Scientific Linux Security Update : libvpx on SL6.x i386/x86_64
High Nessus Plugin ID 60926
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionAn integer overflow flaw, leading to arbitrary memory writes, was found in libvpx. An attacker could create a specially crafted video encoded using the VP8 codec that, when played by a victim with an application using libvpx (such as Totem), would cause the application to crash or, potentially, execute arbitrary code. (CVE-2010-4203)
After installing the update, all applications using libvpx must be restarted for the changes to take effect.
SolutionUpdate the affected libvpx, libvpx-devel and / or libvpx-utils packages.