From 45e84afcba4852a61035889b1d1926f0940a74e1 Mon Sep 17 00:00:00 2001 From: Brandon Morelli Date: Tue, 10 Oct 2023 05:32:33 -0700 Subject: [PATCH 1/2] Update CHANGELOG.asciidoc --- docs/CHANGELOG.asciidoc | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc index 44cf22a836f86..6cae46e0b90a2 100644 --- a/docs/CHANGELOG.asciidoc +++ b/docs/CHANGELOG.asciidoc @@ -89,8 +89,6 @@ Review important information about the {kib} 7.17.x releases. Review the following information about the {kib} 7.17.14 release. -coming::[7.17.14] - [float] [[security-update-7.17.14]] === Security update From edd4033fe4451f3ff33426193c847789d59a982c Mon Sep 17 00:00:00 2001 From: Brandon Morelli Date: Tue, 10 Oct 2023 06:04:00 -0700 Subject: [PATCH 2/2] Update CHANGELOG.asciidoc --- docs/CHANGELOG.asciidoc | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc index 6cae46e0b90a2..00b8bd7797abd 100644 --- a/docs/CHANGELOG.asciidoc +++ b/docs/CHANGELOG.asciidoc @@ -93,7 +93,15 @@ Review the following information about the {kib} 7.17.14 release. [[security-update-7.17.14]] === Security update -This version of {kib} contains security fixes. +* **Kibana heap buffer overflow vulnerability** ++ +On Sept 11, 2023, Google Chrome announced CVE-2023-4863, described as “Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page”. Kibana includes a bundled version of headless Chromium that is only used for Kibana’s reporting capabilities and which is affected by this vulnerability. An exploit for Kibana has not been identified, however as a resolution, the bundled version of Chromium is updated in this release. ++ +The issue is resolved in 7.17.14. ++ +For more information, see our related +https://discuss.elastic.co/t/kibana-8-10-3-7-17-14-security-update/344735[security +announcement]. [[release-notes-7.17.13]] == {kib} 7.17.13