Описание
Moderate: libvpx security update
The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.
Security Fix(es):
-
libvpx: Double free in ParseContentEncodingEntry() in mkvparser.cc (CVE-2019-2126)
-
libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)
-
libvpx: Resource exhaustion after memory leak in mkvparser.cc (CVE-2019-9371)
-
libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Связанные CVE
Ссылки на источники
Исправления
- Red Hat - 1788966
- Red Hat - 1788994
- Red Hat - 1789004
- Red Hat - 1789008
Связанные уязвимости
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.