libvpx-1.3.0-8.el7

エラータID: AXSA:2020-581:01

Release date: 
Tuesday, October 6, 2020 - 08:42
Subject: 
libvpx-1.3.0-8.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

CVE-2017-0393
A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808.
CVE-2019-9232
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483
CVE-2019-9433
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354
CVE-2020-0034
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

Solution: 

Update packages.

CVEs: 
CVE-2017-0393
A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808.
CVE-2019-9232
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483
CVE-2019-9433
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354
CVE-2020-0034
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770
Additional Info: 

N/A

Download: 

SRPMS
  1. libvpx-1.3.0-8.el7.src.rpm
    MD5: f0d27788b08e6f82e40a13c134eff444
    SHA-256: 58f4ffc463439f591973c86e2a53b50f5ecb21e3004659d4512815240e8878b6
    Size: 2.00 MB

Asianux Server 7 for x86_64
  1. libvpx-1.3.0-8.el7.x86_64.rpm
    MD5: 731dffbb0a47282214056f3a27c9fbeb
    SHA-256: 490d882db82660ddcdee4b84505ff493b338a6cf605730a0a88d33815a44be4d
    Size: 497.00 kB
  2. libvpx-1.3.0-8.el7.i686.rpm
    MD5: d15dc728625d1c39204c15838049690f
    SHA-256: 42f67c5efeb18482af7587a8a26f1973e4aaf5a982e2e178c151e7adb3cb86dc
    Size: 506.39 kB