libvpx-devel-1.6.0-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10422-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libvpx-devel-1.6.0-2.1 on GA media These are all security issues fixed in the libvpx-devel-1.6.0-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10422 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-1621/ SUSE CVE CVE-2016-1621 page https://www.suse.com/security/cve/CVE-2016-2464/ SUSE CVE CVE-2016-2464 page openSUSE Tumbleweed libvpx-devel-1.6.0-2.1 libvpx4-1.6.0-2.1 libvpx4-32bit-1.6.0-2.1 vpx-tools-1.6.0-2.1 libvpx-devel-1.6.0-2.1 as a component of openSUSE Tumbleweed libvpx4-1.6.0-2.1 as a component of openSUSE Tumbleweed libvpx4-32bit-1.6.0-2.1 as a component of openSUSE Tumbleweed vpx-tools-1.6.0-2.1 as a component of openSUSE Tumbleweed libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792. CVE-2016-1621 openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1 openSUSE Tumbleweed:libvpx4-1.6.0-2.1 openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1 openSUSE Tumbleweed:vpx-tools-1.6.0-2.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-1621.html CVE-2016-1621 https://bugzilla.suse.com/972021 SUSE Bug 972021 libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726. CVE-2016-2464 openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1 openSUSE Tumbleweed:libvpx4-1.6.0-2.1 openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1 openSUSE Tumbleweed:vpx-tools-1.6.0-2.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2464.html CVE-2016-2464 https://bugzilla.suse.com/984448 SUSE Bug 984448