libvpx-1.7.0-8.el8
エラータID: AXSA:2021-1123:01
リリース日:
2021/01/08 Friday - 10:23
題名:
libvpx-1.7.0-8.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libvpx には、開放されたポインタがリセットされない
ことによる二重開放の問題があり、追加の実行権限を
必要とせずに、リモートからのコード実行が可能になる
脆弱性があります。(CVE-2019-2126)
- libvpx には、境界チェックが欠落しているために、
範囲外の読み取りが行われる可能性があり、これにより
追加の実行権限を必要とせずにリモート情報が開示される
可能性のある脆弱性があります。 (CVE-2019-9232)
- libvpx には、不適切な入力の検証によるリソース消費の問題があり、
追加の実行権限を必要とせずに、リモートからサービス拒否を
引き起こす可能性のある脆弱性があります。(CVE-2019-9371)
- libvpx には、不適切な入力検証が原因で、情報が
開示される可能性があり、これにより追加の実行権限を
必要とせずにリモート情報が開示される可能性がある
脆弱性があります。(CVE-2019-9433)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-2126
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.
CVE-2019-9232
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483
CVE-2019-9371
In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254
In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254
CVE-2019-9433
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354
追加情報:
N/A
ダウンロード:
SRPMS
- libvpx-1.7.0-8.el8.src.rpm
MD5: 1f6cb44612aefb4d9c73dec5c2df25ef
SHA-256: 8a8a130affae947497f33b85a0de3a35d766457df1f6b903fc0275a9d5cb221b
Size: 2.57 MB
Asianux Server 8 for x86_64
- libvpx-1.7.0-8.el8.x86_64.rpm
MD5: 51292f1efa7eabd13286b5d9e22d2f53
SHA-256: 9e8cdbe32b5b65ad313c5e279f814a07db2086ff1b99397cab51e6941f13a01b
Size: 852.68 kB - libvpx-1.7.0-8.el8.i686.rpm
MD5: 2495fecd7e5a200e0f2caa9af08483bb
SHA-256: 66c10f67837b0972b7857ac38e7db462997c5145c029b2d263ae95b4e34cfaf9
Size: 883.95 kB