[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2012-1] libvpx security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libvpx
Version        : 1.3.0-3+deb8u2
CVE ID         : CVE-2019-9232 CVE-2019-9433


Several issues have been found in libvpx, a VP8 and VP9 video codec.

CVE-2019-9232

  There is a possible out of bounds read due to a missing bounds check.
  This could lead to remote information disclosure with no additional
  execution privileges needed. User interaction is not needed for
  exploitation.

CVE-2019-9433

  There is a possible information disclosure due to improper input
  validation. This could lead to remote information disclosure with
  no additional execution privileges needed. User interaction is
  needed for exploitation.

For Debian 8 "Jessie", these problems have been fixed in version
1.3.0-3+deb8u2.

We recommend that you upgrade your libvpx packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl3dnyUACgkQYS7xYT4F
D1SMyQ//ST+X3vR9XI0cGjCUfUDFzDWVeQAUQoxbPk9qi8IqkVsUnvWNZ7nQOydT
5XM8noomSGds29HGdK9L3XtEpEJuANXo1FW8vbgqw3cWnjwpZxLVkmk/U1+UImDw
SNZ4BjHi2WitSBwbS6F3ug1PdgCG8hbv8MQhzDZlWBdpuR/6PRqVRVD50mIc3vEM
qFRxrWtH0RKTzdRcrXP7ZkDlhsL6XqGrdy/npLAeUKQZUEIEiqc7ZbmLx1/naASI
VPiifmDrsCxjVHbc3WQbZpUo17PhsMZiiPU3a5yiGtFrTV3Zb75J/B1i1mrlyja/
BZZPzbMcGKymp+dMDyTMaLRJuoHf9thBHhduZBXHXZDf6FhCXLXBn/GygOWFpCOY
CnjkgzVd+bgZGFFl8QZjKgXVGcLKGKSbyGfIGmfgtVX5kbQKWXPpasRj6j7NTo/u
wNjLMimDM/lcEVeUjN7TqmLrNOPGAcuAE2gUudxcmgaRGr9ayFPGWR+mC6AJnzY+
+CO4uDj511URoboZJhhzlwPoBJFmI/Q1ZLGPWa5lwhxohMXRqml3wxUv5wApywsE
JgkiIrwYjuu4lp/K1Q/wQm5WB+QVvC8kwUq7yh/2P+jG0q/N3Ey9PgiQVHnmzYvh
TkEyXz0Nhy82+gyOaB1wV/pzj+xp224z1KgdHxB8Sw4jeVxEaoo=
=jp6V
-----END PGP SIGNATURE-----


Reply to: