1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5510-1] libvpx security update

    From Salvatore Bonaccorso@21:1/5 to All on Fri Sep 29 23:20:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5510-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 29, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libvpx
    CVE ID : CVE-2023-5217
    Debian Bug : 1053182

    Clement Lecigne discovered a heap-based buffer overflow in libvpx, a
    multimedia library for the VP8 and VP9 video codecs, which may result in
    the execution of arbitrary code if a specially crafted VP8 media stream
    is processed.

    For the oldstable distribution (bullseye), this problem has been fixed
    in version 1.9.0-1+deb11u1.

    For the stable distribution (bookworm), this problem has been fixed in
    version 1.12.0-1+deb12u1.

    We recommend that you upgrade your libvpx packages.

    For the detailed security status of libvpx please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/libvpx

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUXPQxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RFDA/9GmZkMOfqEBNeItASvUeQAbPu9w7hh/Ah/Ox9gSFZMvD5QmGTs6Zp8lZY TmOKS2Ls1rgQnfM/c+dm6Le4H9e+EtGYvLI0P6KjIk3T+rA+55os3WoUE99KJsZr j0AZM0jsmaQVuV1MbJIJSGo6a49qRkSIF4eS7/rws8xImu73EgcPQiWep70kF8/i dqnYYqFEKJwT3Oxp2h4zYLM8Jqt8ji4caTHle20rcQ1tdOBCcqDWH87aNk1kqhWE Le281K7sDVYlpyIGSZRsvHbTusESlvp+92sRIQPRDdpMMkSgACBDcHpfCHiJDofD Dn+6Z4zA5XRxHOKlHvYvrg9lDSA1eu9V7oaR2YoBRfIcwd4HxB535FjJRNDGtt+0 thJnuv+zjiA2yK/GTBju52q+96qGcXhPrGOZiQeth4SdxVnK3FKc3lB6HbMgs4ZE RZNhs7AJ4I7pnyX6d8Zux3kPjejrdvBOFT8L+gNYzYn0tkcKHdpK2Xj0OMKboDLF xw26i8GgNb9RUht6Seb1dk2bnel2fJ+rqgxkltpVuTIFjQ942YtHm/a9xj6FLK3D 6CtX1masIZ53uo51k2qWAGJWUqovasIQQHBUeOHgFHw+lHNHNlSsiblu6xc9y4B4 2vpozR449Q3volOr7t7oWv/pmsqrd48ByYXj7NESzD/bm4uOo9E=
    =NrxQ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)