https://source.android.com/security/bulletin/2019-08-01

USN-4199-1

The remote NewStart CGSL host, running version MAIN 6.02, has libvpx packages installed that are affected by multiple vulnerabilities:

  - In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote     information disclosure with no additional execution privileges needed. User interaction is not needed for     exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 (CVE-2019-9232)

  - In libvpx, there is a possible information disclosure due to improper input validation. This could lead to     remote information disclosure with no additional execution privileges needed. User interaction is needed     for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 (CVE-2019-9433)

  - In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to     remote denial of service with no additional execution privileges needed. User interaction is needed for     exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254 (CVE-2019-9371)

  - In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a     freed pointer. This could lead to remote code execution with no additional execution privileges needed.
    User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1     Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368. (CVE-2019-2126)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4629 advisory.

  - libvpx: Double free in ParseContentEncodingEntry() in mkvparser.cc (CVE-2019-2126)

  - libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)

  - libvpx: Resource exhaustion after memory leak in mkvparser.cc (CVE-2019-9371)

  - libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4629 advisory.

  - In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a     freed pointer. This could lead to remote code execution with no additional execution privileges needed.
    User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1     Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368. (CVE-2019-2126)

  - In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to     remote denial of service with no additional execution privileges needed. User interaction is needed for     exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254 (CVE-2019-9371)

  - In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote     information disclosure with no additional execution privileges needed. User interaction is not needed for     exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 (CVE-2019-9232)

  - In libvpx, there is a possible information disclosure due to improper input validation. This could lead to     remote information disclosure with no additional execution privileges needed. User interaction is needed     for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 (CVE-2019-9433)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4629 advisory.

  - libvpx: Double free in ParseContentEncodingEntry() in mkvparser.cc (CVE-2019-2126)

  - libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)

  - libvpx: Resource exhaustion after memory leak in mkvparser.cc (CVE-2019-9371)

  - libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the libvpx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Check in libvpx, due to lack of boundaries, may read     crossing the line.This can lead to a remote information     leakage, without other executive privilege.Use do not     need user interaction.(CVE-2019-2126)

  - In libvpx, there is a possible out of bounds read due     to a missing bounds check. This could lead to remote     information disclosure with no additional execution     privileges needed. User interaction is not needed for     exploitation. Product: AndroidVersions:
    Android-10Android ID: A-122675483(CVE-2019-9232)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libvpx fixes the following issues :

  - CVE-2019-2126: Fixed a double free in     ParseContentEncodingEntry() (bsc#1160611).

  - CVE-2019-9325: Fixed an out-of-bounds read     (bsc#1160612).

  - CVE-2019-9232: Fixed an out-of-bounds memory access on     fuzzed data (bsc#1160613).

  - CVE-2019-9433: Fixed a use-after-free in vp8_deblock()     (bsc#1160614).

  - CVE-2019-9371: Fixed a resource exhaustion after memory     leak (bsc#1160615).

This update was imported from the SUSE:SLE-15:Update update project.

Update to 1.8.2. Fixes several security vulnerabilities:
CVE-2019-9232, CVE 2019-9433, CVE-2019-9325, CVE-2019-9371, CVE-2019-2126

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libvpx fixes the following issues :

CVE-2019-2126: Fixed a double free in ParseContentEncodingEntry() (bsc#1160611).

CVE-2019-9325: Fixed an out-of-bounds read (bsc#1160612).

CVE-2019-9232: Fixed an out-of-bounds memory access on fuzzed data (bsc#1160613).

CVE-2019-9433: Fixed a use-after-free in vp8_deblock() (bsc#1160614).

CVE-2019-9371: Fixed a resource exhaustion after memory leak (bsc#1160615).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to 1.8.2

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
147382	NewStart CGSL MAIN 6.02 : libvpx Multiple Vulnerabilities (NS-SA-2021-0060)	Nessus	NewStart CGSL Local Security Checks	high
146031	CentOS 8 : libvpx (CESA-2020:4629)	Nessus	CentOS Local Security Checks	high
142773	Oracle Linux 8 : libvpx (ELSA-2020-4629)	Nessus	Oracle Linux Local Security Checks	high
142413	RHEL 8 : libvpx (RHSA-2020:4629)	Nessus	Red Hat Local Security Checks	high
139970	EulerOS 2.0 SP8 : libvpx (EulerOS-SA-2020-1867)	Nessus	Huawei Local Security Checks	high
133253	openSUSE Security Update : libvpx (openSUSE-2020-105)	Nessus	SuSE Local Security Checks	high
133236	Fedora 30 : libvpx (2020-6cd410d9e4)	Nessus	Fedora Local Security Checks	high
133141	SUSE SLED15 / SLES15 Security Update : libvpx (SUSE-SU-2020:0143-1)	Nessus	SuSE Local Security Checks	high
132789	Fedora 31 : libvpx (2020-65eac1b48b)	Nessus	Fedora Local Security Checks	high
131314	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : libvpx vulnerabilities (USN-4199-1)	Nessus	Ubuntu Local Security Checks	high

CVE-2019-2126

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

high

high

high

high

high