This update for libvpx fixes the following issues:
CVE-2019-2126: Fixed a double free in ParseContentEncodingEntry() (bsc#1160611).
CVE-2019-9325: Fixed an out-of-bounds read (bsc#1160612).
CVE-2019-9232: Fixed an out-of-bounds memory access on fuzzed data (bsc#1160613).
CVE-2019-9433: Fixed a use-after-free in vp8_deblock() (bsc#1160614).
CVE-2019-9371: Fixed a resource exhaustion after memory leak (bsc#1160615).
Affected Packages
libvpx4
SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1SUSE Linux Enterprise Server 15-LTSS
Fixed in:
1.6.1-6.3.1
libvpx-devel
SUSE Linux Enterprise Module for Desktop Applications 15SUSE Linux Enterprise Module for Desktop Applications 15 SP1