|
|
Log in / Subscribe / Register

Debian alert DLA-4489-1 (libvpx)



From:
              Thorsten Alteholz <debian@alteholz.de>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4489-1] libvpx security update


Date:
              Sun, 22 Feb 2026 18:35:45 +0000


Message-ID:
              <cd2c4fdb-295f-8362-c8cc-1d60279becf5@alteholz.de>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4489-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
February 22, 2026                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libvpx
Version        : 1.9.0-1+deb11u5
CVE ID         : CVE-2026-2447


A buffer overflow was discovered in libvpx, a library implementing the
VP8/VP9 open video codecs, which could result in denial of service or
potentially the execution of arbitrary code.


For Debian 11 bullseye, this problem has been fixed in version
1.9.0-1+deb11u5.

We recommend that you upgrade your libvpx packages.

For the detailed security status of libvpx please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libvpx

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmmbTIJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEetyw//cm3bN9PwIv9f5UsHUyVQEZQjnweI6TlVKlGSEeAOVxJ6dFC3900ZPL2s
9F/C+jVK/AtA710hnyWtiZi9YHgVM78rSSYkbLE84iYE9kTqdQiU0CglhDoXH9vA
i1BNpoDFtOGOnvoWgGDcyITO2LfTaQoczYKCNuR8gmU6rvTDbBkz+4KbM0cBvx7E
1ao5+av/JveFU4izNFkGDJ7p86KbmHXN882EIGDvvyHlB+UQ1K8UDFqxqGiFK/cD
ucZz2bSxaLrwQQqqzQVWjGdYnsCxh3O7GNG+pbrS8wwDlp0Q1kMlkEYzReSmpIFb
dYIBEyRU0WWe//DFUGitJpfVc1QRB92lJG2tS4hsY1u+ThfT0AkTj3LiyB2G3FdW
DVHcpNk43wKs+/krRv42B7rin1qnDVMtwgouzqIRpxSfpKrF5kmDy2Rc6sOBJnd0
JAvsE2wLLWi9xG2FM5ctRqOGI5vsGN5AAQBUIicjHl1wLznHGBoSR+5Sio/ZjuSl
U6zjCDYKd7fGkYksPy7WH3PNXCXCADo8ggW5rQFUWV3R4Ed6h51sQlZXA9c8OFvU
BUF1aQHLvS3uF49oAJnLu3l1V/oNgSaE8A/v3qTdue34gwugeR9jMgPzKRc7yMYD
yMr0URRa4EQFUCwBk1Wn3sNw9vXaaUkxMbT5WU1GsVieJTwEQjM=
=Vkx/
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds