Skip to navigation

Security Advisory Moderate: libvpx security update

Advisory: RHSA-2010:0999-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-12-20
Last updated on: 2010-12-20
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.0.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2010-4203

Details

Updated libvpx packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The libvpx packages provide the VP8 SDK, which allows the encoding and
decoding of the VP8 video codec, commonly used with the WebM multimedia
container file format.

An integer overflow flaw, leading to arbitrary memory writes, was found in
libvpx. An attacker could create a specially-crafted video encoded using
the VP8 codec that, when played by a victim with an application using
libvpx (such as Totem), would cause the application to crash or,
potentially, execute arbitrary code. (CVE-2010-4203)

All users of libvpx are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, all applications using libvpx must be restarted for the changes to
take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
libvpx-0.9.0-8.el6_0.src.rpm     MD5: f6254e0f56adefb80a13ad257a98a388
SHA-256: 90aa26e2c922535cba5da8d2707f2d9f15cdc3b1a1ddd36b21de4af39e878dfa
 
IA-32:
libvpx-0.9.0-8.el6_0.i686.rpm     MD5: 015c690943bf8089c9c01b3704a6e203
SHA-256: 33a7e5e92fb72f6db9bd1b41faea90258bba05f99d8637be2b21c3ea4ba25b42
libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm     MD5: 1c3cfa9eb9c8a382470beac43ef6b600
SHA-256: 0581104b765c531a0530ca788e75d2748672f45a8852278fe451545d8abfa3e1
libvpx-devel-0.9.0-8.el6_0.i686.rpm     MD5: a93f0552d78628e071a96b7c22dca083
SHA-256: 7ec7a33ef2ab2fa5a147d993b2cdcdb11ba1297be0e9c138019827dcc8ea8419
libvpx-utils-0.9.0-8.el6_0.i686.rpm     MD5: e28d8f3d13a071325d2317c968f8b79c
SHA-256: 5ced3ebbf8eb4791221ce85e36f10630b2610e922849dd79fd3fc89503c03048
 
x86_64:
libvpx-0.9.0-8.el6_0.i686.rpm     MD5: 015c690943bf8089c9c01b3704a6e203
SHA-256: 33a7e5e92fb72f6db9bd1b41faea90258bba05f99d8637be2b21c3ea4ba25b42
libvpx-0.9.0-8.el6_0.x86_64.rpm     MD5: a2d2a7e0554bcbf03172bb3383eda9bb
SHA-256: b5132a73189515741b4161eed108e7b98117e83205e5ef73842a3fd74ddcf9d3
libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm     MD5: 1c3cfa9eb9c8a382470beac43ef6b600
SHA-256: 0581104b765c531a0530ca788e75d2748672f45a8852278fe451545d8abfa3e1
libvpx-debuginfo-0.9.0-8.el6_0.x86_64.rpm     MD5: 335974c0c277c5a2e0abcc3e900a29f9
SHA-256: 473e66b275b3ded8b7a0d6c43d6ed1fc1ad1ed42b36a73dc37fc130f7e516e5d
libvpx-devel-0.9.0-8.el6_0.i686.rpm     MD5: a93f0552d78628e071a96b7c22dca083
SHA-256: 7ec7a33ef2ab2fa5a147d993b2cdcdb11ba1297be0e9c138019827dcc8ea8419
libvpx-devel-0.9.0-8.el6_0.x86_64.rpm     MD5: f4c143ed5e0f999bcc22b6a704f044ac
SHA-256: 6daa1e1cc40f2fe04c26196875c1dd61cc4fd26504a04546809ec1b717fd9b8b
libvpx-utils-0.9.0-8.el6_0.x86_64.rpm     MD5: 474ea0dbf33a37b09c7ca095f945788c
SHA-256: ef46e8af98054a923f87c8e239b5b357844831fff613e227a33551ecf8c7be72
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
libvpx-0.9.0-8.el6_0.src.rpm     MD5: f6254e0f56adefb80a13ad257a98a388
SHA-256: 90aa26e2c922535cba5da8d2707f2d9f15cdc3b1a1ddd36b21de4af39e878dfa
 
IA-32:
libvpx-0.9.0-8.el6_0.i686.rpm     MD5: 015c690943bf8089c9c01b3704a6e203
SHA-256: 33a7e5e92fb72f6db9bd1b41faea90258bba05f99d8637be2b21c3ea4ba25b42
libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm     MD5: 1c3cfa9eb9c8a382470beac43ef6b600
SHA-256: 0581104b765c531a0530ca788e75d2748672f45a8852278fe451545d8abfa3e1
libvpx-devel-0.9.0-8.el6_0.i686.rpm     MD5: a93f0552d78628e071a96b7c22dca083
SHA-256: 7ec7a33ef2ab2fa5a147d993b2cdcdb11ba1297be0e9c138019827dcc8ea8419
libvpx-utils-0.9.0-8.el6_0.i686.rpm     MD5: e28d8f3d13a071325d2317c968f8b79c
SHA-256: 5ced3ebbf8eb4791221ce85e36f10630b2610e922849dd79fd3fc89503c03048
 
PPC:
libvpx-0.9.0-8.el6_0.ppc.rpm     MD5: c2b1b27a90b02fae50415300bdc76af3
SHA-256: 2fe44b29f03c315624cb7e7fc45a56913117fe2cc518b8cd09936489ee4a9df0
libvpx-0.9.0-8.el6_0.ppc64.rpm     MD5: 0f82f8cc17bee8d090069faadeb9969f
SHA-256: 87ff348145144a1f61dc814378b27da715b02b015d43de87df5b6c34c3d851dc
libvpx-debuginfo-0.9.0-8.el6_0.ppc.rpm     MD5: f4a964628340c26a91dae51b6544efeb
SHA-256: 134fab8ec83ffc4e122b0dfb5c170e7492489b6e4a41789e2358381eb997de38
libvpx-debuginfo-0.9.0-8.el6_0.ppc64.rpm     MD5: aae2385e7f88ae3a48aaa16b3132832e
SHA-256: 944432b0a294df4e947356d9372ae71fa5ab603bc243ba10bce003b60d80dbda
libvpx-devel-0.9.0-8.el6_0.ppc.rpm     MD5: 811e673f71ae60f907df4bd2af3e0be9
SHA-256: 783a4d92e0a0cb4418737c4ccfddbb25ca2999891e08427168895a9b629dcd9d
libvpx-devel-0.9.0-8.el6_0.ppc64.rpm     MD5: 8b6641a83097f6c9cfd9d345ed50ba96
SHA-256: c24d8721aefa2e10a7e0f42a164d8e77752c162daaaf612d780cc403653a111c
libvpx-utils-0.9.0-8.el6_0.ppc64.rpm     MD5: 4f3babc55c447d99c6b3a66eae1ef0f7
SHA-256: 24fc43babe61bdd13fd943c1871dc523811c281f846c6d4bc27a36c1670f0268
 
s390x:
libvpx-0.9.0-8.el6_0.s390.rpm     MD5: 344e0ee186c0ec031f8cefab743216ee
SHA-256: a2de3499733c938f54d464b8b6ed7318797ca6e8442d234c52149ac8c9bf1574
libvpx-0.9.0-8.el6_0.s390x.rpm     MD5: c75c30a6c81b82e371bd939b62bec95f
SHA-256: b0e9881f040ccc47dfbbf1d02fb7f074395695cdae7f38f7647835cd0641a430
libvpx-debuginfo-0.9.0-8.el6_0.s390.rpm     MD5: 3ffaa04420ae0cc817ccae6951663cae
SHA-256: 72f06ff5d7e64e99c5f6e9f6a16fe0f8f234acbd93cad67f11578c92c305cc70
libvpx-debuginfo-0.9.0-8.el6_0.s390x.rpm     MD5: ed0252e718d1b83e48563ad5da35c463
SHA-256: 90ed1124993cbd638b018486d6a3e1d87d2673991ef024b675aea459f84e9f11
libvpx-devel-0.9.0-8.el6_0.s390.rpm     MD5: b19b3bfff351b24838407545e9113e81
SHA-256: 9802d47e9ab8c3cc83635ba6d371223d761de31cc6073c78cb1f8d4cfe42ad18
libvpx-devel-0.9.0-8.el6_0.s390x.rpm     MD5: cd8f732a21f4679d97ba92a8b82f34a5
SHA-256: 8dcf48252520db73abdc66ab81fb2d59b7482ccbbc2d199f4f058402f48817af
libvpx-utils-0.9.0-8.el6_0.s390x.rpm     MD5: 86ad173477956fecf7e7b46b74a2ad2c
SHA-256: a0ad176a0f307a13ee63354a0cc76e5a472ede6b25ad225b483abe3bc20598af
 
x86_64:
libvpx-0.9.0-8.el6_0.i686.rpm     MD5: 015c690943bf8089c9c01b3704a6e203
SHA-256: 33a7e5e92fb72f6db9bd1b41faea90258bba05f99d8637be2b21c3ea4ba25b42
libvpx-0.9.0-8.el6_0.x86_64.rpm     MD5: a2d2a7e0554bcbf03172bb3383eda9bb
SHA-256: b5132a73189515741b4161eed108e7b98117e83205e5ef73842a3fd74ddcf9d3
libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm     MD5: 1c3cfa9eb9c8a382470beac43ef6b600
SHA-256: 0581104b765c531a0530ca788e75d2748672f45a8852278fe451545d8abfa3e1
libvpx-debuginfo-0.9.0-8.el6_0.x86_64.rpm     MD5: 335974c0c277c5a2e0abcc3e900a29f9
SHA-256: 473e66b275b3ded8b7a0d6c43d6ed1fc1ad1ed42b36a73dc37fc130f7e516e5d
libvpx-devel-0.9.0-8.el6_0.i686.rpm     MD5: a93f0552d78628e071a96b7c22dca083
SHA-256: 7ec7a33ef2ab2fa5a147d993b2cdcdb11ba1297be0e9c138019827dcc8ea8419
libvpx-devel-0.9.0-8.el6_0.x86_64.rpm     MD5: f4c143ed5e0f999bcc22b6a704f044ac
SHA-256: 6daa1e1cc40f2fe04c26196875c1dd61cc4fd26504a04546809ec1b717fd9b8b
libvpx-utils-0.9.0-8.el6_0.x86_64.rpm     MD5: 474ea0dbf33a37b09c7ca095f945788c
SHA-256: ef46e8af98054a923f87c8e239b5b357844831fff613e227a33551ecf8c7be72
 
Red Hat Enterprise Linux Server EUS (v. 6.0.z)

SRPMS:
libvpx-0.9.0-8.el6_0.src.rpm     MD5: f6254e0f56adefb80a13ad257a98a388
SHA-256: 90aa26e2c922535cba5da8d2707f2d9f15cdc3b1a1ddd36b21de4af39e878dfa
 
IA-32:
libvpx-0.9.0-8.el6_0.i686.rpm     MD5: 015c690943bf8089c9c01b3704a6e203
SHA-256: 33a7e5e92fb72f6db9bd1b41faea90258bba05f99d8637be2b21c3ea4ba25b42
libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm     MD5: 1c3cfa9eb9c8a382470beac43ef6b600
SHA-256: 0581104b765c531a0530ca788e75d2748672f45a8852278fe451545d8abfa3e1
libvpx-devel-0.9.0-8.el6_0.i686.rpm     MD5: a93f0552d78628e071a96b7c22dca083
SHA-256: 7ec7a33ef2ab2fa5a147d993b2cdcdb11ba1297be0e9c138019827dcc8ea8419
libvpx-utils-0.9.0-8.el6_0.i686.rpm     MD5: e28d8f3d13a071325d2317c968f8b79c
SHA-256: 5ced3ebbf8eb4791221ce85e36f10630b2610e922849dd79fd3fc89503c03048
 
PPC:
libvpx-0.9.0-8.el6_0.ppc.rpm     MD5: c2b1b27a90b02fae50415300bdc76af3
SHA-256: 2fe44b29f03c315624cb7e7fc45a56913117fe2cc518b8cd09936489ee4a9df0
libvpx-0.9.0-8.el6_0.ppc64.rpm     MD5: 0f82f8cc17bee8d090069faadeb9969f
SHA-256: 87ff348145144a1f61dc814378b27da715b02b015d43de87df5b6c34c3d851dc
libvpx-debuginfo-0.9.0-8.el6_0.ppc.rpm     MD5: f4a964628340c26a91dae51b6544efeb
SHA-256: 134fab8ec83ffc4e122b0dfb5c170e7492489b6e4a41789e2358381eb997de38
libvpx-debuginfo-0.9.0-8.el6_0.ppc64.rpm     MD5: aae2385e7f88ae3a48aaa16b3132832e
SHA-256: 944432b0a294df4e947356d9372ae71fa5ab603bc243ba10bce003b60d80dbda
libvpx-devel-0.9.0-8.el6_0.ppc.rpm     MD5: 811e673f71ae60f907df4bd2af3e0be9
SHA-256: 783a4d92e0a0cb4418737c4ccfddbb25ca2999891e08427168895a9b629dcd9d
libvpx-devel-0.9.0-8.el6_0.ppc64.rpm     MD5: 8b6641a83097f6c9cfd9d345ed50ba96
SHA-256: c24d8721aefa2e10a7e0f42a164d8e77752c162daaaf612d780cc403653a111c
libvpx-utils-0.9.0-8.el6_0.ppc64.rpm     MD5: 4f3babc55c447d99c6b3a66eae1ef0f7
SHA-256: 24fc43babe61bdd13fd943c1871dc523811c281f846c6d4bc27a36c1670f0268
 
s390x:
libvpx-0.9.0-8.el6_0.s390.rpm     MD5: 344e0ee186c0ec031f8cefab743216ee
SHA-256: a2de3499733c938f54d464b8b6ed7318797ca6e8442d234c52149ac8c9bf1574
libvpx-0.9.0-8.el6_0.s390x.rpm     MD5: c75c30a6c81b82e371bd939b62bec95f
SHA-256: b0e9881f040ccc47dfbbf1d02fb7f074395695cdae7f38f7647835cd0641a430
libvpx-debuginfo-0.9.0-8.el6_0.s390.rpm     MD5: 3ffaa04420ae0cc817ccae6951663cae
SHA-256: 72f06ff5d7e64e99c5f6e9f6a16fe0f8f234acbd93cad67f11578c92c305cc70
libvpx-debuginfo-0.9.0-8.el6_0.s390x.rpm     MD5: ed0252e718d1b83e48563ad5da35c463
SHA-256: 90ed1124993cbd638b018486d6a3e1d87d2673991ef024b675aea459f84e9f11
libvpx-devel-0.9.0-8.el6_0.s390.rpm     MD5: b19b3bfff351b24838407545e9113e81
SHA-256: 9802d47e9ab8c3cc83635ba6d371223d761de31cc6073c78cb1f8d4cfe42ad18
libvpx-devel-0.9.0-8.el6_0.s390x.rpm     MD5: cd8f732a21f4679d97ba92a8b82f34a5
SHA-256: 8dcf48252520db73abdc66ab81fb2d59b7482ccbbc2d199f4f058402f48817af
libvpx-utils-0.9.0-8.el6_0.s390x.rpm     MD5: 86ad173477956fecf7e7b46b74a2ad2c
SHA-256: a0ad176a0f307a13ee63354a0cc76e5a472ede6b25ad225b483abe3bc20598af
 
x86_64:
libvpx-0.9.0-8.el6_0.i686.rpm     MD5: 015c690943bf8089c9c01b3704a6e203
SHA-256: 33a7e5e92fb72f6db9bd1b41faea90258bba05f99d8637be2b21c3ea4ba25b42
libvpx-0.9.0-8.el6_0.x86_64.rpm     MD5: a2d2a7e0554bcbf03172bb3383eda9bb
SHA-256: b5132a73189515741b4161eed108e7b98117e83205e5ef73842a3fd74ddcf9d3
libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm     MD5: 1c3cfa9eb9c8a382470beac43ef6b600
SHA-256: 0581104b765c531a0530ca788e75d2748672f45a8852278fe451545d8abfa3e1
libvpx-debuginfo-0.9.0-8.el6_0.x86_64.rpm     MD5: 335974c0c277c5a2e0abcc3e900a29f9
SHA-256: 473e66b275b3ded8b7a0d6c43d6ed1fc1ad1ed42b36a73dc37fc130f7e516e5d
libvpx-devel-0.9.0-8.el6_0.i686.rpm     MD5: a93f0552d78628e071a96b7c22dca083
SHA-256: 7ec7a33ef2ab2fa5a147d993b2cdcdb11ba1297be0e9c138019827dcc8ea8419
libvpx-devel-0.9.0-8.el6_0.x86_64.rpm     MD5: f4c143ed5e0f999bcc22b6a704f044ac
SHA-256: 6daa1e1cc40f2fe04c26196875c1dd61cc4fd26504a04546809ec1b717fd9b8b
libvpx-utils-0.9.0-8.el6_0.x86_64.rpm     MD5: 474ea0dbf33a37b09c7ca095f945788c
SHA-256: ef46e8af98054a923f87c8e239b5b357844831fff613e227a33551ecf8c7be72
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
libvpx-0.9.0-8.el6_0.src.rpm     MD5: f6254e0f56adefb80a13ad257a98a388
SHA-256: 90aa26e2c922535cba5da8d2707f2d9f15cdc3b1a1ddd36b21de4af39e878dfa
 
IA-32:
libvpx-0.9.0-8.el6_0.i686.rpm     MD5: 015c690943bf8089c9c01b3704a6e203
SHA-256: 33a7e5e92fb72f6db9bd1b41faea90258bba05f99d8637be2b21c3ea4ba25b42
libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm     MD5: 1c3cfa9eb9c8a382470beac43ef6b600
SHA-256: 0581104b765c531a0530ca788e75d2748672f45a8852278fe451545d8abfa3e1
libvpx-devel-0.9.0-8.el6_0.i686.rpm     MD5: a93f0552d78628e071a96b7c22dca083
SHA-256: 7ec7a33ef2ab2fa5a147d993b2cdcdb11ba1297be0e9c138019827dcc8ea8419
libvpx-utils-0.9.0-8.el6_0.i686.rpm     MD5: e28d8f3d13a071325d2317c968f8b79c
SHA-256: 5ced3ebbf8eb4791221ce85e36f10630b2610e922849dd79fd3fc89503c03048
 
x86_64:
libvpx-0.9.0-8.el6_0.i686.rpm     MD5: 015c690943bf8089c9c01b3704a6e203
SHA-256: 33a7e5e92fb72f6db9bd1b41faea90258bba05f99d8637be2b21c3ea4ba25b42
libvpx-0.9.0-8.el6_0.x86_64.rpm     MD5: a2d2a7e0554bcbf03172bb3383eda9bb
SHA-256: b5132a73189515741b4161eed108e7b98117e83205e5ef73842a3fd74ddcf9d3
libvpx-debuginfo-0.9.0-8.el6_0.i686.rpm     MD5: 1c3cfa9eb9c8a382470beac43ef6b600
SHA-256: 0581104b765c531a0530ca788e75d2748672f45a8852278fe451545d8abfa3e1
libvpx-debuginfo-0.9.0-8.el6_0.x86_64.rpm     MD5: 335974c0c277c5a2e0abcc3e900a29f9
SHA-256: 473e66b275b3ded8b7a0d6c43d6ed1fc1ad1ed42b36a73dc37fc130f7e516e5d
libvpx-devel-0.9.0-8.el6_0.i686.rpm     MD5: a93f0552d78628e071a96b7c22dca083
SHA-256: 7ec7a33ef2ab2fa5a147d993b2cdcdb11ba1297be0e9c138019827dcc8ea8419
libvpx-devel-0.9.0-8.el6_0.x86_64.rpm     MD5: f4c143ed5e0f999bcc22b6a704f044ac
SHA-256: 6daa1e1cc40f2fe04c26196875c1dd61cc4fd26504a04546809ec1b717fd9b8b
libvpx-utils-0.9.0-8.el6_0.x86_64.rpm     MD5: 474ea0dbf33a37b09c7ca095f945788c
SHA-256: ef46e8af98054a923f87c8e239b5b357844831fff613e227a33551ecf8c7be72
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

651213 - CVE-2010-4203 libvpx: memory corruption flaw


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/