| Summary: | libvpx new security issue CVE-2015-1258 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | davidwhodgins, herman.viaene, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| Whiteboard: | MGA4TOO has_procedure MGA4-64-OK MGA4-32-OK MGA5-64-OK advisory | ||
| Source RPM: | libvpx-1.3.0-3.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-05-22 18:18:00 CEST
David Walser
2015-05-22 18:18:10 CEST
Whiteboard:
(none) =>
MGA5TOO, MGA4TOO The size limit configure option that Google used was added in 1.4.0, initially during this commit: https://chromium.googlesource.com/webm/libvpx/+/943e43273b0a7369d07714e7fd2e19fecfb11c7c%5E!/ I've added that patch and the configure option Google used in Cauldron SVN. Hopefully that'll work out. If not, the other patches to the affected section of code that went into 1.4.0 are: https://chromium.googlesource.com/webm/libvpx/+/f68aaa38d65c0e97945b102c55e66c111396937c%5E!/ https://chromium.googlesource.com/webm/libvpx/+/18a7f69dae2a81a566692993897b07b651b2d9ec%5E!/ https://chromium.googlesource.com/webm/libvpx/+/423e8a9727b25d54de24630f9c042fd5bddf7c8d%5E!/ Patched packages uploaded for Mageia 4, Mageia 5, and Cauldron. Advisory: ======================== Updated libvpx packages fix security vulnerability: libvpx before 1.4.0 allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data (CVE-2015-1258). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1258 http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html ======================== Updated packages in core/updates_testing: ======================== libvpx1-1.3.0-1.1.mga4 libvpx-devel-1.3.0-1.1.mga4 libvpx-utils-1.3.0-1.1.mga4 libvpx1-1.3.0-3.1.mga5 libvpx-devel-1.3.0-3.1.mga5 libvpx-utils-1.3.0-3.1.mga5 from SRPMS: libvpx-1.3.0-1.1.mga4.src.rpm libvpx-1.3.0-3.1.mga5.src.rpm Version:
Cauldron =>
5 MGA4-64 on HP Probook 6555b No installation issues. Tested as per bug15993: general browsing, acid3 and sunspider tests run OK. CC:
(none) =>
herman.viaene
Herman Viaene
2015-06-23 10:44:38 CEST
Whiteboard:
MGA4TOO =>
MGA4TOO has_procedure MGA4-64-OK This update specifically affects VP9 video decoding, so please make sure that gets tested. MGA4-32 on AcerD620 Xfce. No installation issues. Installed chromium browser Tested as per bug15993 with chromium: general browsing, acid3 and sunspider tests run OK. Tested VP9 with chromium using https://www.youtube.com/watch?v=Ctjm1kxw-BM codec test: OK MGA5-64 on HP Probook 6555b KDE No installation issues. Installed chromium browser Tested as per bug15993 with chromium: general browsing, acid3 and sunspider tests run OK. Tested VP9 using with chromium https://www.youtube.com/watch?v=Ctjm1kxw-BM codec test: video window message "Error occured" This works OK with Firefox, but I guess this one does not use libvpx. Whiteboard:
MGA4TOO has_procedure MGA4-64-OK =>
MGA4TOO has_procedure MGA4-64-OK MGA4-32-OK Adding the MGA5-64-OK whiteboard entry based on comment 5. Advisory committed to svn. Someone from the sysadmin team please push 16019.adv to updates on both Mageia 5 and 4. Keywords:
(none) =>
validated_update An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0249.html Status:
NEW =>
RESOLVED |