Ubuntu has issued an advisory on June 3: https://ubuntu.com/security/notices/USN-7551-1 Fixed by: https://chromium.googlesource.com/webm/libvpx/+/1c758781c428c0e895645b95b8ff1512b6bdcecb
CVE: (none) => CVE-2025-5283Source RPM: (none) => libvpx-1.15.0-1.mga10.src.rpm, libvpx-1.12.0-1.3.mga9.src.rpmWhiteboard: (none) => MGA9TOOStatus comment: (none) => Patch available from upstream and Ubuntu
No registered maintainer, so assigning to all.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Fedora has issued an advisory on June 8: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFW4D73K3AUKLCFQCO3CMQVM3FH6SE6V/
Suggested advisory: ======================== The updated packages fix a security vulnerability: Double-free in libvpx encoder. (CVE-2025-5283) References: https://ubuntu.com/security/notices/USN-7551-1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFW4D73K3AUKLCFQCO3CMQVM3FH6SE6V/ ======================== Updated packages in core/updates_testing: ======================== lib(64)vpx-devel-1.12.0-1.4.mga9 lib(64)vpx7-1.12.0-1.4.mga9 libvpx-utils-1.12.0-1.4.mga9 from SRPM: libvpx-1.12.0-1.4.mga9.src.rpm
Version: Cauldron => 9Assignee: pkg-bugs => qa-bugsStatus comment: Patch available from upstream and Ubuntu => (none)Source RPM: libvpx-1.15.0-1.mga10.src.rpm, libvpx-1.12.0-1.3.mga9.src.rpm => libvpx-1.12.0-1.3.mga9.src.rpmStatus: NEW => ASSIGNEDWhiteboard: MGA9TOO => (none)
Keywords: (none) => advisory
installing lib64vpx7-1.12.0-1.4.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... #################################################################################################### 1/1: lib64vpx7 #################################################################################################### 1/1: removing lib64vpx7-1.12.0-1.3.mga9.x86_64 #################################################################################################### Play a webm video with vp9 codec strace mplayer video.webm shows openat(AT_FDCWD, "/usr/lib64/libvpx.so.7", O_RDONLY|O_CLOEXEC) = 3 As the bug is in the encoder, I later test with handbrake if no body do it
MGA9-64 server Plasma Wayland on Compaq H000SB. No installation issues. Unfortunately for me, previous updates gave me very little specific info on how tests had been done, so started experimenting around with the commands, handicapped by not much detailed knowledge on video formats. So I ended up using an avi file of my own making, being 4.2 Gb. $ vpxenc -w 720 -h 576 -o ars.mkv arsmusica1.avi Pass 1/2 frame 7237/7238 1505504B 1664b/f 49926b/s 648390 ms (11.16 fps) Pass 2/2 frame 7237/7213 110277076B 128800674 ms 3.37 fpm [ETA 0:07:12] 13459F 12564F 13590F 14048F 167F 28616F 13239F 13300F 13337F 13Pass 2/2 frame 7237/7237 110593834B 122253b/f 3667613b/s 128558217 ms (0.06 fps) The first pass took some 15 min. the second pass some +30 HOURS to complete and the result was a 105.5 Mb file, which I cpumd open with vlc, but just showed a 4 min. long display of shimmering colors. Giving up unless somone can point me to a better use of such command.
CC: (none) => herman.viaene
Convert with handbrake a mp4 video to mkv with vo9 codec the result looks good
Whiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0266.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED