Описание
Security update for libvpx
This update for libvpx fixes the following issues:
- CVE-2019-2126: Fixed a double free in ParseContentEncodingEntry() (bsc#1160611).
- CVE-2019-9325: Fixed an out-of-bounds read (bsc#1160612).
- CVE-2019-9232: Fixed an out-of-bounds memory access on fuzzed data (bsc#1160613).
- CVE-2019-9433: Fixed a use-after-free in vp8_deblock() (bsc#1160614).
- CVE-2019-9371: Fixed a resource exhaustion after memory leak (bsc#1160615).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Desktop Applications 15
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Module for Package Hub 15
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
Ссылки
- Link for SUSE-SU-2020:0143-1
- E-Mail link for SUSE-SU-2020:0143-1
- SUSE Security Ratings
- SUSE Bug 1160611
- SUSE Bug 1160612
- SUSE Bug 1160613
- SUSE Bug 1160614
- SUSE Bug 1160615
- SUSE CVE CVE-2019-2126 page
- SUSE CVE CVE-2019-9232 page
- SUSE CVE CVE-2019-9325 page
- SUSE CVE CVE-2019-9371 page
- SUSE CVE CVE-2019-9433 page
Описание
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.
Затронутые продукты
Ссылки
- CVE-2019-2126
- SUSE Bug 1160611
Описание
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483
Затронутые продукты
Ссылки
- CVE-2019-9232
- SUSE Bug 1160613
Описание
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302
Затронутые продукты
Ссылки
- CVE-2019-9325
- SUSE Bug 1160612
Описание
In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254
Затронутые продукты
Ссылки
- CVE-2019-9371
- SUSE Bug 1160615
Описание
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354
Затронутые продукты
Ссылки
- CVE-2019-9433
- SUSE Bug 1160614