Advisories » MGASA-2019-0369

Updated libvpx packages fix security vulnerabilities

Publication date: 06 Dec 2019
Modification date: 06 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-2126 , CVE-2019-9371

Description

Updated libvpx packages fix security vulnerabilities:

It was discovered that libvpx did not properly handle certain malformed
WebM media files. If an application using libvpx opened a specially crafted
WebM file, a remote attacker could cause a denial of service, or possibly
execute arbitrary code (CVE-2019-2126, CVE-2019-9371).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25789
• https://usn.ubuntu.com/4199-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2126
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9371

SRPMS

7/core

• libvpx-1.8.1-1.mga7