Red Hat Product Errata RHSA-2023:5540 - Security Advisory
Issued:
2023-10-09
Updated:
2023-10-09

RHSA-2023:5540 - Security Advisory

Synopsis

Important: libvpx security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libvpx is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Security Fix(es):

  • libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)
  • libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, all applications using libvpx must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx
  • BZ - 2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
libvpx-1.9.0-7.el9_0.src.rpm SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
x86_64
libvpx-1.9.0-7.el9_0.i686.rpm SHA-256: 0724eb8d34fff76734a27f384be8a9f6bfde5c5dca9166532393d792e7bd69f8
libvpx-1.9.0-7.el9_0.x86_64.rpm SHA-256: 4b8fcbb1199dda88c77b79e91c2cdf51674f13402374415833b6d842a842000a
libvpx-debuginfo-1.9.0-7.el9_0.i686.rpm SHA-256: 812846a2ee88466bb9820886f83f70b0dce3bf73dafd6e39aee177981d688896
libvpx-debuginfo-1.9.0-7.el9_0.x86_64.rpm SHA-256: 351dfdf648c197f67df9e8189abc046978a4e07018a82e3592630f9f2a76e98d
libvpx-debugsource-1.9.0-7.el9_0.i686.rpm SHA-256: 469ce4c78f143b2554c62edf963d7f66abebd708eb1fda2efafeed0f9c14a5d5
libvpx-debugsource-1.9.0-7.el9_0.x86_64.rpm SHA-256: fabb69d55f3db15afd86ec2aa68a5b6f291a2b2d91a7990fea121b1d61534287
libvpx-utils-debuginfo-1.9.0-7.el9_0.i686.rpm SHA-256: 68452dfdad690b019ecdb983946c2c1b8c7f9c5d9369553b586d4db67c48e7c4
libvpx-utils-debuginfo-1.9.0-7.el9_0.x86_64.rpm SHA-256: 4aea1f6b88e788220ae43c8283584a10a39166e358633cc5ff63bb19c1a2130a

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
libvpx-1.9.0-7.el9_0.src.rpm SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
s390x
libvpx-1.9.0-7.el9_0.s390x.rpm SHA-256: 5acc1408e88016994b6f5b7c2c8f597c3da271925d15cb7c35adc84ff0e70ecc
libvpx-debuginfo-1.9.0-7.el9_0.s390x.rpm SHA-256: aa7f95fbe633dd295823cf6a66b42a978b329db52ace972d0b0db52602246525
libvpx-debugsource-1.9.0-7.el9_0.s390x.rpm SHA-256: 819365a9b23b38d99b276d6bd805c6560fffcf181a87c91e85fb87d20e814db1
libvpx-utils-debuginfo-1.9.0-7.el9_0.s390x.rpm SHA-256: 9f8c672216218223397f860a227827f75341a962903236903c427087f51ad084

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
libvpx-1.9.0-7.el9_0.src.rpm SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
ppc64le
libvpx-1.9.0-7.el9_0.ppc64le.rpm SHA-256: cf943f941865ad556f84e460ae3f72b15d0d954cb2d73c1c65e26cf3282a1dc6
libvpx-debuginfo-1.9.0-7.el9_0.ppc64le.rpm SHA-256: e9c299c157b8ede73159014e1f26b8201b402a71e94f7f03d16bb5b42da7cb2e
libvpx-debugsource-1.9.0-7.el9_0.ppc64le.rpm SHA-256: 62c3ff55bee579b4f94f6da0c6734013c8ce90635ade8abc718ccb9388770fe2
libvpx-utils-debuginfo-1.9.0-7.el9_0.ppc64le.rpm SHA-256: cb620972dc92893440862904993fad00d86d00973865a6e7b8cf5cd97b56487a

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
libvpx-1.9.0-7.el9_0.src.rpm SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
aarch64
libvpx-1.9.0-7.el9_0.aarch64.rpm SHA-256: dab55e7f477861ec21760b1f3ac368de9ec6112871eb8f197c5e74c31e6d9cc9
libvpx-debuginfo-1.9.0-7.el9_0.aarch64.rpm SHA-256: 27b05c2d89a2ee802d036e9098baeb731f174e486c7ecf56a161b23af3231b75
libvpx-debugsource-1.9.0-7.el9_0.aarch64.rpm SHA-256: c664443800e6fbe5b67a849442a83a880cdfe56891a06ee78a56ec1db7853ab5
libvpx-utils-debuginfo-1.9.0-7.el9_0.aarch64.rpm SHA-256: b0f7ff723fc85c44978f94787d5ca1d241104698b6d6ba5de3c2b87aa36f20b6

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
libvpx-1.9.0-7.el9_0.src.rpm SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
ppc64le
libvpx-1.9.0-7.el9_0.ppc64le.rpm SHA-256: cf943f941865ad556f84e460ae3f72b15d0d954cb2d73c1c65e26cf3282a1dc6
libvpx-debuginfo-1.9.0-7.el9_0.ppc64le.rpm SHA-256: e9c299c157b8ede73159014e1f26b8201b402a71e94f7f03d16bb5b42da7cb2e
libvpx-debugsource-1.9.0-7.el9_0.ppc64le.rpm SHA-256: 62c3ff55bee579b4f94f6da0c6734013c8ce90635ade8abc718ccb9388770fe2
libvpx-utils-debuginfo-1.9.0-7.el9_0.ppc64le.rpm SHA-256: cb620972dc92893440862904993fad00d86d00973865a6e7b8cf5cd97b56487a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
libvpx-1.9.0-7.el9_0.src.rpm SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
x86_64
libvpx-1.9.0-7.el9_0.i686.rpm SHA-256: 0724eb8d34fff76734a27f384be8a9f6bfde5c5dca9166532393d792e7bd69f8
libvpx-1.9.0-7.el9_0.x86_64.rpm SHA-256: 4b8fcbb1199dda88c77b79e91c2cdf51674f13402374415833b6d842a842000a
libvpx-debuginfo-1.9.0-7.el9_0.i686.rpm SHA-256: 812846a2ee88466bb9820886f83f70b0dce3bf73dafd6e39aee177981d688896
libvpx-debuginfo-1.9.0-7.el9_0.x86_64.rpm SHA-256: 351dfdf648c197f67df9e8189abc046978a4e07018a82e3592630f9f2a76e98d
libvpx-debugsource-1.9.0-7.el9_0.i686.rpm SHA-256: 469ce4c78f143b2554c62edf963d7f66abebd708eb1fda2efafeed0f9c14a5d5
libvpx-debugsource-1.9.0-7.el9_0.x86_64.rpm SHA-256: fabb69d55f3db15afd86ec2aa68a5b6f291a2b2d91a7990fea121b1d61534287
libvpx-utils-debuginfo-1.9.0-7.el9_0.i686.rpm SHA-256: 68452dfdad690b019ecdb983946c2c1b8c7f9c5d9369553b586d4db67c48e7c4
libvpx-utils-debuginfo-1.9.0-7.el9_0.x86_64.rpm SHA-256: 4aea1f6b88e788220ae43c8283584a10a39166e358633cc5ff63bb19c1a2130a

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0

SRPM
x86_64
libvpx-debuginfo-1.9.0-7.el9_0.i686.rpm SHA-256: 812846a2ee88466bb9820886f83f70b0dce3bf73dafd6e39aee177981d688896
libvpx-debuginfo-1.9.0-7.el9_0.x86_64.rpm SHA-256: 351dfdf648c197f67df9e8189abc046978a4e07018a82e3592630f9f2a76e98d
libvpx-debugsource-1.9.0-7.el9_0.i686.rpm SHA-256: 469ce4c78f143b2554c62edf963d7f66abebd708eb1fda2efafeed0f9c14a5d5
libvpx-debugsource-1.9.0-7.el9_0.x86_64.rpm SHA-256: fabb69d55f3db15afd86ec2aa68a5b6f291a2b2d91a7990fea121b1d61534287
libvpx-devel-1.9.0-7.el9_0.i686.rpm SHA-256: bc34db349b9503beb15c9953ef5a60179879a18378018faeea21275ad86f1eb6
libvpx-devel-1.9.0-7.el9_0.x86_64.rpm SHA-256: 742ee57b9020cd264cda65679e9f424f695b307b7d60a06eea24580fe9dd5d29
libvpx-utils-debuginfo-1.9.0-7.el9_0.i686.rpm SHA-256: 68452dfdad690b019ecdb983946c2c1b8c7f9c5d9369553b586d4db67c48e7c4
libvpx-utils-debuginfo-1.9.0-7.el9_0.x86_64.rpm SHA-256: 4aea1f6b88e788220ae43c8283584a10a39166e358633cc5ff63bb19c1a2130a

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0

SRPM
ppc64le
libvpx-debuginfo-1.9.0-7.el9_0.ppc64le.rpm SHA-256: e9c299c157b8ede73159014e1f26b8201b402a71e94f7f03d16bb5b42da7cb2e
libvpx-debugsource-1.9.0-7.el9_0.ppc64le.rpm SHA-256: 62c3ff55bee579b4f94f6da0c6734013c8ce90635ade8abc718ccb9388770fe2
libvpx-devel-1.9.0-7.el9_0.ppc64le.rpm SHA-256: 008ceccd8284a7edb0806549ef96b7781fb337e20f86c5a7360e998aeef8f293
libvpx-utils-debuginfo-1.9.0-7.el9_0.ppc64le.rpm SHA-256: cb620972dc92893440862904993fad00d86d00973865a6e7b8cf5cd97b56487a

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0

SRPM
s390x
libvpx-debuginfo-1.9.0-7.el9_0.s390x.rpm SHA-256: aa7f95fbe633dd295823cf6a66b42a978b329db52ace972d0b0db52602246525
libvpx-debugsource-1.9.0-7.el9_0.s390x.rpm SHA-256: 819365a9b23b38d99b276d6bd805c6560fffcf181a87c91e85fb87d20e814db1
libvpx-devel-1.9.0-7.el9_0.s390x.rpm SHA-256: 0392e17c29072b106b135d19679d766b647f74ca9016e9790f111558f8f9306c
libvpx-utils-debuginfo-1.9.0-7.el9_0.s390x.rpm SHA-256: 9f8c672216218223397f860a227827f75341a962903236903c427087f51ad084

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0

SRPM
aarch64
libvpx-debuginfo-1.9.0-7.el9_0.aarch64.rpm SHA-256: 27b05c2d89a2ee802d036e9098baeb731f174e486c7ecf56a161b23af3231b75
libvpx-debugsource-1.9.0-7.el9_0.aarch64.rpm SHA-256: c664443800e6fbe5b67a849442a83a880cdfe56891a06ee78a56ec1db7853ab5
libvpx-devel-1.9.0-7.el9_0.aarch64.rpm SHA-256: 2389077a9c429876a0425b41b91e07466f2916ef7481babfc5b73f17e9d05b20
libvpx-utils-debuginfo-1.9.0-7.el9_0.aarch64.rpm SHA-256: b0f7ff723fc85c44978f94787d5ca1d241104698b6d6ba5de3c2b87aa36f20b6

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
libvpx-1.9.0-7.el9_0.src.rpm SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
aarch64
libvpx-1.9.0-7.el9_0.aarch64.rpm SHA-256: dab55e7f477861ec21760b1f3ac368de9ec6112871eb8f197c5e74c31e6d9cc9
libvpx-debuginfo-1.9.0-7.el9_0.aarch64.rpm SHA-256: 27b05c2d89a2ee802d036e9098baeb731f174e486c7ecf56a161b23af3231b75
libvpx-debugsource-1.9.0-7.el9_0.aarch64.rpm SHA-256: c664443800e6fbe5b67a849442a83a880cdfe56891a06ee78a56ec1db7853ab5
libvpx-utils-debuginfo-1.9.0-7.el9_0.aarch64.rpm SHA-256: b0f7ff723fc85c44978f94787d5ca1d241104698b6d6ba5de3c2b87aa36f20b6

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
libvpx-1.9.0-7.el9_0.src.rpm SHA-256: e870575dbf47b78cf4433eb3d2843fd667d94064de1fdf46243d36517469116c
s390x
libvpx-1.9.0-7.el9_0.s390x.rpm SHA-256: 5acc1408e88016994b6f5b7c2c8f597c3da271925d15cb7c35adc84ff0e70ecc
libvpx-debuginfo-1.9.0-7.el9_0.s390x.rpm SHA-256: aa7f95fbe633dd295823cf6a66b42a978b329db52ace972d0b0db52602246525
libvpx-debugsource-1.9.0-7.el9_0.s390x.rpm SHA-256: 819365a9b23b38d99b276d6bd805c6560fffcf181a87c91e85fb87d20e814db1
libvpx-utils-debuginfo-1.9.0-7.el9_0.s390x.rpm SHA-256: 9f8c672216218223397f860a227827f75341a962903236903c427087f51ad084

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.