SUSE-SU-2024:2409-1

Опубликовано: 11 июл. 2024

Источник: suse-cvrf

Описание

Security update for libvpx

This update for libvpx fixes the following issues:

CVE-2024-5197: Fixed interger overflow when calling vpx_img_alloc() or vpx_img_wrap() with large parameters (bsc#1225879).
CVE-2023-6349: Fixed heap overflow when encoding a frame that has larger dimensions than the originally configured size (bsc#1225403).
CVE-2023-44488: Fixed heap buffer overflow in vp8 encoding (bsc#1216879).

Список пакетов

Container containers/open-webui:0

libvpx7-1.11.0-150400.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

libvpx-devel-1.11.0-150400.3.7.1

libvpx7-1.11.0-150400.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

libvpx-devel-1.11.0-150400.3.7.1

libvpx7-1.11.0-150400.3.7.1

SUSE Linux Enterprise Module for Basesystem 15 SP5

libvpx-devel-1.11.0-150400.3.7.1

libvpx7-1.11.0-150400.3.7.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

libvpx-devel-1.11.0-150400.3.7.1

libvpx7-1.11.0-150400.3.7.1

SUSE Linux Enterprise Module for Package Hub 15 SP5

vpx-tools-1.11.0-150400.3.7.1

SUSE Linux Enterprise Module for Package Hub 15 SP6

vpx-tools-1.11.0-150400.3.7.1

SUSE Linux Enterprise Server 15 SP4-LTSS

libvpx-devel-1.11.0-150400.3.7.1

libvpx7-1.11.0-150400.3.7.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

libvpx-devel-1.11.0-150400.3.7.1

libvpx7-1.11.0-150400.3.7.1

SUSE Manager Proxy 4.3

libvpx-devel-1.11.0-150400.3.7.1

libvpx7-1.11.0-150400.3.7.1

SUSE Manager Server 4.3

libvpx-devel-1.11.0-150400.3.7.1

libvpx7-1.11.0-150400.3.7.1

openSUSE Leap 15.5

libvpx-devel-1.11.0-150400.3.7.1

libvpx7-1.11.0-150400.3.7.1

libvpx7-32bit-1.11.0-150400.3.7.1

vpx-tools-1.11.0-150400.3.7.1

openSUSE Leap 15.6

libvpx-devel-1.11.0-150400.3.7.1

libvpx7-1.11.0-150400.3.7.1

libvpx7-32bit-1.11.0-150400.3.7.1

vpx-tools-1.11.0-150400.3.7.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242409-1/
Link for SUSE-SU-2024:2409-1
https://lists.suse.com/pipermail/sle-updates/2024-July/035913.html
E-Mail link for SUSE-SU-2024:2409-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1216879
SUSE Bug 1216879
https://bugzilla.suse.com/1225403
SUSE Bug 1225403
https://bugzilla.suse.com/1225879
SUSE Bug 1225879
https://www.suse.com/security/cve/CVE-2023-44488/
SUSE CVE CVE-2023-44488 page
https://www.suse.com/security/cve/CVE-2023-6349/
SUSE CVE CVE-2023-6349 page
https://www.suse.com/security/cve/CVE-2024-5197/
SUSE CVE CVE-2024-5197 page

Описание

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

Затронутые продукты

Container containers/open-webui:0:libvpx7-1.11.0-150400.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libvpx-devel-1.11.0-150400.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libvpx7-1.11.0-150400.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libvpx-devel-1.11.0-150400.3.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-44488.html
CVE-2023-44488
https://bugzilla.suse.com/1216879
SUSE Bug 1216879
https://bugzilla.suse.com/1217559
SUSE Bug 1217559

Описание

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above

Затронутые продукты

Container containers/open-webui:0:libvpx7-1.11.0-150400.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libvpx-devel-1.11.0-150400.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libvpx7-1.11.0-150400.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libvpx-devel-1.11.0-150400.3.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-6349.html
CVE-2023-6349
https://bugzilla.suse.com/1225403
SUSE Bug 1225403

Описание

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond

Затронутые продукты

Container containers/open-webui:0:libvpx7-1.11.0-150400.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libvpx-devel-1.11.0-150400.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libvpx7-1.11.0-150400.3.7.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libvpx-devel-1.11.0-150400.3.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-5197.html
CVE-2024-5197
https://bugzilla.suse.com/1225879
SUSE Bug 1225879

SUSE-SU-2024:2409-1

Описание

Список пакетов

Container containers/open-webui:0

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise Module for Basesystem 15 SP5

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Package Hub 15 SP5

SUSE Linux Enterprise Module for Package Hub 15 SP6

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP4

SUSE Manager Proxy 4.3

SUSE Manager Server 4.3

openSUSE Leap 15.5

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2023-44488

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-6349

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-5197

Описание

Затронутые продукты

Ссылки