(RHSA-2020:3876) Moderate: libvpx security update

2020-09-2907:39:42

access.redhat.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.012 Low

EPSS

Percentile

84.9%

JSON

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Security Fix(es):

libvpx: Denial of service in mediaserver (CVE-2017-0393)
libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)
libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)
libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c (CVE-2020-0034)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64libvpx-debuginfo< 1.3.0-8.el7libvpx-debuginfo-1.3.0-8.el7.x86_64.rpm
RedHat7ppc64lelibvpx< 1.3.0-8.el7libvpx-1.3.0-8.el7.ppc64le.rpm
RedHat7i686libvpx-debuginfo< 1.3.0-8.el7libvpx-debuginfo-1.3.0-8.el7.i686.rpm
RedHat7s390libvpx-devel< 1.3.0-8.el7libvpx-devel-1.3.0-8.el7.s390.rpm
RedHat7ppc64libvpx< 1.3.0-8.el7libvpx-1.3.0-8.el7.ppc64.rpm
RedHat7x86_64libvpx-utils< 1.3.0-8.el7libvpx-utils-1.3.0-8.el7.x86_64.rpm
RedHat7ppclibvpx-debuginfo< 1.3.0-8.el7libvpx-debuginfo-1.3.0-8.el7.ppc.rpm
RedHat7s390xlibvpx-debuginfo< 1.3.0-8.el7libvpx-debuginfo-1.3.0-8.el7.s390x.rpm
RedHat7s390libvpx< 1.3.0-8.el7libvpx-1.3.0-8.el7.s390.rpm
RedHat7ppc64libvpx-debuginfo< 1.3.0-8.el7libvpx-debuginfo-1.3.0-8.el7.ppc64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	libvpx-debuginfo	< 1.3.0-8.el7	libvpx-debuginfo-1.3.0-8.el7.x86_64.rpm
RedHat	7	ppc64le	libvpx	< 1.3.0-8.el7	libvpx-1.3.0-8.el7.ppc64le.rpm
RedHat	7	i686	libvpx-debuginfo	< 1.3.0-8.el7	libvpx-debuginfo-1.3.0-8.el7.i686.rpm
RedHat	7	s390	libvpx-devel	< 1.3.0-8.el7	libvpx-devel-1.3.0-8.el7.s390.rpm
RedHat	7	ppc64	libvpx	< 1.3.0-8.el7	libvpx-1.3.0-8.el7.ppc64.rpm
RedHat	7	x86_64	libvpx-utils	< 1.3.0-8.el7	libvpx-utils-1.3.0-8.el7.x86_64.rpm
RedHat	7	ppc	libvpx-debuginfo	< 1.3.0-8.el7	libvpx-debuginfo-1.3.0-8.el7.ppc.rpm
RedHat	7	s390x	libvpx-debuginfo	< 1.3.0-8.el7	libvpx-debuginfo-1.3.0-8.el7.s390x.rpm
RedHat	7	s390	libvpx	< 1.3.0-8.el7	libvpx-1.3.0-8.el7.s390.rpm
RedHat	7	ppc64	libvpx-debuginfo	< 1.3.0-8.el7	libvpx-debuginfo-1.3.0-8.el7.ppc64.rpm