Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.4494
libvpx security update
27 November 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libvpx
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-9433 CVE-2019-9232
Reference: ASB-2019.0248
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libvpx
Version : 1.3.0-3+deb8u2
CVE ID : CVE-2019-9232 CVE-2019-9433
Several issues have been found in libvpx, a VP8 and VP9 video codec.
CVE-2019-9232
There is a possible out of bounds read due to a missing bounds check.
This could lead to remote information disclosure with no additional
execution privileges needed. User interaction is not needed for
exploitation.
CVE-2019-9433
There is a possible information disclosure due to improper input
validation. This could lead to remote information disclosure with
no additional execution privileges needed. User interaction is
needed for exploitation.
For Debian 8 "Jessie", these problems have been fixed in version
1.3.0-3+deb8u2.
We recommend that you upgrade your libvpx packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl3dnyUACgkQYS7xYT4F
D1SMyQ//ST+X3vR9XI0cGjCUfUDFzDWVeQAUQoxbPk9qi8IqkVsUnvWNZ7nQOydT
5XM8noomSGds29HGdK9L3XtEpEJuANXo1FW8vbgqw3cWnjwpZxLVkmk/U1+UImDw
SNZ4BjHi2WitSBwbS6F3ug1PdgCG8hbv8MQhzDZlWBdpuR/6PRqVRVD50mIc3vEM
qFRxrWtH0RKTzdRcrXP7ZkDlhsL6XqGrdy/npLAeUKQZUEIEiqc7ZbmLx1/naASI
VPiifmDrsCxjVHbc3WQbZpUo17PhsMZiiPU3a5yiGtFrTV3Zb75J/B1i1mrlyja/
BZZPzbMcGKymp+dMDyTMaLRJuoHf9thBHhduZBXHXZDf6FhCXLXBn/GygOWFpCOY
CnjkgzVd+bgZGFFl8QZjKgXVGcLKGKSbyGfIGmfgtVX5kbQKWXPpasRj6j7NTo/u
wNjLMimDM/lcEVeUjN7TqmLrNOPGAcuAE2gUudxcmgaRGr9ayFPGWR+mC6AJnzY+
+CO4uDj511URoboZJhhzlwPoBJFmI/Q1ZLGPWa5lwhxohMXRqml3wxUv5wApywsE
JgkiIrwYjuu4lp/K1Q/wQm5WB+QVvC8kwUq7yh/2P+jG0q/N3Ey9PgiQVHnmzYvh
TkEyXz0Nhy82+gyOaB1wV/pzj+xp224z1KgdHxB8Sw4jeVxEaoo=
=jp6V
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXd4GT2aOgq3Tt24GAQieJA//duvCkuJmEThOe5/KHrI5DzORae2PviQ6
Fl5kTubYEWYI0hQNyz/Ek0aKrv8gb96i47fMfxsRL0wcoLK06XPSn8A91a7EcHug
3DHdf//bif01uJk5zgcwiDyJ8wNYhv7yt9DITvZDoMb7e8X1XAGMMeyli77S8p2D
G4rOBFlYE7uew6i9bizOLGRZvgRVDd9oczNX2K2aU8Ro75sWiScvYnoltlvQd6GM
jegs1kyxxYn4P26YcmeKWE7h77wyWCxsHWGKs/Z2b0WoI2V0vHCqkKqkX3AihJn0
gQBgoLmo7+r6rbrlkDXuVuVt63QZGKwlUoBm7c09upVgjCv/CBt8nh6Zd25/g/KN
WX8vuW1IJ298GmRByFF0SOX/iKjKBGcyoJpN6X1P4t2IzpLIA7v7lZZG7EThgLNC
XyLa8SPnOB87DFxNXgYhTtgm24pGosB7hh40tkVTNDOfGqCUXLvP20MKS7Gxy2kI
4O9/CXYCL71z+W0rLxWPGWiT/1GLU13leDc7JEKnzHt3DE1ZMH4LYuZAXXVtxmzE
jyDE019PUgd0NxEnlLcyFZ7YolEX9zXm4DLvXZyByVwXwo7KrhT2hc4bFIp+G8Yd
RURuoM5V0DIaaIfzf9N30uGc+le00kz3wmDMPkWV3Ko8L01+AzgpQcrqQ5v+Cdph
yZ//QwlX+s0=
=ivBS
-----END PGP SIGNATURE-----