the left navigation pane, select the Devices tab.
  4. From the drop-down list, select the Sensor that you want to push the update to.
  5. Click Deploy Pending Changes. The option must already be selected.
  6. To start updating the Sensor, click Update/Deploy.
To apply the UDS to all Sensors:
  1. Open the Manager.
  2. Navigate to Devices.
  3. From the left navigation pane, select the Global tab.
  4. Click Deploy Pending Changes. Each Sensor requiring an update must be selected.
  5. To start updating the Sensors, click Update/Deploy.
 

Related Information

References to product versions that have reached End of Life have been removed from this article. We strongly recommend that you upgrade to a supported version.

For End of Life (EOL) information, see Product End of Life Information.
For EOL policy details, see the Corporate Products EOL policy.

Definitions:
  • EOL period—The time frame that runs from the day we announce product discontinuation, until the last date that we formally support the product. In general, after the EOL period is announced, no enhancements are made.
  • EOL date—The last day that the product is supported, according to the terms of our standard support offering.
Powered by Zendesk