(RHSA-2010:0999) Moderate: libvpx security update

2010-12-2000:00:00

access.redhat.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.041 Low

EPSS

Percentile

91.2%

JSON

The libvpx packages provide the VP8 SDK, which allows the encoding and
decoding of the VP8 video codec, commonly used with the WebM multimedia
container file format.

An integer overflow flaw, leading to arbitrary memory writes, was found in
libvpx. An attacker could create a specially-crafted video encoded using
the VP8 codec that, when played by a victim with an application using
libvpx (such as Totem), would cause the application to crash or,
potentially, execute arbitrary code. (CVE-2010-4203)

All users of libvpx are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, all applications using libvpx must be restarted for the changes to
take effect.

OSVersionArchitecturePackageVersionFilename
RedHat6s390libvpx< 0.9.0-8.el6_0libvpx-0.9.0-8.el6_0.s390.rpm
RedHat6ppc64libvpx-debuginfo< 0.9.0-8.el6_0libvpx-debuginfo-0.9.0-8.el6_0.ppc64.rpm
RedHat6x86_64libvpx-utils< 0.9.0-8.el6_0libvpx-utils-0.9.0-8.el6_0.x86_64.rpm
RedHat6x86_64libvpx-devel< 0.9.0-8.el6_0libvpx-devel-0.9.0-8.el6_0.x86_64.rpm
RedHat6srclibvpx< 0.9.0-8.el6_0libvpx-0.9.0-8.el6_0.src.rpm
RedHat6ppclibvpx< 0.9.0-8.el6_0libvpx-0.9.0-8.el6_0.ppc.rpm
RedHat6s390xlibvpx-utils< 0.9.0-8.el6_0libvpx-utils-0.9.0-8.el6_0.s390x.rpm
RedHat6s390libvpx-devel< 0.9.0-8.el6_0libvpx-devel-0.9.0-8.el6_0.s390.rpm
RedHat6s390libvpx-debuginfo< 0.9.0-8.el6_0libvpx-debuginfo-0.9.0-8.el6_0.s390.rpm
RedHat6ppc64libvpx-utils< 0.9.0-8.el6_0libvpx-utils-0.9.0-8.el6_0.ppc64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	s390	libvpx	< 0.9.0-8.el6_0	libvpx-0.9.0-8.el6_0.s390.rpm
RedHat	6	ppc64	libvpx-debuginfo	< 0.9.0-8.el6_0	libvpx-debuginfo-0.9.0-8.el6_0.ppc64.rpm
RedHat	6	x86_64	libvpx-utils	< 0.9.0-8.el6_0	libvpx-utils-0.9.0-8.el6_0.x86_64.rpm
RedHat	6	x86_64	libvpx-devel	< 0.9.0-8.el6_0	libvpx-devel-0.9.0-8.el6_0.x86_64.rpm
RedHat	6	src	libvpx	< 0.9.0-8.el6_0	libvpx-0.9.0-8.el6_0.src.rpm
RedHat	6	ppc	libvpx	< 0.9.0-8.el6_0	libvpx-0.9.0-8.el6_0.ppc.rpm
RedHat	6	s390x	libvpx-utils	< 0.9.0-8.el6_0	libvpx-utils-0.9.0-8.el6_0.s390x.rpm
RedHat	6	s390	libvpx-devel	< 0.9.0-8.el6_0	libvpx-devel-0.9.0-8.el6_0.s390.rpm
RedHat	6	s390	libvpx-debuginfo	< 0.9.0-8.el6_0	libvpx-debuginfo-0.9.0-8.el6_0.s390.rpm
RedHat	6	ppc64	libvpx-utils	< 0.9.0-8.el6_0	libvpx-utils-0.9.0-8.el6_0.ppc64.rpm