SUSE-SU-2021:4168-1

Опубликовано: 23 дек. 2021

Источник: suse-cvrf

Описание

Security update for libvpx

This update for libvpx fixes the following issues:

CVE-2020-0034: Fixed out-of-bounds read on truncated key frames (bsc#1166066)

Список пакетов

Image SLES12-SP4-SAP-Azure

libvpx1-1.3.0-3.9.1

Image SLES12-SP4-SAP-Azure-BYOS

libvpx1-1.3.0-3.9.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

libvpx1-1.3.0-3.9.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

libvpx1-1.3.0-3.9.1

Image SLES12-SP4-SAP-EC2-HVM

libvpx1-1.3.0-3.9.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

libvpx1-1.3.0-3.9.1

Image SLES12-SP4-SAP-GCE

libvpx1-1.3.0-3.9.1

Image SLES12-SP4-SAP-GCE-BYOS

libvpx1-1.3.0-3.9.1

Image SLES12-SP5-Azure-SAP-BYOS

libvpx1-1.3.0-3.9.1

Image SLES12-SP5-Azure-SAP-On-Demand

libvpx1-1.3.0-3.9.1

Image SLES12-SP5-EC2-SAP-BYOS

libvpx1-1.3.0-3.9.1

Image SLES12-SP5-EC2-SAP-On-Demand

libvpx1-1.3.0-3.9.1

Image SLES12-SP5-GCE-SAP-BYOS

libvpx1-1.3.0-3.9.1

Image SLES12-SP5-GCE-SAP-On-Demand

libvpx1-1.3.0-3.9.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libvpx1-1.3.0-3.9.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libvpx1-1.3.0-3.9.1

SUSE Linux Enterprise Server 12 SP5

libvpx1-1.3.0-3.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libvpx1-1.3.0-3.9.1

SUSE Linux Enterprise Software Development Kit 12 SP5

libvpx-devel-1.3.0-3.9.1

SUSE Linux Enterprise Workstation Extension 12 SP5

libvpx1-32bit-1.3.0-3.9.1

vpx-tools-1.3.0-3.9.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20214168-1/
Link for SUSE-SU-2021:4168-1
https://lists.suse.com/pipermail/sle-security-updates/2021-December/009936.html
E-Mail link for SUSE-SU-2021:4168-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1166066
SUSE Bug 1166066
https://www.suse.com/security/cve/CVE-2020-0034/
SUSE CVE CVE-2020-0034 page

Описание

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

Затронутые продукты

Image SLES12-SP4-SAP-Azure-BYOS:libvpx1-1.3.0-3.9.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libvpx1-1.3.0-3.9.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libvpx1-1.3.0-3.9.1

Image SLES12-SP4-SAP-Azure:libvpx1-1.3.0-3.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-0034.html
CVE-2020-0034
https://bugzilla.suse.com/1166066
SUSE Bug 1166066

SUSE-SU-2021:4168-1

Описание

Список пакетов

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-Azure-BYOS

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE Linux Enterprise Workstation Extension 12 SP5

Ссылки

Уязвимость: CVE-2020-0034

Описание

Затронутые продукты

Ссылки