what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2020-3876-01

Red Hat Security Advisory 2020-3876-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3876-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include denial of service, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2017-0393, CVE-2019-9232, CVE-2019-9433, CVE-2020-0034
SHA-256 | ebb4f2ca86d64f64b6e55a9750e432e9a783f11a2899b6d69f95f7d608f111da

Red Hat Security Advisory 2020-3876-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: libvpx security update
Advisory ID: RHSA-2020:3876-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3876
Issue date: 2020-09-29
CVE Names: CVE-2017-0393 CVE-2019-9232 CVE-2019-9433
CVE-2020-0034
====================================================================
1. Summary:

An update for libvpx is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The libvpx packages provide the VP8 SDK, which allows the encoding and
decoding of the VP8 video codec, commonly used with the WebM multimedia
container file format.

Security Fix(es):

* libvpx: Denial of service in mediaserver (CVE-2017-0393)

* libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)

* libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c
(CVE-2019-9433)

* libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c
(CVE-2020-0034)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.9 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, all applications using libvpx must be
restarted for the changes to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1769657 - CVE-2017-0393 libvpx: Denial of service in mediaserver
1788966 - CVE-2019-9232 libvpx: Out of bounds read in vp8_norm table
1788994 - CVE-2019-9433 libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c
1813000 - CVE-2020-0034 libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
libvpx-1.3.0-8.el7.src.rpm

x86_64:
libvpx-1.3.0-8.el7.i686.rpm
libvpx-1.3.0-8.el7.x86_64.rpm
libvpx-debuginfo-1.3.0-8.el7.i686.rpm
libvpx-debuginfo-1.3.0-8.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
libvpx-debuginfo-1.3.0-8.el7.i686.rpm
libvpx-debuginfo-1.3.0-8.el7.x86_64.rpm
libvpx-devel-1.3.0-8.el7.i686.rpm
libvpx-devel-1.3.0-8.el7.x86_64.rpm
libvpx-utils-1.3.0-8.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:
libvpx-1.3.0-8.el7.src.rpm

x86_64:
libvpx-1.3.0-8.el7.i686.rpm
libvpx-1.3.0-8.el7.x86_64.rpm
libvpx-debuginfo-1.3.0-8.el7.i686.rpm
libvpx-debuginfo-1.3.0-8.el7.x86_64.rpm
libvpx-devel-1.3.0-8.el7.i686.rpm
libvpx-devel-1.3.0-8.el7.x86_64.rpm
libvpx-utils-1.3.0-8.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
libvpx-1.3.0-8.el7.src.rpm

ppc64:
libvpx-1.3.0-8.el7.ppc.rpm
libvpx-1.3.0-8.el7.ppc64.rpm
libvpx-debuginfo-1.3.0-8.el7.ppc.rpm
libvpx-debuginfo-1.3.0-8.el7.ppc64.rpm

ppc64le:
libvpx-1.3.0-8.el7.ppc64le.rpm
libvpx-debuginfo-1.3.0-8.el7.ppc64le.rpm

s390x:
libvpx-1.3.0-8.el7.s390.rpm
libvpx-1.3.0-8.el7.s390x.rpm
libvpx-debuginfo-1.3.0-8.el7.s390.rpm
libvpx-debuginfo-1.3.0-8.el7.s390x.rpm

x86_64:
libvpx-1.3.0-8.el7.i686.rpm
libvpx-1.3.0-8.el7.x86_64.rpm
libvpx-debuginfo-1.3.0-8.el7.i686.rpm
libvpx-debuginfo-1.3.0-8.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
libvpx-debuginfo-1.3.0-8.el7.ppc.rpm
libvpx-debuginfo-1.3.0-8.el7.ppc64.rpm
libvpx-devel-1.3.0-8.el7.ppc.rpm
libvpx-devel-1.3.0-8.el7.ppc64.rpm
libvpx-utils-1.3.0-8.el7.ppc64.rpm

ppc64le:
libvpx-debuginfo-1.3.0-8.el7.ppc64le.rpm
libvpx-devel-1.3.0-8.el7.ppc64le.rpm
libvpx-utils-1.3.0-8.el7.ppc64le.rpm

s390x:
libvpx-debuginfo-1.3.0-8.el7.s390.rpm
libvpx-debuginfo-1.3.0-8.el7.s390x.rpm
libvpx-devel-1.3.0-8.el7.s390.rpm
libvpx-devel-1.3.0-8.el7.s390x.rpm
libvpx-utils-1.3.0-8.el7.s390x.rpm

x86_64:
libvpx-debuginfo-1.3.0-8.el7.i686.rpm
libvpx-debuginfo-1.3.0-8.el7.x86_64.rpm
libvpx-devel-1.3.0-8.el7.i686.rpm
libvpx-devel-1.3.0-8.el7.x86_64.rpm
libvpx-utils-1.3.0-8.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
libvpx-1.3.0-8.el7.src.rpm

x86_64:
libvpx-1.3.0-8.el7.i686.rpm
libvpx-1.3.0-8.el7.x86_64.rpm
libvpx-debuginfo-1.3.0-8.el7.i686.rpm
libvpx-debuginfo-1.3.0-8.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
libvpx-debuginfo-1.3.0-8.el7.i686.rpm
libvpx-debuginfo-1.3.0-8.el7.x86_64.rpm
libvpx-devel-1.3.0-8.el7.i686.rpm
libvpx-devel-1.3.0-8.el7.x86_64.rpm
libvpx-utils-1.3.0-8.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-0393
https://access.redhat.com/security/cve/CVE-2019-9232
https://access.redhat.com/security/cve/CVE-2019-9433
https://access.redhat.com/security/cve/CVE-2020-0034
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX3OfLdzjgjWX9erEAQitbA/9EWvcEPp8tmGdH+29VlbtVJqCTGrH8MFI
tR5gHb83fUgAJ3h61a0dJcNObPQzcnbVus8wicThJHT01ODf+P7TajOV16cGUN58
GQtLLrrR/o15p6Yl1JUWx85VUVmDVkrMFnUsjhdQA2/uwSu4doUI0HX2d7YhImVe
vhgcZuSko6EZfg65Kez/KR1E/mhxq2VgJMRdHtpqJIbyYAGsxVRWZZDJ0YUGIuLe
hbMbQjrjq5eT+LhGqiN+BhwRa791AiI6ee6qSNcvVPXFzsHlX1ui0iIqkHiSGlhG
oksFR3mCM/qzIPqHy95eJNfC79Xo8cN1hcV1lADxgqIJiCrnSY6Wdj9CTVOATeM7
KRExeAuuVKalPLKsL6mCPaiOnreKf7kNdjDeXiXSqgSxnu060H+E/7ZnaqgZD/X4
aT383fYTcpxH2RrqOH4RX2D+9r1dawaYG/9XHLA7A9sXZ/Fgbn2rbUibqkHBWTlR
BMb3m/0KuHzfYm5pKSUx9ztJo0Zgn4kWy9M36/T8urlAxSxkcCQHWXtDfaVcrbyt
0TLmANjGBDJ605TAhrRteoSvoHaFVLJCbZ7rLNW93e3hBDN2Rginadpx4++z5N9L
ndpdepLUI2xQdglVX5rKZWYx9Erc9fPWwLW1iXA6kbg15h9lKcZy/DIvdz3/J+/U
oaOsMnNvbKAëyk
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close