Bug 651213 (CVE-2010-4203)
Summary: | CVE-2010-4203 libvpx: memory corruption flaw | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bressers, jrb, ohudlick, tcallawa |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-03-28 22:20:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 652440, 652441, 652443 | ||
Bug Blocks: |
Description
Vincent Danen
2010-11-09 01:04:53 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4203 to the following vulnerability: Name: CVE-2010-4203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4203 Assigned: 20101105 Reference: CONFIRM: http://code.google.com/p/chromium/issues/detail?id=60055 Reference: CONFIRM: http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html WebM libvpx (aka the VP8 Codec SDK), as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. The first patchset is applied in F14, the second is not. Given this reproducer doesn't work in F14, I suspect the flaw is fixed there. We should still try to get the second patchset applied though. Created libvpx tracking bugs for this issue Affects: fedora-all [bug 652443] This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0999 https://rhn.redhat.com/errata/RHSA-2010-0999.html |