Описание
Security update for libvpx
This update for libvpx fixes the following issues:
- CVE-2020-0034: Fixed an out-of-bounds read on truncated key frames (bsc#1166066).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP2
libvpx4-1.6.1-6.6.8
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
libvpx-devel-1.6.1-6.6.8
SUSE Linux Enterprise Module for Package Hub 15 SP1
vpx-tools-1.6.1-6.6.8
SUSE Linux Enterprise Module for Package Hub 15 SP2
vpx-tools-1.6.1-6.6.8
Ссылки
- Link for SUSE-SU-2020:1297-2
- E-Mail link for SUSE-SU-2020:1297-2
- SUSE Security Ratings
- SUSE Bug 1166066
- SUSE CVE CVE-2020-0034 page
Описание
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP2:libvpx4-1.6.1-6.6.8
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libvpx-devel-1.6.1-6.6.8
SUSE Linux Enterprise Module for Package Hub 15 SP1:vpx-tools-1.6.1-6.6.8
SUSE Linux Enterprise Module for Package Hub 15 SP2:vpx-tools-1.6.1-6.6.8
Ссылки
- CVE-2020-0034
- SUSE Bug 1166066