Headline
RHSA-2023:5537: Red Hat Security Advisory: libvpx security update
An update for libvpx is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library.
- CVE-2023-44488: A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library.
Synopsis
Important: libvpx security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libvpx is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.
Security Fix(es):
- libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)
- libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, all applications using libvpx must be restarted for the changes to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.8 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8 s390x
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64
Fixes
- BZ - 2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx
- BZ - 2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx
Red Hat Enterprise Linux for x86_64 8
SRPM
libvpx-1.7.0-10.el8_8.src.rpm
SHA-256: d1a621f90ded1d137688a1d1aa1ae326acbb4b57b936189714848d5c280996dc
x86_64
libvpx-1.7.0-10.el8_8.i686.rpm
SHA-256: b76085982736a8be52745ed2de66f7af90eebd4e1928dfb5bf698d1c0f34c135
libvpx-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 9b46aae3b09be1aac082b29a7aefe1f6cc2f144508b18e4524b77d983c51f03c
libvpx-debuginfo-1.7.0-10.el8_8.i686.rpm
SHA-256: 5f2697d8bfa54e1da0b674a4fe42799d5975fa773299802d7e3b7cdecbb4f582
libvpx-debuginfo-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 1c23a03af9ac72f7949e9e6a341219d2a290c0f1a9a503df866d42b8fb3e2361
libvpx-debugsource-1.7.0-10.el8_8.i686.rpm
SHA-256: a5d6d72425f104ae97b8eab76fa80e0beb7de0af2fb957c7d21000cc5da6c2fe
libvpx-debugsource-1.7.0-10.el8_8.x86_64.rpm
SHA-256: d4489cbe319baeb35b7b7f62d4a749be1817059217fc91726a5c4f10d744c72a
libvpx-utils-debuginfo-1.7.0-10.el8_8.i686.rpm
SHA-256: 47e4efb26c98bfb79fa3ee704c9f1a71ea4edd974ba977b3c593bb23fccb5a40
libvpx-utils-debuginfo-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 4dfbb66bc7868bc8f197654cc3ad7737cf642d3cea7479adf0c8746fe2eb30a0
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
SRPM
libvpx-1.7.0-10.el8_8.src.rpm
SHA-256: d1a621f90ded1d137688a1d1aa1ae326acbb4b57b936189714848d5c280996dc
x86_64
libvpx-1.7.0-10.el8_8.i686.rpm
SHA-256: b76085982736a8be52745ed2de66f7af90eebd4e1928dfb5bf698d1c0f34c135
libvpx-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 9b46aae3b09be1aac082b29a7aefe1f6cc2f144508b18e4524b77d983c51f03c
libvpx-debuginfo-1.7.0-10.el8_8.i686.rpm
SHA-256: 5f2697d8bfa54e1da0b674a4fe42799d5975fa773299802d7e3b7cdecbb4f582
libvpx-debuginfo-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 1c23a03af9ac72f7949e9e6a341219d2a290c0f1a9a503df866d42b8fb3e2361
libvpx-debugsource-1.7.0-10.el8_8.i686.rpm
SHA-256: a5d6d72425f104ae97b8eab76fa80e0beb7de0af2fb957c7d21000cc5da6c2fe
libvpx-debugsource-1.7.0-10.el8_8.x86_64.rpm
SHA-256: d4489cbe319baeb35b7b7f62d4a749be1817059217fc91726a5c4f10d744c72a
libvpx-utils-debuginfo-1.7.0-10.el8_8.i686.rpm
SHA-256: 47e4efb26c98bfb79fa3ee704c9f1a71ea4edd974ba977b3c593bb23fccb5a40
libvpx-utils-debuginfo-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 4dfbb66bc7868bc8f197654cc3ad7737cf642d3cea7479adf0c8746fe2eb30a0
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
libvpx-1.7.0-10.el8_8.src.rpm
SHA-256: d1a621f90ded1d137688a1d1aa1ae326acbb4b57b936189714848d5c280996dc
s390x
libvpx-1.7.0-10.el8_8.s390x.rpm
SHA-256: a43ab67b3761fa62ca96709cc7166b1796b1d744948a48b3bcb22e9fc3f30d3a
libvpx-debuginfo-1.7.0-10.el8_8.s390x.rpm
SHA-256: 81682d61f4072f89b0767f09cfae1d2fd992a2e6d4913d7bce7ba90d7aa2b700
libvpx-debugsource-1.7.0-10.el8_8.s390x.rpm
SHA-256: ac31bb1257b9b5a65d3238494ebad4629eb3e1e5d9a74bc7c21956130c7b63dc
libvpx-utils-debuginfo-1.7.0-10.el8_8.s390x.rpm
SHA-256: 98d65a99e87aba822b00f5d1c9f8f4ab0d5fddab711f2440241dd55dd506f696
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8
SRPM
libvpx-1.7.0-10.el8_8.src.rpm
SHA-256: d1a621f90ded1d137688a1d1aa1ae326acbb4b57b936189714848d5c280996dc
s390x
libvpx-1.7.0-10.el8_8.s390x.rpm
SHA-256: a43ab67b3761fa62ca96709cc7166b1796b1d744948a48b3bcb22e9fc3f30d3a
libvpx-debuginfo-1.7.0-10.el8_8.s390x.rpm
SHA-256: 81682d61f4072f89b0767f09cfae1d2fd992a2e6d4913d7bce7ba90d7aa2b700
libvpx-debugsource-1.7.0-10.el8_8.s390x.rpm
SHA-256: ac31bb1257b9b5a65d3238494ebad4629eb3e1e5d9a74bc7c21956130c7b63dc
libvpx-utils-debuginfo-1.7.0-10.el8_8.s390x.rpm
SHA-256: 98d65a99e87aba822b00f5d1c9f8f4ab0d5fddab711f2440241dd55dd506f696
Red Hat Enterprise Linux for Power, little endian 8
SRPM
libvpx-1.7.0-10.el8_8.src.rpm
SHA-256: d1a621f90ded1d137688a1d1aa1ae326acbb4b57b936189714848d5c280996dc
ppc64le
libvpx-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 5c2d58a54fff6c1400b9db01bc0e2bef34a19fb684683728ab3aa47c284f3d9a
libvpx-debuginfo-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 8c4c7e768784dc1e8be18b3ea68af6ad1902351ba80be1f684e58f37577ecd0e
libvpx-debugsource-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: c686a3b4d653cb119a2aa8fe1cb04867ad85b4cef9fe3769e771b7090b94f6df
libvpx-utils-debuginfo-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 29351d3c0da7b1e39f9a5a2a1ccb86b6b654c8f6f2788ae359c427eb2dbc8ea3
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8
SRPM
libvpx-1.7.0-10.el8_8.src.rpm
SHA-256: d1a621f90ded1d137688a1d1aa1ae326acbb4b57b936189714848d5c280996dc
ppc64le
libvpx-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 5c2d58a54fff6c1400b9db01bc0e2bef34a19fb684683728ab3aa47c284f3d9a
libvpx-debuginfo-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 8c4c7e768784dc1e8be18b3ea68af6ad1902351ba80be1f684e58f37577ecd0e
libvpx-debugsource-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: c686a3b4d653cb119a2aa8fe1cb04867ad85b4cef9fe3769e771b7090b94f6df
libvpx-utils-debuginfo-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 29351d3c0da7b1e39f9a5a2a1ccb86b6b654c8f6f2788ae359c427eb2dbc8ea3
Red Hat Enterprise Linux Server - TUS 8.8
SRPM
libvpx-1.7.0-10.el8_8.src.rpm
SHA-256: d1a621f90ded1d137688a1d1aa1ae326acbb4b57b936189714848d5c280996dc
x86_64
libvpx-1.7.0-10.el8_8.i686.rpm
SHA-256: b76085982736a8be52745ed2de66f7af90eebd4e1928dfb5bf698d1c0f34c135
libvpx-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 9b46aae3b09be1aac082b29a7aefe1f6cc2f144508b18e4524b77d983c51f03c
libvpx-debuginfo-1.7.0-10.el8_8.i686.rpm
SHA-256: 5f2697d8bfa54e1da0b674a4fe42799d5975fa773299802d7e3b7cdecbb4f582
libvpx-debuginfo-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 1c23a03af9ac72f7949e9e6a341219d2a290c0f1a9a503df866d42b8fb3e2361
libvpx-debugsource-1.7.0-10.el8_8.i686.rpm
SHA-256: a5d6d72425f104ae97b8eab76fa80e0beb7de0af2fb957c7d21000cc5da6c2fe
libvpx-debugsource-1.7.0-10.el8_8.x86_64.rpm
SHA-256: d4489cbe319baeb35b7b7f62d4a749be1817059217fc91726a5c4f10d744c72a
libvpx-utils-debuginfo-1.7.0-10.el8_8.i686.rpm
SHA-256: 47e4efb26c98bfb79fa3ee704c9f1a71ea4edd974ba977b3c593bb23fccb5a40
libvpx-utils-debuginfo-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 4dfbb66bc7868bc8f197654cc3ad7737cf642d3cea7479adf0c8746fe2eb30a0
Red Hat Enterprise Linux for ARM 64 8
SRPM
libvpx-1.7.0-10.el8_8.src.rpm
SHA-256: d1a621f90ded1d137688a1d1aa1ae326acbb4b57b936189714848d5c280996dc
aarch64
libvpx-1.7.0-10.el8_8.aarch64.rpm
SHA-256: b8e57d50fa03c321fb5f578dd0aa23b2e5f10fc32b9551caa2c18de602810b4f
libvpx-debuginfo-1.7.0-10.el8_8.aarch64.rpm
SHA-256: c089acfd6a054393af1b8f04d089dbc2662fb866f6011ed8ecfe541c4f249629
libvpx-debugsource-1.7.0-10.el8_8.aarch64.rpm
SHA-256: dac0d506d6ea0b20063626e9c11aaee6f3764eeac2ec7a9b8cb98d6acb4f09ff
libvpx-utils-debuginfo-1.7.0-10.el8_8.aarch64.rpm
SHA-256: 9fe0fb741ed7342102941aafa67b65376b8805a56ae9adec17ff71bfd7e39d44
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8
SRPM
libvpx-1.7.0-10.el8_8.src.rpm
SHA-256: d1a621f90ded1d137688a1d1aa1ae326acbb4b57b936189714848d5c280996dc
aarch64
libvpx-1.7.0-10.el8_8.aarch64.rpm
SHA-256: b8e57d50fa03c321fb5f578dd0aa23b2e5f10fc32b9551caa2c18de602810b4f
libvpx-debuginfo-1.7.0-10.el8_8.aarch64.rpm
SHA-256: c089acfd6a054393af1b8f04d089dbc2662fb866f6011ed8ecfe541c4f249629
libvpx-debugsource-1.7.0-10.el8_8.aarch64.rpm
SHA-256: dac0d506d6ea0b20063626e9c11aaee6f3764eeac2ec7a9b8cb98d6acb4f09ff
libvpx-utils-debuginfo-1.7.0-10.el8_8.aarch64.rpm
SHA-256: 9fe0fb741ed7342102941aafa67b65376b8805a56ae9adec17ff71bfd7e39d44
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8
SRPM
libvpx-1.7.0-10.el8_8.src.rpm
SHA-256: d1a621f90ded1d137688a1d1aa1ae326acbb4b57b936189714848d5c280996dc
ppc64le
libvpx-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 5c2d58a54fff6c1400b9db01bc0e2bef34a19fb684683728ab3aa47c284f3d9a
libvpx-debuginfo-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 8c4c7e768784dc1e8be18b3ea68af6ad1902351ba80be1f684e58f37577ecd0e
libvpx-debugsource-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: c686a3b4d653cb119a2aa8fe1cb04867ad85b4cef9fe3769e771b7090b94f6df
libvpx-utils-debuginfo-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 29351d3c0da7b1e39f9a5a2a1ccb86b6b654c8f6f2788ae359c427eb2dbc8ea3
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8
SRPM
libvpx-1.7.0-10.el8_8.src.rpm
SHA-256: d1a621f90ded1d137688a1d1aa1ae326acbb4b57b936189714848d5c280996dc
x86_64
libvpx-1.7.0-10.el8_8.i686.rpm
SHA-256: b76085982736a8be52745ed2de66f7af90eebd4e1928dfb5bf698d1c0f34c135
libvpx-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 9b46aae3b09be1aac082b29a7aefe1f6cc2f144508b18e4524b77d983c51f03c
libvpx-debuginfo-1.7.0-10.el8_8.i686.rpm
SHA-256: 5f2697d8bfa54e1da0b674a4fe42799d5975fa773299802d7e3b7cdecbb4f582
libvpx-debuginfo-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 1c23a03af9ac72f7949e9e6a341219d2a290c0f1a9a503df866d42b8fb3e2361
libvpx-debugsource-1.7.0-10.el8_8.i686.rpm
SHA-256: a5d6d72425f104ae97b8eab76fa80e0beb7de0af2fb957c7d21000cc5da6c2fe
libvpx-debugsource-1.7.0-10.el8_8.x86_64.rpm
SHA-256: d4489cbe319baeb35b7b7f62d4a749be1817059217fc91726a5c4f10d744c72a
libvpx-utils-debuginfo-1.7.0-10.el8_8.i686.rpm
SHA-256: 47e4efb26c98bfb79fa3ee704c9f1a71ea4edd974ba977b3c593bb23fccb5a40
libvpx-utils-debuginfo-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 4dfbb66bc7868bc8f197654cc3ad7737cf642d3cea7479adf0c8746fe2eb30a0
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
libvpx-debuginfo-1.7.0-10.el8_8.i686.rpm
SHA-256: 5f2697d8bfa54e1da0b674a4fe42799d5975fa773299802d7e3b7cdecbb4f582
libvpx-debuginfo-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 1c23a03af9ac72f7949e9e6a341219d2a290c0f1a9a503df866d42b8fb3e2361
libvpx-debugsource-1.7.0-10.el8_8.i686.rpm
SHA-256: a5d6d72425f104ae97b8eab76fa80e0beb7de0af2fb957c7d21000cc5da6c2fe
libvpx-debugsource-1.7.0-10.el8_8.x86_64.rpm
SHA-256: d4489cbe319baeb35b7b7f62d4a749be1817059217fc91726a5c4f10d744c72a
libvpx-devel-1.7.0-10.el8_8.i686.rpm
SHA-256: 9518378ab7c00f3fd7dce516c1b570b4d953757908d48ab13e719ec8a13fa71b
libvpx-devel-1.7.0-10.el8_8.x86_64.rpm
SHA-256: ad53f2c0ec0c13ba696123256402255c37fa57651aae318226b01b1cf77bbaaa
libvpx-utils-debuginfo-1.7.0-10.el8_8.i686.rpm
SHA-256: 47e4efb26c98bfb79fa3ee704c9f1a71ea4edd974ba977b3c593bb23fccb5a40
libvpx-utils-debuginfo-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 4dfbb66bc7868bc8f197654cc3ad7737cf642d3cea7479adf0c8746fe2eb30a0
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
libvpx-debuginfo-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 8c4c7e768784dc1e8be18b3ea68af6ad1902351ba80be1f684e58f37577ecd0e
libvpx-debugsource-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: c686a3b4d653cb119a2aa8fe1cb04867ad85b4cef9fe3769e771b7090b94f6df
libvpx-devel-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 97be0c658ef34a1875cee9a49516b224bfa6bf6e5333f0427666db3512809ae5
libvpx-utils-debuginfo-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 29351d3c0da7b1e39f9a5a2a1ccb86b6b654c8f6f2788ae359c427eb2dbc8ea3
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
libvpx-debuginfo-1.7.0-10.el8_8.aarch64.rpm
SHA-256: c089acfd6a054393af1b8f04d089dbc2662fb866f6011ed8ecfe541c4f249629
libvpx-debugsource-1.7.0-10.el8_8.aarch64.rpm
SHA-256: dac0d506d6ea0b20063626e9c11aaee6f3764eeac2ec7a9b8cb98d6acb4f09ff
libvpx-devel-1.7.0-10.el8_8.aarch64.rpm
SHA-256: 6bf4f7acf47e80300edf950bb22155d3078694e9d24eeb71446b8616ca889ebf
libvpx-utils-debuginfo-1.7.0-10.el8_8.aarch64.rpm
SHA-256: 9fe0fb741ed7342102941aafa67b65376b8805a56ae9adec17ff71bfd7e39d44
Red Hat CodeReady Linux Builder for IBM z Systems 8
SRPM
s390x
libvpx-debuginfo-1.7.0-10.el8_8.s390x.rpm
SHA-256: 81682d61f4072f89b0767f09cfae1d2fd992a2e6d4913d7bce7ba90d7aa2b700
libvpx-debugsource-1.7.0-10.el8_8.s390x.rpm
SHA-256: ac31bb1257b9b5a65d3238494ebad4629eb3e1e5d9a74bc7c21956130c7b63dc
libvpx-devel-1.7.0-10.el8_8.s390x.rpm
SHA-256: 80036c30957ed44db25d25801a047272c3ecd702707d85cc9e3c635b81d887e7
libvpx-utils-debuginfo-1.7.0-10.el8_8.s390x.rpm
SHA-256: 98d65a99e87aba822b00f5d1c9f8f4ab0d5fddab711f2440241dd55dd506f696
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8
SRPM
x86_64
libvpx-debuginfo-1.7.0-10.el8_8.i686.rpm
SHA-256: 5f2697d8bfa54e1da0b674a4fe42799d5975fa773299802d7e3b7cdecbb4f582
libvpx-debuginfo-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 1c23a03af9ac72f7949e9e6a341219d2a290c0f1a9a503df866d42b8fb3e2361
libvpx-debugsource-1.7.0-10.el8_8.i686.rpm
SHA-256: a5d6d72425f104ae97b8eab76fa80e0beb7de0af2fb957c7d21000cc5da6c2fe
libvpx-debugsource-1.7.0-10.el8_8.x86_64.rpm
SHA-256: d4489cbe319baeb35b7b7f62d4a749be1817059217fc91726a5c4f10d744c72a
libvpx-devel-1.7.0-10.el8_8.i686.rpm
SHA-256: 9518378ab7c00f3fd7dce516c1b570b4d953757908d48ab13e719ec8a13fa71b
libvpx-devel-1.7.0-10.el8_8.x86_64.rpm
SHA-256: ad53f2c0ec0c13ba696123256402255c37fa57651aae318226b01b1cf77bbaaa
libvpx-utils-debuginfo-1.7.0-10.el8_8.i686.rpm
SHA-256: 47e4efb26c98bfb79fa3ee704c9f1a71ea4edd974ba977b3c593bb23fccb5a40
libvpx-utils-debuginfo-1.7.0-10.el8_8.x86_64.rpm
SHA-256: 4dfbb66bc7868bc8f197654cc3ad7737cf642d3cea7479adf0c8746fe2eb30a0
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8
SRPM
ppc64le
libvpx-debuginfo-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 8c4c7e768784dc1e8be18b3ea68af6ad1902351ba80be1f684e58f37577ecd0e
libvpx-debugsource-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: c686a3b4d653cb119a2aa8fe1cb04867ad85b4cef9fe3769e771b7090b94f6df
libvpx-devel-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 97be0c658ef34a1875cee9a49516b224bfa6bf6e5333f0427666db3512809ae5
libvpx-utils-debuginfo-1.7.0-10.el8_8.ppc64le.rpm
SHA-256: 29351d3c0da7b1e39f9a5a2a1ccb86b6b654c8f6f2788ae359c427eb2dbc8ea3
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8
SRPM
s390x
libvpx-debuginfo-1.7.0-10.el8_8.s390x.rpm
SHA-256: 81682d61f4072f89b0767f09cfae1d2fd992a2e6d4913d7bce7ba90d7aa2b700
libvpx-debugsource-1.7.0-10.el8_8.s390x.rpm
SHA-256: ac31bb1257b9b5a65d3238494ebad4629eb3e1e5d9a74bc7c21956130c7b63dc
libvpx-devel-1.7.0-10.el8_8.s390x.rpm
SHA-256: 80036c30957ed44db25d25801a047272c3ecd702707d85cc9e3c635b81d887e7
libvpx-utils-debuginfo-1.7.0-10.el8_8.s390x.rpm
SHA-256: 98d65a99e87aba822b00f5d1c9f8f4ab0d5fddab711f2440241dd55dd506f696
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8
SRPM
aarch64
libvpx-debuginfo-1.7.0-10.el8_8.aarch64.rpm
SHA-256: c089acfd6a054393af1b8f04d089dbc2662fb866f6011ed8ecfe541c4f249629
libvpx-debugsource-1.7.0-10.el8_8.aarch64.rpm
SHA-256: dac0d506d6ea0b20063626e9c11aaee6f3764eeac2ec7a9b8cb98d6acb4f09ff
libvpx-devel-1.7.0-10.el8_8.aarch64.rpm
SHA-256: 6bf4f7acf47e80300edf950bb22155d3078694e9d24eeb71446b8616ca889ebf
libvpx-utils-debuginfo-1.7.0-10.el8_8.aarch64.rpm
SHA-256: 9fe0fb741ed7342102941aafa67b65376b8805a56ae9adec17ff71bfd7e39d44
Related news
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by
Ubuntu Security Notice 6403-3 - USN-6403-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 16.04 LTS. It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-6198-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.
Red Hat Security Advisory 2023-6197-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.
Red Hat Security Advisory 2023-6196-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.
Red Hat Security Advisory 2023-6192-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Security Advisory 2023-6190-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Ubuntu Security Notice 6403-2 - USN-6403-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-5538-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2023-5539-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2023-5534-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2023-5537-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2023-5536-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.
An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compile...
An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML pag...
An update for libvpx is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that ...
An update for libvpx is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a...
An update for libvpx is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compile...
Red Hat Security Advisory 2023-5475-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
Debian Linux Security Advisory 5518-1 - It was discovered that missing input sanitising in the encoding support in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service.
Red Hat Security Advisory 2023-5438-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5426-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5430-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: iOS Tags: iPad Tags: 17.0.3 Tags: CVE-2023-42824 Tags: CVE-2023-5217 Apple has issued an emergency update to patch two vulnerabilities, including an actively exploited one. (Read more...) The post Update now! Apple patches vulnerabilities on iPhone and iPad appeared first on Malwarebytes Labs.
Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild. Tracked as CVE-2023-42824, the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said it addressed the problem with improved checks. "Apple is aware of a report that this issue may have
Gentoo Linux Security Advisory 202310-4 - Multiple vulnerabilities have been discovered in libvpx, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.13.1 are affected.
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as:...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A c...
Ubuntu Security Notice 6403-1 - It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
Plus: Mozilla patches 10 Firefox bugs, Cisco fixes a vulnerability with a rare maximum severity score, and SAP releases updates to stamp out three highly critical flaws.
By Waqas Ensure Your Chrome Browser Is Up to Date and Secure: Enable Automatic Updates to Safeguard Against Cybersecurity Threats This is a post from HackRead.com Read the original post: Critical Chrome Update Counters Spyware Vendor’s Exploits