[Apollo] Advisories Statistics light light Login

RLSA-2024:5941

Security Mirrored from RHSA-2024:5941
Issued at: 2024-09-17
Updated at: 2024-09-17

Synopsis

Moderate: libvpx security update



Description

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.

Security Fix(es):

* libvpx: Heap buffer overflow related to VP9 encoding (CVE-2023-6349)

* libvpx: Integer overflow in vpx_img_alloc() (CVE-2024-5197)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2283553 2291198

CVEs

CVE-2023-6349 CVE-2024-5197

Affected packages

Rocky Linux 8 aarch64 - AppStream

libvpx-0:1.7.0-11.el8_10.aarch64.rpm libvpx-0:1.7.0-11.el8_10.src.rpm libvpx-debuginfo-0:1.7.0-11.el8_10.aarch64.rpm libvpx-debugsource-0:1.7.0-11.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

libvpx-0:1.7.0-11.el8_10.i686.rpm libvpx-0:1.7.0-11.el8_10.src.rpm libvpx-0:1.7.0-11.el8_10.x86_64.rpm libvpx-debuginfo-0:1.7.0-11.el8_10.i686.rpm libvpx-debuginfo-0:1.7.0-11.el8_10.x86_64.rpm libvpx-debugsource-0:1.7.0-11.el8_10.i686.rpm libvpx-debugsource-0:1.7.0-11.el8_10.x86_64.rpm

Rocky Linux 8 aarch64 - PowerTools

libvpx-devel-0:1.7.0-11.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - PowerTools

libvpx-devel-0:1.7.0-11.el8_10.i686.rpm libvpx-devel-0:1.7.0-11.el8_10.x86_64.rpm