Scientific Linux Security Update : libvpx on SL6.x i386/x86_64

High Nessus Plugin ID 60926


The remote Scientific Linux host is missing one or more security updates.


An integer overflow flaw, leading to arbitrary memory writes, was found in libvpx. An attacker could create a specially crafted video encoded using the VP8 codec that, when played by a victim with an application using libvpx (such as Totem), would cause the application to crash or, potentially, execute arbitrary code. (CVE-2010-4203)

After installing the update, all applications using libvpx must be restarted for the changes to take effect.


Update the affected libvpx, libvpx-devel and / or libvpx-utils packages.

See Also

Plugin Details

Severity: High

ID: 60926

File Name: sl_20101220_libvpx_on_SL6_x.nasl

Version: $Revision: 1.2 $

Type: local

Agent: unix

Published: 2012/08/01

Modified: 2014/08/16

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2010/12/20

Reference Information

CVE: CVE-2010-4203