Описание
Security update for libvpx
This update for libvpx fixes the following issues:
- CVE-2019-9232: Fixed an out of bound memory access (bsc#1160613).
- CVE-2019-9433: Fixdd a use-after-free in vp8_deblock() (bsc#1160614).
Список пакетов
Container caasp/v4/nginx-ingress-controller:beta1
libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-Azure
libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-Azure-BYOS
libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-EC2-HVM
libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-GCE
libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-GCE-BYOS
libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-OCI-BYOS
libvpx1-1.3.0-3.6.1
Image SLES12-SP5-Azure-SAP-BYOS
libvpx1-1.3.0-3.6.1
Image SLES12-SP5-Azure-SAP-On-Demand
libvpx1-1.3.0-3.6.1
Image SLES12-SP5-EC2-SAP-BYOS
libvpx1-1.3.0-3.6.1
Image SLES12-SP5-EC2-SAP-On-Demand
libvpx1-1.3.0-3.6.1
Image SLES12-SP5-GCE-SAP-BYOS
libvpx1-1.3.0-3.6.1
Image SLES12-SP5-GCE-SAP-On-Demand
libvpx1-1.3.0-3.6.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libvpx1-1.3.0-3.6.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libvpx1-1.3.0-3.6.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libvpx1-1.3.0-3.6.1
SUSE Linux Enterprise Server 12 SP4
libvpx1-1.3.0-3.6.1
SUSE Linux Enterprise Server 12 SP5
libvpx1-1.3.0-3.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libvpx1-1.3.0-3.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libvpx1-1.3.0-3.6.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libvpx-devel-1.3.0-3.6.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libvpx-devel-1.3.0-3.6.1
SUSE Linux Enterprise Workstation Extension 12 SP4
libvpx1-32bit-1.3.0-3.6.1
vpx-tools-1.3.0-3.6.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libvpx1-32bit-1.3.0-3.6.1
vpx-tools-1.3.0-3.6.1
Ссылки
- Link for SUSE-SU-2020:0459-1
- E-Mail link for SUSE-SU-2020:0459-1
- SUSE Security Ratings
- SUSE Bug 1160613
- SUSE Bug 1160614
- SUSE CVE CVE-2019-9232 page
- SUSE CVE CVE-2019-9433 page
Описание
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-Azure-BYOS:libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libvpx1-1.3.0-3.6.1
Ссылки
- CVE-2019-9232
- SUSE Bug 1160613
Описание
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-Azure-BYOS:libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libvpx1-1.3.0-3.6.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libvpx1-1.3.0-3.6.1
Ссылки
- CVE-2019-9433
- SUSE Bug 1160614