[SECURITY] [DSA 5518-1] libvpx security update

2023-10-0519:18:38

lists.debian.org

input sanitising

bullseye

libvpx

denial of service

debian security advisory

upgrade

multimedia library

cve-2023-44488

bookworm

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

35.5%

JSON

Debian Security Advisory DSA-5518-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
October 05, 2023 https://www.debian.org/security/faq

Package : libvpx
CVE ID : CVE-2023-44488

It was discovered that missing input sanitising in the encoding support
in libvpx, a multimedia library for the VP8 and VP9 video codecs, may
result in denial of service.

For the oldstable distribution (bullseye), this problem has been fixed
in version 1.9.0-1+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in
version 1.12.0-1+deb12u2.

We recommend that you upgrade your libvpx packages.

For the detailed security status of libvpx please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libvpx

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10i386libvpx5< 1.7.0-3+deb10u2libvpx5_1.7.0-3+deb10u2_i386.deb
Debian10arm64vpx-tools< 1.7.0-3+deb10u2vpx-tools_1.7.0-3+deb10u2_arm64.deb
Debian12mipsellibvpx-dev< 1.12.0-1+deb12u2libvpx-dev_1.12.0-1+deb12u2_mipsel.deb
Debian12mips64elvpx-tools-dbgsym< 1.12.0-1+deb12u2vpx-tools-dbgsym_1.12.0-1+deb12u2_mips64el.deb
Debian11ppc64ellibvpx6-dbgsym< 1.9.0-1+deb11u2libvpx6-dbgsym_1.9.0-1+deb11u2_ppc64el.deb
Debian10armhflibvpx-dev< 1.7.0-3+deb10u2libvpx-dev_1.7.0-3+deb10u2_armhf.deb
Debian10amd64libvpx5< 1.7.0-3+deb10u2libvpx5_1.7.0-3+deb10u2_amd64.deb
Debian11armhfvpx-tools< 1.9.0-1+deb11u2vpx-tools_1.9.0-1+deb11u2_armhf.deb
Debian12armhflibvpx7< 1.12.0-1+deb12u2libvpx7_1.12.0-1+deb12u2_armhf.deb
Debian11alllibvpx< 1.9.0-1+deb11u2libvpx_1.9.0-1+deb11u2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	i386	libvpx5	< 1.7.0-3+deb10u2	libvpx5_1.7.0-3+deb10u2_i386.deb
Debian	10	arm64	vpx-tools	< 1.7.0-3+deb10u2	vpx-tools_1.7.0-3+deb10u2_arm64.deb
Debian	12	mipsel	libvpx-dev	< 1.12.0-1+deb12u2	libvpx-dev_1.12.0-1+deb12u2_mipsel.deb
Debian	12	mips64el	vpx-tools-dbgsym	< 1.12.0-1+deb12u2	vpx-tools-dbgsym_1.12.0-1+deb12u2_mips64el.deb
Debian	11	ppc64el	libvpx6-dbgsym	< 1.9.0-1+deb11u2	libvpx6-dbgsym_1.9.0-1+deb11u2_ppc64el.deb
Debian	10	armhf	libvpx-dev	< 1.7.0-3+deb10u2	libvpx-dev_1.7.0-3+deb10u2_armhf.deb
Debian	10	amd64	libvpx5	< 1.7.0-3+deb10u2	libvpx5_1.7.0-3+deb10u2_amd64.deb
Debian	11	armhf	vpx-tools	< 1.9.0-1+deb11u2	vpx-tools_1.9.0-1+deb11u2_armhf.deb
Debian	12	armhf	libvpx7	< 1.12.0-1+deb12u2	libvpx7_1.12.0-1+deb12u2_armhf.deb
Debian	11	all	libvpx	< 1.9.0-1+deb11u2	libvpx_1.9.0-1+deb11u2_all.deb