libvpx-1.9.0-7.el9.ML.1

エラータID: AXSA:2023-6488:01

Release date: 
Wednesday, October 11, 2023 - 07:22
Subject: 
libvpx-1.9.0-7.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications with the VP8 and VP9 video codecs, high quality, royalty free, open source codecs deployed on millions of computers and devices worldwide.

Security Fix(es):

* libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)
* libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-44488
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
CVE-2023-5217
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Solution: 

Update packages.

CVEs: 
CVE-2023-44488
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
CVE-2023-5217
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Additional Info: 

N/A

Download: 

SRPMS
  1. libvpx-1.9.0-7.el9.ML.1.src.rpm
    MD5: 90d8f1c8353d9acb0aa2bf916b60c8a9
    SHA-256: b0ce4b5b7a89c29081ef7845571a67c0d79e692f77d42d359e243edf03b53af0
    Size: 5.08 MB

Asianux Server 9 for x86_64
  1. libvpx-1.9.0-7.el9.ML.1.i686.rpm
    MD5: 2eeac553f2271b8517feabe7406b3290
    SHA-256: f97a6b1ac26b1593df75598efbff292e2d308363e34dd4466831dd4776f19e91
    Size: 1.17 MB
  2. libvpx-1.9.0-7.el9.ML.1.x86_64.rpm
    MD5: 9177af8f5c936a2c767b59bd6c2d74ba
    SHA-256: 4c4e00ef0098fdcad8d3c976dad684d8ae6124b3707353c83bd2f418d4efa163
    Size: 1.03 MB
  3. libvpx-devel-1.9.0-7.el9.ML.1.i686.rpm
    MD5: dba61d77bca35932eaab3646509e47dc
    SHA-256: 76924302b49ffb11e1bed7778bca1a5b1683f719c48963cb16048e168d8fc6b2
    Size: 294.47 kB
  4. libvpx-devel-1.9.0-7.el9.ML.1.x86_64.rpm
    MD5: 875aff629bd6424b8efef9d5a7d2f2ed
    SHA-256: e55f95f1ee7cbe04c7601becb8720e26fa64672b6ee0fe9a93b996b99b5b9dc3
    Size: 294.39 kB