Headline
Ubuntu Security Notice USN-5637-1
Ubuntu Security Notice 5637-1 - It was discovered that libvpx incorrectly handled certain WebM media files. A remote attacker could use this issue to crash an application using libvpx under certain conditions, resulting in a denial of service.
==========================================================================Ubuntu Security Notice USN-5637-1September 26, 2022libvpx vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESM- Ubuntu 14.04 ESMSummary:libvpx could be made to crash if it received specially craftednetwork traffic.Software Description:- libvpx: VP8 and VP9 video codecDetails:It was discovered that libvpx incorrectly handled certain WebM mediafiles. A remote attacker could use this issue to crash an applicationusing libvpx under certain conditions, resulting in a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM: libvpx3 1.5.0-2ubuntu1.1+esm1Ubuntu 14.04 ESM: libvpx1 1.3.0-2ubuntu0.1~esm2In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5637-1 CVE-2020-0034Related news
CVE-2020-0041: Android Security Bulletin—March 2020 | Android Open Source Project
In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel