SUSE-SU-2020:0143-1

Details

This update for libvpx fixes the following issues:

CVE-2019-2126: Fixed a double free in ParseContentEncodingEntry() (bsc#1160611).
CVE-2019-9325: Fixed an out-of-bounds read (bsc#1160612).
CVE-2019-9232: Fixed an out-of-bounds memory access on fuzzed data (bsc#1160613).
CVE-2019-9433: Fixed a use-after-free in vp8_deblock() (bsc#1160614).
CVE-2019-9371: Fixed a resource exhaustion after memory leak (bsc#1160615).

Affected Packages

libvpx

SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1SUSE Linux Enterprise Module for Desktop Applications 15

Fixed in:

1.6.1-6.3.1

libvpx4

SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1SUSE Linux Enterprise Server 15-LTSS

Fixed in:

1.6.1-6.3.1

libvpx-devel

SUSE Linux Enterprise Module for Desktop Applications 15SUSE Linux Enterprise Module for Desktop Applications 15 SP1

Fixed in:

1.6.1-6.3.1

vpx-tools

SUSE Linux Enterprise Module for Package Hub 15

Fixed in:

1.6.1-6.3.1

References

REPORT