A recent Google Chrome update indicated there was a memory corruption flaw in libvpx [1]. Upstream changes to correct the flaw are here: https://review.webmproject.org/#change,928 http://review.webmproject.org/#change,1098 (the second is to fix some regressions introduced by the first patch, by the looks of things). libvpx seems to only be used, currently, by gstreamer-plugins-bad-free. [1] http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4203 to the following vulnerability: Name: CVE-2010-4203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4203 Assigned: 20101105 Reference: CONFIRM: http://code.google.com/p/chromium/issues/detail?id=60055 Reference: CONFIRM: http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html WebM libvpx (aka the VP8 Codec SDK), as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
The first patchset is applied in F14, the second is not. Given this reproducer doesn't work in F14, I suspect the flaw is fixed there. We should still try to get the second patchset applied though.
Created libvpx tracking bugs for this issue Affects: fedora-all [bug 652443]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0999 https://rhn.redhat.com/errata/RHSA-2010-0999.html