openSUSE-SU-2020:0680

https://source.android.com/security/bulletin/2020-03-01

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libvpx packages installed that are affected by multiple vulnerabilities:

  - A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a     specially crafted file to cause a device hang or reboot. This issue is rated as High due to the     possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,     7.1. Android ID: A-30436808. (CVE-2017-0393)

  - In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input     validation. This could lead to remote information disclosure if error correction were turned on, with no     additional execution privileges needed. User interaction is not needed for exploitation.Product:
    AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 (CVE-2020-0034)

  - In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote     information disclosure with no additional execution privileges needed. User interaction is not needed for     exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 (CVE-2019-9232)

  - In libvpx, there is a possible information disclosure due to improper input validation. This could lead to     remote information disclosure with no additional execution privileges needed. User interaction is needed     for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 (CVE-2019-9433)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1558 advisory.

  - A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a     specially crafted file to cause a device hang or reboot. This issue is rated as High due to the     possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,     7.1. Android ID: A-30436808. (CVE-2017-0393)

  - In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote     information disclosure with no additional execution privileges needed. User interaction is not needed for     exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 (CVE-2019-9232)

  - In libvpx, there is a possible information disclosure due to improper input validation. This could lead to     remote information disclosure with no additional execution privileges needed. User interaction is needed     for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 (CVE-2019-9433)

  - In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input     validation. This could lead to remote information disclosure if error correction were turned on, with no     additional execution privileges needed. User interaction is not needed for exploitation.Product:
    AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 (CVE-2020-0034)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the version of the libvpx package installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - In vp8_decode_frame of decodeframe.c, there is a     possible out of bounds read due to improper input     validation. This could lead to remote information     disclosure if error correction were turned on, with no     additional execution privileges needed. User     interaction is not needed for     exploitation.(CVE-2020-0034)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security Fix(es) :

  - libvpx: Denial of service in mediaserver (CVE-2017-0393)

  - libvpx: Out of bounds read in vp8_norm table     (CVE-2019-9232)

  - libvpx: Use-after-free in vp8_deblock() in     vp8/common/postproc.c (CVE-2019-9433)

  - libvpx: Out of bounds read in vp8_decode_frame in     decodeframe.c (CVE-2020-0034)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3876 advisory.

  - libvpx: Denial of service in mediaserver (CVE-2017-0393)

  - libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)

  - libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)

  - libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c (CVE-2020-0034)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3876 advisory.

  - A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a     specially crafted file to cause a device hang or reboot. This issue is rated as High due to the     possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,     7.1. Android ID: A-30436808. (CVE-2017-0393)

  - In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote     information disclosure with no additional execution privileges needed. User interaction is not needed for     exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 (CVE-2019-9232)

  - In libvpx, there is a possible information disclosure due to improper input validation. This could lead to     remote information disclosure with no additional execution privileges needed. User interaction is needed     for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 (CVE-2019-9433)

  - In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input     validation. This could lead to remote information disclosure if error correction were turned on, with no     additional execution privileges needed. User interaction is not needed for exploitation.Product:
    AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 (CVE-2020-0034)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3876 advisory.

  - libvpx: Denial of service in mediaserver (CVE-2017-0393)

  - libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232)

  - libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433)

  - libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c (CVE-2020-0034)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for libvpx fixes the following issues :

CVE-2020-0034: Fixed an out-of-bounds read on truncated key frames (bsc#1166066).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libvpx fixes the following issues :

  - CVE-2020-0034: Fixed an out-of-bounds read on truncated     key frames (bsc#1166066).

This update was imported from the SUSE:SLE-15:Update update project.

It was discovered that there was an out-of-bounds buffer read vulnerability in libvpx, a library implementing the VP8 & VP9 video codecs.

For Debian 8 'Jessie', this issue has been fixed in libvpx version 1.3.0-3+deb8u3.

We recommend that you upgrade your libvpx packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
147310	NewStart CGSL CORE 5.04 / MAIN 5.04 : libvpx Multiple Vulnerabilities (NS-SA-2021-0015)	Nessus	NewStart CGSL Local Security Checks	high
142738	Amazon Linux 2 : libvpx (ALAS-2020-1558)	Nessus	Amazon Linux Local Security Checks	high
142235	EulerOS 2.0 SP2 : libvpx (EulerOS-SA-2020-2364)	Nessus	Huawei Local Security Checks	high
141685	Scientific Linux Security Update : libvpx on SL7.x x86_64 (20201001)	Nessus	Scientific Linux Local Security Checks	high
141617	CentOS 7 : libvpx (CESA-2020:3876)	Nessus	CentOS Local Security Checks	high
141257	Oracle Linux 7 : libvpx (ELSA-2020-3876)	Nessus	Oracle Linux Local Security Checks	high
141041	RHEL 7 : libvpx (RHSA-2020:3876)	Nessus	Red Hat Local Security Checks	high
140827	EulerOS 2.0 SP3 : libvpx (EulerOS-SA-2020-2060)	Nessus	Huawei Local Security Checks	high
138260	SUSE SLED15 / SLES15 Security Update : libvpx (SUSE-SU-2020:1297-2)	Nessus	SuSE Local Security Checks	high
136878	openSUSE Security Update : libvpx (openSUSE-2020-680)	Nessus	SuSE Local Security Checks	high
136790	SUSE SLED15 / SLES15 Security Update : libvpx (SUSE-SU-2020:1297-1)	Nessus	SuSE Local Security Checks	high
134352	Debian DLA-2136-1 : libvpx security update	Nessus	Debian Local Security Checks	high

CVE-2020-0034

HIGH

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high