RLSA-2023:5537

Synopsis

Important: libvpx security update

Description

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Security Fix(es):

* libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

* libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2241191 2241806

CVEs

CVE-2023-44488 CVE-2023-5217

Affected packages

Rocky Linux 8 x86_64 - AppStream

libvpx-0:1.7.0-10.el8_8.src.rpm libvpx-0:1.7.0-10.el8_8.i686.rpm libvpx-0:1.7.0-10.el8_8.x86_64.rpm libvpx-debuginfo-0:1.7.0-10.el8_8.i686.rpm libvpx-debuginfo-0:1.7.0-10.el8_8.x86_64.rpm libvpx-debugsource-0:1.7.0-10.el8_8.i686.rpm libvpx-debugsource-0:1.7.0-10.el8_8.x86_64.rpm

Rocky Linux 8 aarch64 - AppStream

libvpx-0:1.7.0-10.el8_8.src.rpm libvpx-debuginfo-0:1.7.0-10.el8_8.aarch64.rpm libvpx-debugsource-0:1.7.0-10.el8_8.aarch64.rpm libvpx-0:1.7.0-10.el8_8.aarch64.rpm

Rocky Linux 8 aarch64 - PowerTools

libvpx-devel-0:1.7.0-10.el8_8.aarch64.rpm

Rocky Linux 8 x86_64 - PowerTools

libvpx-devel-0:1.7.0-10.el8_8.i686.rpm libvpx-devel-0:1.7.0-10.el8_8.x86_64.rpm