Red Hat Product Errata RHSA-2026:5230 - Security Advisory
Issued:
2026-03-23
Updated:
2026-03-23

RHSA-2026:5230 - Security Advisory

Synopsis

Important: libvpx security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libvpx is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Security Fix(es):

  • libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2440219 - CVE-2026-2447 libvpx: Heap buffer overflow in libvpx

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
libvpx-1.7.0-10.el8_8.2.src.rpm SHA-256: f7d2e66c9c7b00a11a8c56f946fefd1ef4aa5dfd6f1c6be544ed379eab424c2c
x86_64
libvpx-1.7.0-10.el8_8.2.i686.rpm SHA-256: 5d61ec75284157af3ed42f5d9fbf7a303db4392838851a807d0ac65aaf4910aa
libvpx-1.7.0-10.el8_8.2.x86_64.rpm SHA-256: bd1ede22aa5e01335a0c8cde03ad002f2fe6ce65ca7b00afac91e1c4d2a2594d
libvpx-debuginfo-1.7.0-10.el8_8.2.i686.rpm SHA-256: 17a0fb31b68255c2ee8b63c525bf6ea858b3041b038ef9eaa7a5032e52fcdee8
libvpx-debuginfo-1.7.0-10.el8_8.2.x86_64.rpm SHA-256: b18b80ac21e81025add2f025a1fa50e765d444c7b65a69b7ad27fc7b60f35f23
libvpx-debugsource-1.7.0-10.el8_8.2.i686.rpm SHA-256: 176ee93185be8ffca6c8cbb51e7266dc45d15f3cd5cd8a5374d871d28c252b9b
libvpx-debugsource-1.7.0-10.el8_8.2.x86_64.rpm SHA-256: e0982d665cd92e70f345d61127c290fd751fd9aa52210caa63ef5024c345889b
libvpx-utils-debuginfo-1.7.0-10.el8_8.2.i686.rpm SHA-256: e951e32f423f55e1e8793c2606d55f2333306055f12ddf61e9d6974bf37e535b
libvpx-utils-debuginfo-1.7.0-10.el8_8.2.x86_64.rpm SHA-256: b6ea564fa56f04a8a64266071e2ce11ed597b6d257a34b132fd46695801837f4

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
libvpx-1.7.0-10.el8_8.2.src.rpm SHA-256: f7d2e66c9c7b00a11a8c56f946fefd1ef4aa5dfd6f1c6be544ed379eab424c2c
x86_64
libvpx-1.7.0-10.el8_8.2.i686.rpm SHA-256: 5d61ec75284157af3ed42f5d9fbf7a303db4392838851a807d0ac65aaf4910aa
libvpx-1.7.0-10.el8_8.2.x86_64.rpm SHA-256: bd1ede22aa5e01335a0c8cde03ad002f2fe6ce65ca7b00afac91e1c4d2a2594d
libvpx-debuginfo-1.7.0-10.el8_8.2.i686.rpm SHA-256: 17a0fb31b68255c2ee8b63c525bf6ea858b3041b038ef9eaa7a5032e52fcdee8
libvpx-debuginfo-1.7.0-10.el8_8.2.x86_64.rpm SHA-256: b18b80ac21e81025add2f025a1fa50e765d444c7b65a69b7ad27fc7b60f35f23
libvpx-debugsource-1.7.0-10.el8_8.2.i686.rpm SHA-256: 176ee93185be8ffca6c8cbb51e7266dc45d15f3cd5cd8a5374d871d28c252b9b
libvpx-debugsource-1.7.0-10.el8_8.2.x86_64.rpm SHA-256: e0982d665cd92e70f345d61127c290fd751fd9aa52210caa63ef5024c345889b
libvpx-utils-debuginfo-1.7.0-10.el8_8.2.i686.rpm SHA-256: e951e32f423f55e1e8793c2606d55f2333306055f12ddf61e9d6974bf37e535b
libvpx-utils-debuginfo-1.7.0-10.el8_8.2.x86_64.rpm SHA-256: b6ea564fa56f04a8a64266071e2ce11ed597b6d257a34b132fd46695801837f4

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
libvpx-1.7.0-10.el8_8.2.src.rpm SHA-256: f7d2e66c9c7b00a11a8c56f946fefd1ef4aa5dfd6f1c6be544ed379eab424c2c
ppc64le
libvpx-1.7.0-10.el8_8.2.ppc64le.rpm SHA-256: 3d2af2b9929e45ef0f9b7898c63c103fb1a274a56137e3ee0fccab0009e13517
libvpx-debuginfo-1.7.0-10.el8_8.2.ppc64le.rpm SHA-256: 8b0ab6be4e956c7380590e3ffa203690f11a1b4ebb3fefda68db5fab2c0efd59
libvpx-debugsource-1.7.0-10.el8_8.2.ppc64le.rpm SHA-256: dc9ae50f06a31afe6b78dcab85fa3508165acde41d5b2545b06bfe833f2c6b1c
libvpx-utils-debuginfo-1.7.0-10.el8_8.2.ppc64le.rpm SHA-256: a94376b34e6a16ca58ad167947544d18d6485821d041304d8bfbf9a78ab0e903

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
libvpx-1.7.0-10.el8_8.2.src.rpm SHA-256: f7d2e66c9c7b00a11a8c56f946fefd1ef4aa5dfd6f1c6be544ed379eab424c2c
x86_64
libvpx-1.7.0-10.el8_8.2.i686.rpm SHA-256: 5d61ec75284157af3ed42f5d9fbf7a303db4392838851a807d0ac65aaf4910aa
libvpx-1.7.0-10.el8_8.2.x86_64.rpm SHA-256: bd1ede22aa5e01335a0c8cde03ad002f2fe6ce65ca7b00afac91e1c4d2a2594d
libvpx-debuginfo-1.7.0-10.el8_8.2.i686.rpm SHA-256: 17a0fb31b68255c2ee8b63c525bf6ea858b3041b038ef9eaa7a5032e52fcdee8
libvpx-debuginfo-1.7.0-10.el8_8.2.x86_64.rpm SHA-256: b18b80ac21e81025add2f025a1fa50e765d444c7b65a69b7ad27fc7b60f35f23
libvpx-debugsource-1.7.0-10.el8_8.2.i686.rpm SHA-256: 176ee93185be8ffca6c8cbb51e7266dc45d15f3cd5cd8a5374d871d28c252b9b
libvpx-debugsource-1.7.0-10.el8_8.2.x86_64.rpm SHA-256: e0982d665cd92e70f345d61127c290fd751fd9aa52210caa63ef5024c345889b
libvpx-utils-debuginfo-1.7.0-10.el8_8.2.i686.rpm SHA-256: e951e32f423f55e1e8793c2606d55f2333306055f12ddf61e9d6974bf37e535b
libvpx-utils-debuginfo-1.7.0-10.el8_8.2.x86_64.rpm SHA-256: b6ea564fa56f04a8a64266071e2ce11ed597b6d257a34b132fd46695801837f4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.