Red Hat Product Errata RHSA-2026:5227 - Security Advisory
Issued:
2026-03-23
Updated:
2026-03-23

RHSA-2026:5227 - Security Advisory

Synopsis

Important: libvpx security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libvpx is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Security Fix(es):

  • libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2440219 - CVE-2026-2447 libvpx: Heap buffer overflow in libvpx

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
libvpx-1.14.1-3.el10_0.1.src.rpm SHA-256: ba7dcdcd0de32b4c8c008051b5a8febd9818c866452e56957e52aae11c08b09f
x86_64
libvpx-1.14.1-3.el10_0.1.x86_64.rpm SHA-256: 2693e5b2d024ea9a307b7c489f180bb1482c1048739950244ba389f7545e2154
libvpx-debuginfo-1.14.1-3.el10_0.1.x86_64.rpm SHA-256: 9a8bdfda56a930be5c3f30afd90ff80aff6343fdf5e8f59bfa575d5d7ccaf0ac
libvpx-debugsource-1.14.1-3.el10_0.1.x86_64.rpm SHA-256: 8df48071da1d04bfeecf4a46c765b2c7bbbfc020344f2399d5e2a727e6991b25
libvpx-utils-debuginfo-1.14.1-3.el10_0.1.x86_64.rpm SHA-256: ea70d7a601eb78fdc68eb28c3f32bdc87b33335eece244be7b19e7f17638c468

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
libvpx-1.14.1-3.el10_0.1.src.rpm SHA-256: ba7dcdcd0de32b4c8c008051b5a8febd9818c866452e56957e52aae11c08b09f
s390x
libvpx-1.14.1-3.el10_0.1.s390x.rpm SHA-256: a0f9465714d3b594e5d1d371f21b9ea7d52a2ad2a4edde7f6a883333680febb9
libvpx-debuginfo-1.14.1-3.el10_0.1.s390x.rpm SHA-256: 3213a02a0424f457f7d1f57f2f7b971ac0631ea5f00e3ec7cc0f6fb435bde8c5
libvpx-debugsource-1.14.1-3.el10_0.1.s390x.rpm SHA-256: 8be34c565a7fc05ceb19da44015a634ffc0a29611523bacdc1860f5a2d983fdd
libvpx-utils-debuginfo-1.14.1-3.el10_0.1.s390x.rpm SHA-256: 62ca2e9f23e9b106a62a6dbbad069524492a2600d17822d5098c5e7f2783f017

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
libvpx-1.14.1-3.el10_0.1.src.rpm SHA-256: ba7dcdcd0de32b4c8c008051b5a8febd9818c866452e56957e52aae11c08b09f
ppc64le
libvpx-1.14.1-3.el10_0.1.ppc64le.rpm SHA-256: 2fddfef04a298efb29d5383d7adbc2eb22c67294218d0655cad43f62a261ca93
libvpx-debuginfo-1.14.1-3.el10_0.1.ppc64le.rpm SHA-256: c0271ecaed3867d3a8b4a0fca52a46e0fb66e96c693d4cba15757324a64b8c6a
libvpx-debugsource-1.14.1-3.el10_0.1.ppc64le.rpm SHA-256: ef2ffe11d46e7698b828ba5f659f15353b3bcb14f96497265d2c562cd40e957e
libvpx-utils-debuginfo-1.14.1-3.el10_0.1.ppc64le.rpm SHA-256: 7987a2978dc231f9afa122146e0d9003f09a805189d3ad6514195e3077599003

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
libvpx-1.14.1-3.el10_0.1.src.rpm SHA-256: ba7dcdcd0de32b4c8c008051b5a8febd9818c866452e56957e52aae11c08b09f
aarch64
libvpx-1.14.1-3.el10_0.1.aarch64.rpm SHA-256: 0090adb5a24a1c91aefa33139e5e9a4a72ac5f20ff02c7708ff0ebd13ffa18b7
libvpx-debuginfo-1.14.1-3.el10_0.1.aarch64.rpm SHA-256: 09c05c8cbf94cf4860c1e452c8f4643c3240c8adc6e7663c6c52ddea497527c3
libvpx-debugsource-1.14.1-3.el10_0.1.aarch64.rpm SHA-256: c01b1c9195d0848f1dd71a62d215c7856f67ab9da27909e393e9b3c3943b0494
libvpx-utils-debuginfo-1.14.1-3.el10_0.1.aarch64.rpm SHA-256: c791d37cc4bf4d29d6d32b2efed1bf55b8d56e36da1f47906be3f107ae2f8390

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0

SRPM
x86_64
libvpx-debuginfo-1.14.1-3.el10_0.1.x86_64.rpm SHA-256: 9a8bdfda56a930be5c3f30afd90ff80aff6343fdf5e8f59bfa575d5d7ccaf0ac
libvpx-debugsource-1.14.1-3.el10_0.1.x86_64.rpm SHA-256: 8df48071da1d04bfeecf4a46c765b2c7bbbfc020344f2399d5e2a727e6991b25
libvpx-devel-1.14.1-3.el10_0.1.x86_64.rpm SHA-256: b96d816ce1d8fe6d1f13420076bb6ebd1d775246ad771a948d596c45d6bd1dba
libvpx-utils-debuginfo-1.14.1-3.el10_0.1.x86_64.rpm SHA-256: ea70d7a601eb78fdc68eb28c3f32bdc87b33335eece244be7b19e7f17638c468

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0

SRPM
ppc64le
libvpx-debuginfo-1.14.1-3.el10_0.1.ppc64le.rpm SHA-256: c0271ecaed3867d3a8b4a0fca52a46e0fb66e96c693d4cba15757324a64b8c6a
libvpx-debugsource-1.14.1-3.el10_0.1.ppc64le.rpm SHA-256: ef2ffe11d46e7698b828ba5f659f15353b3bcb14f96497265d2c562cd40e957e
libvpx-devel-1.14.1-3.el10_0.1.ppc64le.rpm SHA-256: fbd6dd98f477fa372e32125facf633785aee6b2f5c40963685eb6e82719e781f
libvpx-utils-debuginfo-1.14.1-3.el10_0.1.ppc64le.rpm SHA-256: 7987a2978dc231f9afa122146e0d9003f09a805189d3ad6514195e3077599003

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0

SRPM
s390x
libvpx-debuginfo-1.14.1-3.el10_0.1.s390x.rpm SHA-256: 3213a02a0424f457f7d1f57f2f7b971ac0631ea5f00e3ec7cc0f6fb435bde8c5
libvpx-debugsource-1.14.1-3.el10_0.1.s390x.rpm SHA-256: 8be34c565a7fc05ceb19da44015a634ffc0a29611523bacdc1860f5a2d983fdd
libvpx-devel-1.14.1-3.el10_0.1.s390x.rpm SHA-256: f7f57f6a6b3d8916d98b32abd6f68c39a005ad7f98406690452146d391d882fa
libvpx-utils-debuginfo-1.14.1-3.el10_0.1.s390x.rpm SHA-256: 62ca2e9f23e9b106a62a6dbbad069524492a2600d17822d5098c5e7f2783f017

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0

SRPM
aarch64
libvpx-debuginfo-1.14.1-3.el10_0.1.aarch64.rpm SHA-256: 09c05c8cbf94cf4860c1e452c8f4643c3240c8adc6e7663c6c52ddea497527c3
libvpx-debugsource-1.14.1-3.el10_0.1.aarch64.rpm SHA-256: c01b1c9195d0848f1dd71a62d215c7856f67ab9da27909e393e9b3c3943b0494
libvpx-devel-1.14.1-3.el10_0.1.aarch64.rpm SHA-256: 9541694732f7c3be3cce923422a769d6cd15ab57ae6a93c739e69f09afe90735
libvpx-utils-debuginfo-1.14.1-3.el10_0.1.aarch64.rpm SHA-256: c791d37cc4bf4d29d6d32b2efed1bf55b8d56e36da1f47906be3f107ae2f8390

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
libvpx-1.14.1-3.el10_0.1.src.rpm SHA-256: ba7dcdcd0de32b4c8c008051b5a8febd9818c866452e56957e52aae11c08b09f
aarch64
libvpx-1.14.1-3.el10_0.1.aarch64.rpm SHA-256: 0090adb5a24a1c91aefa33139e5e9a4a72ac5f20ff02c7708ff0ebd13ffa18b7
libvpx-debuginfo-1.14.1-3.el10_0.1.aarch64.rpm SHA-256: 09c05c8cbf94cf4860c1e452c8f4643c3240c8adc6e7663c6c52ddea497527c3
libvpx-debugsource-1.14.1-3.el10_0.1.aarch64.rpm SHA-256: c01b1c9195d0848f1dd71a62d215c7856f67ab9da27909e393e9b3c3943b0494
libvpx-utils-debuginfo-1.14.1-3.el10_0.1.aarch64.rpm SHA-256: c791d37cc4bf4d29d6d32b2efed1bf55b8d56e36da1f47906be3f107ae2f8390

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
libvpx-1.14.1-3.el10_0.1.src.rpm SHA-256: ba7dcdcd0de32b4c8c008051b5a8febd9818c866452e56957e52aae11c08b09f
s390x
libvpx-1.14.1-3.el10_0.1.s390x.rpm SHA-256: a0f9465714d3b594e5d1d371f21b9ea7d52a2ad2a4edde7f6a883333680febb9
libvpx-debuginfo-1.14.1-3.el10_0.1.s390x.rpm SHA-256: 3213a02a0424f457f7d1f57f2f7b971ac0631ea5f00e3ec7cc0f6fb435bde8c5
libvpx-debugsource-1.14.1-3.el10_0.1.s390x.rpm SHA-256: 8be34c565a7fc05ceb19da44015a634ffc0a29611523bacdc1860f5a2d983fdd
libvpx-utils-debuginfo-1.14.1-3.el10_0.1.s390x.rpm SHA-256: 62ca2e9f23e9b106a62a6dbbad069524492a2600d17822d5098c5e7f2783f017

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
libvpx-1.14.1-3.el10_0.1.src.rpm SHA-256: ba7dcdcd0de32b4c8c008051b5a8febd9818c866452e56957e52aae11c08b09f
ppc64le
libvpx-1.14.1-3.el10_0.1.ppc64le.rpm SHA-256: 2fddfef04a298efb29d5383d7adbc2eb22c67294218d0655cad43f62a261ca93
libvpx-debuginfo-1.14.1-3.el10_0.1.ppc64le.rpm SHA-256: c0271ecaed3867d3a8b4a0fca52a46e0fb66e96c693d4cba15757324a64b8c6a
libvpx-debugsource-1.14.1-3.el10_0.1.ppc64le.rpm SHA-256: ef2ffe11d46e7698b828ba5f659f15353b3bcb14f96497265d2c562cd40e957e
libvpx-utils-debuginfo-1.14.1-3.el10_0.1.ppc64le.rpm SHA-256: 7987a2978dc231f9afa122146e0d9003f09a805189d3ad6514195e3077599003

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
libvpx-1.14.1-3.el10_0.1.src.rpm SHA-256: ba7dcdcd0de32b4c8c008051b5a8febd9818c866452e56957e52aae11c08b09f
x86_64
libvpx-1.14.1-3.el10_0.1.x86_64.rpm SHA-256: 2693e5b2d024ea9a307b7c489f180bb1482c1048739950244ba389f7545e2154
libvpx-debuginfo-1.14.1-3.el10_0.1.x86_64.rpm SHA-256: 9a8bdfda56a930be5c3f30afd90ff80aff6343fdf5e8f59bfa575d5d7ccaf0ac
libvpx-debugsource-1.14.1-3.el10_0.1.x86_64.rpm SHA-256: 8df48071da1d04bfeecf4a46c765b2c7bbbfc020344f2399d5e2a727e6991b25
libvpx-utils-debuginfo-1.14.1-3.el10_0.1.x86_64.rpm SHA-256: ea70d7a601eb78fdc68eb28c3f32bdc87b33335eece244be7b19e7f17638c468

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.