This update for libvpx fixes the following issues:
CVE-2019-2126: Fixed a double free in ParseContentEncodingEntry() (bsc#1160611).
CVE-2019-9325: Fixed an out-of-bounds read (bsc#1160612).
CVE-2019-9232: Fixed an out-of-bounds memory access on fuzzed data (bsc#1160613).
CVE-2019-9433: Fixed a use-after-free in vp8_deblock() (bsc#1160614).
CVE-2019-9371: Fixed a resource exhaustion after memory leak (bsc#1160615).
Affected Packages
libvpx4
SUSE Enterprise Storage 6SUSE Linux Enterprise Desktop 15SUSE Linux Enterprise Desktop 15 SP1SUSE Linux Enterprise High Performance Computing 15SUSE Linux Enterprise High Performance Computing 15 SP1
Fixed in:
1.6.1-6.3.1
libvpx-devel
SUSE Linux Enterprise Module for Desktop Applications 15SUSE Linux Enterprise Module for Desktop Applications 15 SP1