Security update for libvpx SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0680-1 Final 1 1 2020-05-22T16:16:50Z current 2020-05-22T16:16:50Z 2020-05-22T16:16:50Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libvpx This update for libvpx fixes the following issues: - CVE-2020-0034: Fixed an out-of-bounds read on truncated key frames (bsc#1166066). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-680 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TCLO6H4TMYC4OPEGZQNYZIQBWIOHFIVS/ E-Mail link for openSUSE-SU-2020:0680-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1166066 SUSE Bug 1166066 https://www.suse.com/security/cve/CVE-2020-0034/ SUSE CVE CVE-2020-0034 page openSUSE Leap 15.1 libvpx-devel-1.6.1-lp151.5.6.1 libvpx4-1.6.1-lp151.5.6.1 libvpx4-32bit-1.6.1-lp151.5.6.1 vpx-tools-1.6.1-lp151.5.6.1 libvpx-devel-1.6.1-lp151.5.6.1 as a component of openSUSE Leap 15.1 libvpx4-1.6.1-lp151.5.6.1 as a component of openSUSE Leap 15.1 libvpx4-32bit-1.6.1-lp151.5.6.1 as a component of openSUSE Leap 15.1 vpx-tools-1.6.1-lp151.5.6.1 as a component of openSUSE Leap 15.1 In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 CVE-2020-0034 openSUSE Leap 15.1:libvpx-devel-1.6.1-lp151.5.6.1 openSUSE Leap 15.1:libvpx4-1.6.1-lp151.5.6.1 openSUSE Leap 15.1:libvpx4-32bit-1.6.1-lp151.5.6.1 openSUSE Leap 15.1:vpx-tools-1.6.1-lp151.5.6.1 moderate 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TCLO6H4TMYC4OPEGZQNYZIQBWIOHFIVS/ https://www.suse.com/security/cve/CVE-2020-0034.html CVE-2020-0034 https://bugzilla.suse.com/1166066 SUSE Bug 1166066