Scientific Linux Security Update : libvpx on SL6.x i386/x86_64

high Nessus Plugin ID 60926

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

An integer overflow flaw, leading to arbitrary memory writes, was found in libvpx. An attacker could create a specially crafted video encoded using the VP8 codec that, when played by a victim with an application using libvpx (such as Totem), would cause the application to crash or, potentially, execute arbitrary code. (CVE-2010-4203)

After installing the update, all applications using libvpx must be restarted for the changes to take effect.

Solution

Update the affected libvpx, libvpx-devel and / or libvpx-utils packages.

See Also

http://www.nessus.org/u?4c1044e9

Plugin Details

Severity: High

ID: 60926

File Name: sl_20101220_libvpx_on_SL6_x.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 12/20/2010

Reference Information

CVE: CVE-2010-4203