Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2023:5538 - Security Advisory
Issued:
2023-10-09
Updated:
2023-10-09

RHSA-2023:5538 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: libvpx security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Security Fix(es):

  • libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)
  • libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, all applications using libvpx must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64

Fixes

  • BZ - 2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx
  • BZ - 2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx

CVEs

  • CVE-2023-5217
  • CVE-2023-44488

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
libvpx-1.7.0-10.el8_6.src.rpm SHA-256: d64a51e68b8e352be9d98826651af30b4133586e28663c77b492d6927cba0b14
x86_64
libvpx-1.7.0-10.el8_6.i686.rpm SHA-256: d657de762ab9ad71bb147562fd315523cba44524f164aa8e3b25b867a5122660
libvpx-1.7.0-10.el8_6.x86_64.rpm SHA-256: 167c995b9d0cd4a69cfd099314362d8a48851a59c6e6f282442ac2d819fe444d
libvpx-debuginfo-1.7.0-10.el8_6.i686.rpm SHA-256: 26f1472e4b9fca35a46c85f613c56f322ccecae003a2430628065dfef08e731c
libvpx-debuginfo-1.7.0-10.el8_6.x86_64.rpm SHA-256: f9da92463978df05e29283b658b89826d5b7924de45775d8d1f273999f80f077
libvpx-debugsource-1.7.0-10.el8_6.i686.rpm SHA-256: 44f7cc5cece00ce0bba5759c93820553af83f71d36eb4b7c920d3ccb766bc9ee
libvpx-debugsource-1.7.0-10.el8_6.x86_64.rpm SHA-256: 98a940bbccadfd722d68c2ac9bd2bde9399a64caa3b2db21438835770125b432
libvpx-utils-debuginfo-1.7.0-10.el8_6.i686.rpm SHA-256: 4afe499d6702f861b1d64ea1be1a5590d06b5036e0e885c68b298fb1891d045c
libvpx-utils-debuginfo-1.7.0-10.el8_6.x86_64.rpm SHA-256: cb39e99d7a17f85c67625ecf7a0bd936713c4a67f0b25842308af94acffc5f76

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6

SRPM
libvpx-1.7.0-10.el8_6.src.rpm SHA-256: d64a51e68b8e352be9d98826651af30b4133586e28663c77b492d6927cba0b14
x86_64
libvpx-1.7.0-10.el8_6.i686.rpm SHA-256: d657de762ab9ad71bb147562fd315523cba44524f164aa8e3b25b867a5122660
libvpx-1.7.0-10.el8_6.x86_64.rpm SHA-256: 167c995b9d0cd4a69cfd099314362d8a48851a59c6e6f282442ac2d819fe444d
libvpx-debuginfo-1.7.0-10.el8_6.i686.rpm SHA-256: 26f1472e4b9fca35a46c85f613c56f322ccecae003a2430628065dfef08e731c
libvpx-debuginfo-1.7.0-10.el8_6.x86_64.rpm SHA-256: f9da92463978df05e29283b658b89826d5b7924de45775d8d1f273999f80f077
libvpx-debugsource-1.7.0-10.el8_6.i686.rpm SHA-256: 44f7cc5cece00ce0bba5759c93820553af83f71d36eb4b7c920d3ccb766bc9ee
libvpx-debugsource-1.7.0-10.el8_6.x86_64.rpm SHA-256: 98a940bbccadfd722d68c2ac9bd2bde9399a64caa3b2db21438835770125b432
libvpx-utils-debuginfo-1.7.0-10.el8_6.i686.rpm SHA-256: 4afe499d6702f861b1d64ea1be1a5590d06b5036e0e885c68b298fb1891d045c
libvpx-utils-debuginfo-1.7.0-10.el8_6.x86_64.rpm SHA-256: cb39e99d7a17f85c67625ecf7a0bd936713c4a67f0b25842308af94acffc5f76

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
libvpx-1.7.0-10.el8_6.src.rpm SHA-256: d64a51e68b8e352be9d98826651af30b4133586e28663c77b492d6927cba0b14
x86_64
libvpx-1.7.0-10.el8_6.i686.rpm SHA-256: d657de762ab9ad71bb147562fd315523cba44524f164aa8e3b25b867a5122660
libvpx-1.7.0-10.el8_6.x86_64.rpm SHA-256: 167c995b9d0cd4a69cfd099314362d8a48851a59c6e6f282442ac2d819fe444d
libvpx-debuginfo-1.7.0-10.el8_6.i686.rpm SHA-256: 26f1472e4b9fca35a46c85f613c56f322ccecae003a2430628065dfef08e731c
libvpx-debuginfo-1.7.0-10.el8_6.x86_64.rpm SHA-256: f9da92463978df05e29283b658b89826d5b7924de45775d8d1f273999f80f077
libvpx-debugsource-1.7.0-10.el8_6.i686.rpm SHA-256: 44f7cc5cece00ce0bba5759c93820553af83f71d36eb4b7c920d3ccb766bc9ee
libvpx-debugsource-1.7.0-10.el8_6.x86_64.rpm SHA-256: 98a940bbccadfd722d68c2ac9bd2bde9399a64caa3b2db21438835770125b432
libvpx-utils-debuginfo-1.7.0-10.el8_6.i686.rpm SHA-256: 4afe499d6702f861b1d64ea1be1a5590d06b5036e0e885c68b298fb1891d045c
libvpx-utils-debuginfo-1.7.0-10.el8_6.x86_64.rpm SHA-256: cb39e99d7a17f85c67625ecf7a0bd936713c4a67f0b25842308af94acffc5f76

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
libvpx-1.7.0-10.el8_6.src.rpm SHA-256: d64a51e68b8e352be9d98826651af30b4133586e28663c77b492d6927cba0b14
s390x
libvpx-1.7.0-10.el8_6.s390x.rpm SHA-256: 5440eddb470bcbc8553b47bdaf1b74b5ceeb89e01e93658ad4aa8b56aa0ad611
libvpx-debuginfo-1.7.0-10.el8_6.s390x.rpm SHA-256: faf8ca32eb4f78755db7de4ee16d9be6dad5246692df6dea719f8043934e77d6
libvpx-debugsource-1.7.0-10.el8_6.s390x.rpm SHA-256: 3f06b375b4959ce966ff7e6a6a24abf97fd13a46aff1843cbc24aebfdbcd07c9
libvpx-utils-debuginfo-1.7.0-10.el8_6.s390x.rpm SHA-256: e4c879f24fac752adaf4ef04aa980c553c5e31465ee42a13c3b92fd4b8dc950a

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
libvpx-1.7.0-10.el8_6.src.rpm SHA-256: d64a51e68b8e352be9d98826651af30b4133586e28663c77b492d6927cba0b14
ppc64le
libvpx-1.7.0-10.el8_6.ppc64le.rpm SHA-256: 21fb256871cb8df53b6ecd014b97954104c0dd7567556c60b40641fb3862074b
libvpx-debuginfo-1.7.0-10.el8_6.ppc64le.rpm SHA-256: c2e37604dbc20ad2c747a89fe75906edf8660d217fd7065afb661020afbb600e
libvpx-debugsource-1.7.0-10.el8_6.ppc64le.rpm SHA-256: e337744456119deb3f14f93e4ca512d0ad8629c4d29711ebf3d1938e45f69af0
libvpx-utils-debuginfo-1.7.0-10.el8_6.ppc64le.rpm SHA-256: 5b864f044b4a4cade995491a1e01fd4201df8fd6ac58a7f765d8fa85957b349b

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
libvpx-1.7.0-10.el8_6.src.rpm SHA-256: d64a51e68b8e352be9d98826651af30b4133586e28663c77b492d6927cba0b14
x86_64
libvpx-1.7.0-10.el8_6.i686.rpm SHA-256: d657de762ab9ad71bb147562fd315523cba44524f164aa8e3b25b867a5122660
libvpx-1.7.0-10.el8_6.x86_64.rpm SHA-256: 167c995b9d0cd4a69cfd099314362d8a48851a59c6e6f282442ac2d819fe444d
libvpx-debuginfo-1.7.0-10.el8_6.i686.rpm SHA-256: 26f1472e4b9fca35a46c85f613c56f322ccecae003a2430628065dfef08e731c
libvpx-debuginfo-1.7.0-10.el8_6.x86_64.rpm SHA-256: f9da92463978df05e29283b658b89826d5b7924de45775d8d1f273999f80f077
libvpx-debugsource-1.7.0-10.el8_6.i686.rpm SHA-256: 44f7cc5cece00ce0bba5759c93820553af83f71d36eb4b7c920d3ccb766bc9ee
libvpx-debugsource-1.7.0-10.el8_6.x86_64.rpm SHA-256: 98a940bbccadfd722d68c2ac9bd2bde9399a64caa3b2db21438835770125b432
libvpx-utils-debuginfo-1.7.0-10.el8_6.i686.rpm SHA-256: 4afe499d6702f861b1d64ea1be1a5590d06b5036e0e885c68b298fb1891d045c
libvpx-utils-debuginfo-1.7.0-10.el8_6.x86_64.rpm SHA-256: cb39e99d7a17f85c67625ecf7a0bd936713c4a67f0b25842308af94acffc5f76

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
libvpx-1.7.0-10.el8_6.src.rpm SHA-256: d64a51e68b8e352be9d98826651af30b4133586e28663c77b492d6927cba0b14
aarch64
libvpx-1.7.0-10.el8_6.aarch64.rpm SHA-256: b55da1968bedac711608726a58ce0795314a3be8060fce9aa79235c205ad11ae
libvpx-debuginfo-1.7.0-10.el8_6.aarch64.rpm SHA-256: 36b140376da72969f7542d63ed12964d783968fda7dcd572e211dcad90f4c94a
libvpx-debugsource-1.7.0-10.el8_6.aarch64.rpm SHA-256: f927ab60a98bc160ccf237ae80821deaa899f8a174139c3a932ea0a779aeea1f
libvpx-utils-debuginfo-1.7.0-10.el8_6.aarch64.rpm SHA-256: 2feb1a3ab7d704c9c6b0f4e5287b253318b1dd7950b9290015126851eae8d757

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
libvpx-1.7.0-10.el8_6.src.rpm SHA-256: d64a51e68b8e352be9d98826651af30b4133586e28663c77b492d6927cba0b14
ppc64le
libvpx-1.7.0-10.el8_6.ppc64le.rpm SHA-256: 21fb256871cb8df53b6ecd014b97954104c0dd7567556c60b40641fb3862074b
libvpx-debuginfo-1.7.0-10.el8_6.ppc64le.rpm SHA-256: c2e37604dbc20ad2c747a89fe75906edf8660d217fd7065afb661020afbb600e
libvpx-debugsource-1.7.0-10.el8_6.ppc64le.rpm SHA-256: e337744456119deb3f14f93e4ca512d0ad8629c4d29711ebf3d1938e45f69af0
libvpx-utils-debuginfo-1.7.0-10.el8_6.ppc64le.rpm SHA-256: 5b864f044b4a4cade995491a1e01fd4201df8fd6ac58a7f765d8fa85957b349b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
libvpx-1.7.0-10.el8_6.src.rpm SHA-256: d64a51e68b8e352be9d98826651af30b4133586e28663c77b492d6927cba0b14
x86_64
libvpx-1.7.0-10.el8_6.i686.rpm SHA-256: d657de762ab9ad71bb147562fd315523cba44524f164aa8e3b25b867a5122660
libvpx-1.7.0-10.el8_6.x86_64.rpm SHA-256: 167c995b9d0cd4a69cfd099314362d8a48851a59c6e6f282442ac2d819fe444d
libvpx-debuginfo-1.7.0-10.el8_6.i686.rpm SHA-256: 26f1472e4b9fca35a46c85f613c56f322ccecae003a2430628065dfef08e731c
libvpx-debuginfo-1.7.0-10.el8_6.x86_64.rpm SHA-256: f9da92463978df05e29283b658b89826d5b7924de45775d8d1f273999f80f077
libvpx-debugsource-1.7.0-10.el8_6.i686.rpm SHA-256: 44f7cc5cece00ce0bba5759c93820553af83f71d36eb4b7c920d3ccb766bc9ee
libvpx-debugsource-1.7.0-10.el8_6.x86_64.rpm SHA-256: 98a940bbccadfd722d68c2ac9bd2bde9399a64caa3b2db21438835770125b432
libvpx-utils-debuginfo-1.7.0-10.el8_6.i686.rpm SHA-256: 4afe499d6702f861b1d64ea1be1a5590d06b5036e0e885c68b298fb1891d045c
libvpx-utils-debuginfo-1.7.0-10.el8_6.x86_64.rpm SHA-256: cb39e99d7a17f85c67625ecf7a0bd936713c4a67f0b25842308af94acffc5f76

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6

SRPM
x86_64
libvpx-debuginfo-1.7.0-10.el8_6.i686.rpm SHA-256: 26f1472e4b9fca35a46c85f613c56f322ccecae003a2430628065dfef08e731c
libvpx-debuginfo-1.7.0-10.el8_6.x86_64.rpm SHA-256: f9da92463978df05e29283b658b89826d5b7924de45775d8d1f273999f80f077
libvpx-debugsource-1.7.0-10.el8_6.i686.rpm SHA-256: 44f7cc5cece00ce0bba5759c93820553af83f71d36eb4b7c920d3ccb766bc9ee
libvpx-debugsource-1.7.0-10.el8_6.x86_64.rpm SHA-256: 98a940bbccadfd722d68c2ac9bd2bde9399a64caa3b2db21438835770125b432
libvpx-devel-1.7.0-10.el8_6.i686.rpm SHA-256: db0b1476879858e4adb47b75a30e2e297593f472c45f99c0cf918d28e7e6c85f
libvpx-devel-1.7.0-10.el8_6.x86_64.rpm SHA-256: 7211b39b575bd1192c64a75f6f4f53b30620c89f19c7e184e2647cf0309ea57e
libvpx-utils-debuginfo-1.7.0-10.el8_6.i686.rpm SHA-256: 4afe499d6702f861b1d64ea1be1a5590d06b5036e0e885c68b298fb1891d045c
libvpx-utils-debuginfo-1.7.0-10.el8_6.x86_64.rpm SHA-256: cb39e99d7a17f85c67625ecf7a0bd936713c4a67f0b25842308af94acffc5f76

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6

SRPM
ppc64le
libvpx-debuginfo-1.7.0-10.el8_6.ppc64le.rpm SHA-256: c2e37604dbc20ad2c747a89fe75906edf8660d217fd7065afb661020afbb600e
libvpx-debugsource-1.7.0-10.el8_6.ppc64le.rpm SHA-256: e337744456119deb3f14f93e4ca512d0ad8629c4d29711ebf3d1938e45f69af0
libvpx-devel-1.7.0-10.el8_6.ppc64le.rpm SHA-256: 2c7a45e4bbd35233daac91da515019e1a5dbdbd91059125fdc07de01f37a0ee1
libvpx-utils-debuginfo-1.7.0-10.el8_6.ppc64le.rpm SHA-256: 5b864f044b4a4cade995491a1e01fd4201df8fd6ac58a7f765d8fa85957b349b

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6

SRPM
s390x
libvpx-debuginfo-1.7.0-10.el8_6.s390x.rpm SHA-256: faf8ca32eb4f78755db7de4ee16d9be6dad5246692df6dea719f8043934e77d6
libvpx-debugsource-1.7.0-10.el8_6.s390x.rpm SHA-256: 3f06b375b4959ce966ff7e6a6a24abf97fd13a46aff1843cbc24aebfdbcd07c9
libvpx-devel-1.7.0-10.el8_6.s390x.rpm SHA-256: 5586bd917977b5841dbf17afd035be5e4ac515d1b43da767147c61011cdd7f31
libvpx-utils-debuginfo-1.7.0-10.el8_6.s390x.rpm SHA-256: e4c879f24fac752adaf4ef04aa980c553c5e31465ee42a13c3b92fd4b8dc950a

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6

SRPM
aarch64
libvpx-debuginfo-1.7.0-10.el8_6.aarch64.rpm SHA-256: 36b140376da72969f7542d63ed12964d783968fda7dcd572e211dcad90f4c94a
libvpx-debugsource-1.7.0-10.el8_6.aarch64.rpm SHA-256: f927ab60a98bc160ccf237ae80821deaa899f8a174139c3a932ea0a779aeea1f
libvpx-devel-1.7.0-10.el8_6.aarch64.rpm SHA-256: 53f9937a47179686e000b98aeddb12f77355e374c63fb6dd7fd3f76096abab82
libvpx-utils-debuginfo-1.7.0-10.el8_6.aarch64.rpm SHA-256: 2feb1a3ab7d704c9c6b0f4e5287b253318b1dd7950b9290015126851eae8d757

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility