Red Hat Product Errata RHSA-2024:5941 - Security Advisory
Issued:
2024-08-28
Updated:
2024-08-28

RHSA-2024:5941 - Security Advisory

Synopsis

Moderate: libvpx security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libvpx is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Security Fix(es):

  • libvpx: Heap buffer overflow related to VP9 encoding (CVE-2023-6349)
  • libvpx: Integer overflow in vpx_img_alloc() (CVE-2024-5197)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 2283553 - CVE-2023-6349 libvpx: Heap buffer overflow related to VP9 encoding
  • BZ - 2291198 - CVE-2024-5197 libvpx: Integer overflow in vpx_img_alloc()

Red Hat Enterprise Linux for x86_64 8

SRPM
libvpx-1.7.0-11.el8_10.src.rpm SHA-256: 75f013147b20f1c6cb04d132ce205cb4b4de8a98c441fb4cdbe91199b6a44bb2
x86_64
libvpx-1.7.0-11.el8_10.i686.rpm SHA-256: 11d9e6d42d9fede16d55c9933168544294ce86a33f90f29e319fc003308ccfaa
libvpx-1.7.0-11.el8_10.x86_64.rpm SHA-256: 20610447d23e86af27384c9932ef8f80e6eeee2261a2e7404bf7df5326120afb
libvpx-debuginfo-1.7.0-11.el8_10.i686.rpm SHA-256: e2b2d6f4120dfca65f3571041ba37160358fcc0aed949b8a00f1360b0deadffc
libvpx-debuginfo-1.7.0-11.el8_10.x86_64.rpm SHA-256: 79846e09a39f797491a0f26707cc9af927627266488adb83937017ad0cb1c6d7
libvpx-debugsource-1.7.0-11.el8_10.i686.rpm SHA-256: cc68ec3348f6c00d4b1f80f327b2cc37ff25dbab515f93614962e6f44cf29d9b
libvpx-debugsource-1.7.0-11.el8_10.x86_64.rpm SHA-256: 49b5e8265695f3dc7f716c6870993950a0a980412f969bb5c646f0a670e6d5ef
libvpx-utils-debuginfo-1.7.0-11.el8_10.i686.rpm SHA-256: 8148d095fb9dd7864524c549d5d73f9aa570b2e4db1274b0ef016a0a2e8bde91
libvpx-utils-debuginfo-1.7.0-11.el8_10.x86_64.rpm SHA-256: 622e45c0ebc0d745ed7127b5898a6c3fc7415811f2e640a665b4db0b41b535f8

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
libvpx-1.7.0-11.el8_10.src.rpm SHA-256: 75f013147b20f1c6cb04d132ce205cb4b4de8a98c441fb4cdbe91199b6a44bb2
s390x
libvpx-1.7.0-11.el8_10.s390x.rpm SHA-256: 23d1e2252f6ec291fcd5d5f783b14ced4c34acb027d9058cf546c48ae9c075d6
libvpx-debuginfo-1.7.0-11.el8_10.s390x.rpm SHA-256: ac23c0f71e4d4ae1ab66e29a3bf3457aaaec37ab2c21375dee86856ace761a89
libvpx-debugsource-1.7.0-11.el8_10.s390x.rpm SHA-256: ee4b7560f38b3872252b7d0e2bc192ee0840129baff7298a866440ff0e0e9a5d
libvpx-utils-debuginfo-1.7.0-11.el8_10.s390x.rpm SHA-256: 4fd3448fbf117967e82c0360558a97eb938a92c657c60ad3370d4d38817f106c

Red Hat Enterprise Linux for Power, little endian 8

SRPM
libvpx-1.7.0-11.el8_10.src.rpm SHA-256: 75f013147b20f1c6cb04d132ce205cb4b4de8a98c441fb4cdbe91199b6a44bb2
ppc64le
libvpx-1.7.0-11.el8_10.ppc64le.rpm SHA-256: d4f784b656392690e573009671d00f9cde99b6f14cc3d3ea630153bf7928a541
libvpx-debuginfo-1.7.0-11.el8_10.ppc64le.rpm SHA-256: 1b229bc93aa93b07fac0e7ba12c797cadf33173de6ccfabea6de8a7efb0e61e3
libvpx-debugsource-1.7.0-11.el8_10.ppc64le.rpm SHA-256: 0af64b81d01f878cb569c8b3a68e58f79e063b00cb71094778bcb4900fe081d6
libvpx-utils-debuginfo-1.7.0-11.el8_10.ppc64le.rpm SHA-256: 323a97de188f7dd6fb14a9ab6c8ce56bea12c8bd669c8ae423c2a22f4e28666f

Red Hat Enterprise Linux for ARM 64 8

SRPM
libvpx-1.7.0-11.el8_10.src.rpm SHA-256: 75f013147b20f1c6cb04d132ce205cb4b4de8a98c441fb4cdbe91199b6a44bb2
aarch64
libvpx-1.7.0-11.el8_10.aarch64.rpm SHA-256: 2a2ee83e1c0089359c50f30139eddb4f2a3ff84089475e8f36840921707e9c5e
libvpx-debuginfo-1.7.0-11.el8_10.aarch64.rpm SHA-256: fee04bf3c9395239d9c2866fb5988eccd012dbe9bc60cf1fbad866bdabad8dd8
libvpx-debugsource-1.7.0-11.el8_10.aarch64.rpm SHA-256: 55dc4bb7c6d51dba8bfded375daa2268d5872d7cfb067901501df146f9579bca
libvpx-utils-debuginfo-1.7.0-11.el8_10.aarch64.rpm SHA-256: 750922064bfbecebadf00961c3f80e9967aa9def24d963ef63a4217cf3b390c9

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
libvpx-debuginfo-1.7.0-11.el8_10.i686.rpm SHA-256: e2b2d6f4120dfca65f3571041ba37160358fcc0aed949b8a00f1360b0deadffc
libvpx-debuginfo-1.7.0-11.el8_10.x86_64.rpm SHA-256: 79846e09a39f797491a0f26707cc9af927627266488adb83937017ad0cb1c6d7
libvpx-debugsource-1.7.0-11.el8_10.i686.rpm SHA-256: cc68ec3348f6c00d4b1f80f327b2cc37ff25dbab515f93614962e6f44cf29d9b
libvpx-debugsource-1.7.0-11.el8_10.x86_64.rpm SHA-256: 49b5e8265695f3dc7f716c6870993950a0a980412f969bb5c646f0a670e6d5ef
libvpx-devel-1.7.0-11.el8_10.i686.rpm SHA-256: 85d20e693c7737ab9ed851cbab8ad39b3f66678939a13e4e5196d193afaeb8fd
libvpx-devel-1.7.0-11.el8_10.x86_64.rpm SHA-256: 670a56bf06e184eb429c4cbdc2f4e2ee465b3dc092dbd4bbc7bd3a912516520f
libvpx-utils-debuginfo-1.7.0-11.el8_10.i686.rpm SHA-256: 8148d095fb9dd7864524c549d5d73f9aa570b2e4db1274b0ef016a0a2e8bde91
libvpx-utils-debuginfo-1.7.0-11.el8_10.x86_64.rpm SHA-256: 622e45c0ebc0d745ed7127b5898a6c3fc7415811f2e640a665b4db0b41b535f8

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
libvpx-debuginfo-1.7.0-11.el8_10.ppc64le.rpm SHA-256: 1b229bc93aa93b07fac0e7ba12c797cadf33173de6ccfabea6de8a7efb0e61e3
libvpx-debugsource-1.7.0-11.el8_10.ppc64le.rpm SHA-256: 0af64b81d01f878cb569c8b3a68e58f79e063b00cb71094778bcb4900fe081d6
libvpx-devel-1.7.0-11.el8_10.ppc64le.rpm SHA-256: 5c2e5cf3879817ac5f95bc598306ace8bf9ac54475d9e27b9a44c29d45a16b51
libvpx-utils-debuginfo-1.7.0-11.el8_10.ppc64le.rpm SHA-256: 323a97de188f7dd6fb14a9ab6c8ce56bea12c8bd669c8ae423c2a22f4e28666f

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
libvpx-debuginfo-1.7.0-11.el8_10.aarch64.rpm SHA-256: fee04bf3c9395239d9c2866fb5988eccd012dbe9bc60cf1fbad866bdabad8dd8
libvpx-debugsource-1.7.0-11.el8_10.aarch64.rpm SHA-256: 55dc4bb7c6d51dba8bfded375daa2268d5872d7cfb067901501df146f9579bca
libvpx-devel-1.7.0-11.el8_10.aarch64.rpm SHA-256: dd8dce75284d559adebe5bbb0e5272c7b6675279dcb637e32b47ea8f19d086bd
libvpx-utils-debuginfo-1.7.0-11.el8_10.aarch64.rpm SHA-256: 750922064bfbecebadf00961c3f80e9967aa9def24d963ef63a4217cf3b390c9

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
libvpx-debuginfo-1.7.0-11.el8_10.s390x.rpm SHA-256: ac23c0f71e4d4ae1ab66e29a3bf3457aaaec37ab2c21375dee86856ace761a89
libvpx-debugsource-1.7.0-11.el8_10.s390x.rpm SHA-256: ee4b7560f38b3872252b7d0e2bc192ee0840129baff7298a866440ff0e0e9a5d
libvpx-devel-1.7.0-11.el8_10.s390x.rpm SHA-256: 6b6ab659aab5bee80def9454eac232e455e2a004d46d1074da157c93ddab37d5
libvpx-utils-debuginfo-1.7.0-11.el8_10.s390x.rpm SHA-256: 4fd3448fbf117967e82c0360558a97eb938a92c657c60ad3370d4d38817f106c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.