|
|
Subscribe / Log in / New account

Ubuntu alert USN-6814-1 (libvpx)



From:
              Marc Deslauriers <marc.deslauriers@canonical.com>


To:
              "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>


Subject:
              [USN-6814-1] libvpx vulnerability


Date:
              Thu, 06 Jun 2024 13:41:17 -0400


Message-ID:
              <ee603271-79a2-46d8-83b6-ae754247ea08@canonical.com>


==========================================================================
Ubuntu Security Notice USN-6814-1
June 06, 2024

libvpx vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

libvpx could be made to crash or run programs if it opened a specially
crafted file.

Software Description:
- libvpx: VP8 and VP9 video codec

Details:

Xiantong Hou discovered that libvpx did not properly handle certain
malformed media files. If an application using libvpx opened a specially
crafted file, a remote attacker could cause a denial of service, or
possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   libvpx9                         1.14.0-1ubuntu2.1

Ubuntu 23.10
   libvpx7                         1.12.0-1ubuntu2.1

Ubuntu 22.04 LTS
   libvpx7                         1.11.0-2ubuntu2.3

Ubuntu 20.04 LTS
   libvpx6                         1.8.2-1ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6814-1
   CVE-2024-5197

Package Information:
   https://launchpad.net/ubuntu/+source/libvpx/1.14.0-1ubunt...
   https://launchpad.net/ubuntu/+source/libvpx/1.12.0-1ubunt...
   https://launchpad.net/ubuntu/+source/libvpx/1.11.0-2ubunt...
   https://launchpad.net/ubuntu/+source/libvpx/1.8.2-1ubuntu0.3





Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmZh9L0ACgkQZWnYVadE
vpNPZg/+Mr38lDxJ00UQqAqXCS99HQ1qRR+rsKh3Z3UeLWF0XptncrNlqYRS+dhO
xOx0thheoewr+m8t2OoQ9ZnSxNfpCvaPpMI4PgkH1h7/EttGoF4EgdQQbTDJzsCk
xwI2jUX3v9wNyOZfBul43C2Bw9XaslTSIT3q7bpnp16O4OE98sz5HiYn9k6L+4VV
xPCChPVGtiwnkD3lL3AquEmlTpc8fx/XyZ5sY2KDGSa4Gbl1SHSp70WyHs4jDhRC
hqnzsEiwHMw1wIjc3ubCWj5/kf0JYMv+Ryb3yUHBckoiTvAZmjv4bT6Wo0qnkeHU
Mv5NHVzvCu0NCOMQbYpMZV/12ZbAXmw0D7+3bkAmgDH8vWAyU2zsd3mGHZuczp4s
MwcvijE7u+amum40Kc9xBYNZ8CQ2O9GX1Z4FzTM3jg/Qlud9hhiYOhvHUlzi9uUT
mvn8Kta1bxzscAn4OtE9mR/KWhp6R19F/kX7L/l7FFkDl1uzH/vFsPg/GqP0eEW5
r1Vb8wpW3U49kOxbDeav/uZvRhnwQ944X4OnBkloknULPt/yOnOuPR/tlru6vJHD
fOy1iJSPBBWhwjESE5qzoPk3dQX2C7PKWfjMIfNNN4OPHXZt+niUBq3HrE90Sqxo
KWyFdZoKYD6DQlhbZ6fSV/wJyjc1w0twfb3butflfQ5DXWIKXF0=
=VoAo
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds