Red Hat Product Errata RHSA-2026:3967 - Security Advisory
Issued:
2026-03-09
Updated:
2026-03-09

RHSA-2026:3967 - Security Advisory

Synopsis

Important: libvpx security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libvpx is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Security Fix(es):

  • libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 2440219 - CVE-2026-2447 libvpx: Heap buffer overflow in libvpx

Red Hat Enterprise Linux for x86_64 8

SRPM
libvpx-1.7.0-13.el8_10.src.rpm SHA-256: a9650d0f9cf4ef995159fa220b3703202c8fb48dd1ce0df82b2b35ba1825091d
x86_64
libvpx-1.7.0-13.el8_10.i686.rpm SHA-256: acb99e30247351776067ce55ac151aed740b22d62149cf4192ec0208541c1a66
libvpx-1.7.0-13.el8_10.x86_64.rpm SHA-256: 0b6162d1e221fcd3f40c0bc5e3b6729e91925b4dbcc5cc0f2678f7c55e6c6b44
libvpx-debuginfo-1.7.0-13.el8_10.i686.rpm SHA-256: 8b77b3daf284b4c21718c9d0abb2e451076cb39bc12187584b66d16bc5dcb17e
libvpx-debuginfo-1.7.0-13.el8_10.x86_64.rpm SHA-256: e6b03c928147de9a99ea20790d2f2720eb4f9357134f5b8007ae809e50d53efc
libvpx-debugsource-1.7.0-13.el8_10.i686.rpm SHA-256: a2dde52949657df2fe4e2d7a2fb9f70af18412975b563d811ca34843d5857419
libvpx-debugsource-1.7.0-13.el8_10.x86_64.rpm SHA-256: 89d0f1b5189effb23e861b86f7f7a48a5c01d2c5949715f2b07565526ccb511d
libvpx-utils-debuginfo-1.7.0-13.el8_10.i686.rpm SHA-256: 45814a3bd9f376ad14c980b1b4b4dd244c1c4eca57f5a8c59b5c63e6788595f4
libvpx-utils-debuginfo-1.7.0-13.el8_10.x86_64.rpm SHA-256: 11c32ca4aa10edc1dc320d113ccdba4b8c4f32b6dcde4a11332e4b43b0fb4634

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
libvpx-1.7.0-13.el8_10.src.rpm SHA-256: a9650d0f9cf4ef995159fa220b3703202c8fb48dd1ce0df82b2b35ba1825091d
s390x
libvpx-1.7.0-13.el8_10.s390x.rpm SHA-256: 13054508b58e7403ab1e304b4ae0591bea3623e3ee1cc99069b74bae45911d86
libvpx-debuginfo-1.7.0-13.el8_10.s390x.rpm SHA-256: 51fd8adebfc0a68308a13409aec01f5ab93f113cb85374ed249647bb863f740d
libvpx-debugsource-1.7.0-13.el8_10.s390x.rpm SHA-256: da1bf40cd9f792ddfde6910def0206511ac3f737c37fb90107dda0fab7d44fa6
libvpx-utils-debuginfo-1.7.0-13.el8_10.s390x.rpm SHA-256: 54300a2d1224115b9506114b5c707411f48401a7be2e2fe9780c89a08585fe0e

Red Hat Enterprise Linux for Power, little endian 8

SRPM
libvpx-1.7.0-13.el8_10.src.rpm SHA-256: a9650d0f9cf4ef995159fa220b3703202c8fb48dd1ce0df82b2b35ba1825091d
ppc64le
libvpx-1.7.0-13.el8_10.ppc64le.rpm SHA-256: e7cdba13ac28c253b8d4331be984ebde7877cf1cbc3a2cc8625d46f8e19ce48e
libvpx-debuginfo-1.7.0-13.el8_10.ppc64le.rpm SHA-256: 618474d23c6c5f4373868cfcf592fde21bd03e4bb12a4901acbb14ba3f885bfb
libvpx-debugsource-1.7.0-13.el8_10.ppc64le.rpm SHA-256: 387a6da18a8567a2b0c00e39d8bc46f3507617048cb7ef80b2efd9321e59594a
libvpx-utils-debuginfo-1.7.0-13.el8_10.ppc64le.rpm SHA-256: 158700f922a63a62db4a97fda663f42ee873cd03fce92a16cb5ff80e154a7506

Red Hat Enterprise Linux for ARM 64 8

SRPM
libvpx-1.7.0-13.el8_10.src.rpm SHA-256: a9650d0f9cf4ef995159fa220b3703202c8fb48dd1ce0df82b2b35ba1825091d
aarch64
libvpx-1.7.0-13.el8_10.aarch64.rpm SHA-256: ea4226199abd49c4d0fc87160e7f5d8d83784256957e3a40f263c28fdf40dfb7
libvpx-debuginfo-1.7.0-13.el8_10.aarch64.rpm SHA-256: 9dd3e3be1082c194c8d8177decd26ab31411c038e78ea00d0b36a0110b3b799f
libvpx-debugsource-1.7.0-13.el8_10.aarch64.rpm SHA-256: b632aa63b25312ff377aff8f95405f8cd62667ce4d017c89ec6301cc53526d0f
libvpx-utils-debuginfo-1.7.0-13.el8_10.aarch64.rpm SHA-256: 7fdaa0bec8af7d098dd3d06790f76f68cbb316224d9c4dac5f3819f169789c4d

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
libvpx-debuginfo-1.7.0-13.el8_10.i686.rpm SHA-256: 8b77b3daf284b4c21718c9d0abb2e451076cb39bc12187584b66d16bc5dcb17e
libvpx-debuginfo-1.7.0-13.el8_10.x86_64.rpm SHA-256: e6b03c928147de9a99ea20790d2f2720eb4f9357134f5b8007ae809e50d53efc
libvpx-debugsource-1.7.0-13.el8_10.i686.rpm SHA-256: a2dde52949657df2fe4e2d7a2fb9f70af18412975b563d811ca34843d5857419
libvpx-debugsource-1.7.0-13.el8_10.x86_64.rpm SHA-256: 89d0f1b5189effb23e861b86f7f7a48a5c01d2c5949715f2b07565526ccb511d
libvpx-devel-1.7.0-13.el8_10.i686.rpm SHA-256: 6a0297d5a7bb339a246eafae78ebf75582c60a658c4b67a155beaf14180f304e
libvpx-devel-1.7.0-13.el8_10.x86_64.rpm SHA-256: 14d7c09aa643e497e4a0008e86f1da550ee8b7ee81a4f05b7aa05a47b9521394
libvpx-utils-debuginfo-1.7.0-13.el8_10.i686.rpm SHA-256: 45814a3bd9f376ad14c980b1b4b4dd244c1c4eca57f5a8c59b5c63e6788595f4
libvpx-utils-debuginfo-1.7.0-13.el8_10.x86_64.rpm SHA-256: 11c32ca4aa10edc1dc320d113ccdba4b8c4f32b6dcde4a11332e4b43b0fb4634

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
libvpx-debuginfo-1.7.0-13.el8_10.ppc64le.rpm SHA-256: 618474d23c6c5f4373868cfcf592fde21bd03e4bb12a4901acbb14ba3f885bfb
libvpx-debugsource-1.7.0-13.el8_10.ppc64le.rpm SHA-256: 387a6da18a8567a2b0c00e39d8bc46f3507617048cb7ef80b2efd9321e59594a
libvpx-devel-1.7.0-13.el8_10.ppc64le.rpm SHA-256: 31e99be7d1315c1da23480ff63c860e2fb61f1279c68c9dd6fd525fbef19da6f
libvpx-utils-debuginfo-1.7.0-13.el8_10.ppc64le.rpm SHA-256: 158700f922a63a62db4a97fda663f42ee873cd03fce92a16cb5ff80e154a7506

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
libvpx-debuginfo-1.7.0-13.el8_10.aarch64.rpm SHA-256: 9dd3e3be1082c194c8d8177decd26ab31411c038e78ea00d0b36a0110b3b799f
libvpx-debugsource-1.7.0-13.el8_10.aarch64.rpm SHA-256: b632aa63b25312ff377aff8f95405f8cd62667ce4d017c89ec6301cc53526d0f
libvpx-devel-1.7.0-13.el8_10.aarch64.rpm SHA-256: 92853a89350294712b87943d6868fa9b53a67a1e117963e5b4457aeff5def98f
libvpx-utils-debuginfo-1.7.0-13.el8_10.aarch64.rpm SHA-256: 7fdaa0bec8af7d098dd3d06790f76f68cbb316224d9c4dac5f3819f169789c4d

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
libvpx-debuginfo-1.7.0-13.el8_10.s390x.rpm SHA-256: 51fd8adebfc0a68308a13409aec01f5ab93f113cb85374ed249647bb863f740d
libvpx-debugsource-1.7.0-13.el8_10.s390x.rpm SHA-256: da1bf40cd9f792ddfde6910def0206511ac3f737c37fb90107dda0fab7d44fa6
libvpx-devel-1.7.0-13.el8_10.s390x.rpm SHA-256: 7a82b7a17de6c664f653756bf0df9e298933df699eb43b21214c8ed043b035eb
libvpx-utils-debuginfo-1.7.0-13.el8_10.s390x.rpm SHA-256: 54300a2d1224115b9506114b5c707411f48401a7be2e2fe9780c89a08585fe0e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.