MGASA-2022-0040 - Updated aom packages fix security vulnerability Publication date: 27 Jan 2022 URL: https://advisories.mageia.org/MGASA-2022-0040.html Type: security Affected Mageia releases: 8 CVE: CVE-2020-36129, CVE-2020-36130, CVE-2020-36131, CVE-2020-36133, CVE-2020-36135 AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c. (CVE-2020-36129) AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c. (CVE-2020-36130) AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c. (CVE-2020-36131) AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h. (CVE-2020-36133) AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c. (CVE-2020-36135) References: - https://bugs.mageia.org/show_bug.cgi?id=29808 - https://lists.suse.com/pipermail/sle-security-updates/2021-December/009940.html - https://lists.opensuse.org/archives/list/[email protected]/thread/3CU5I3APCIYTJ5MCNA4TTKLC2PLKDGKU/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36129 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135 SRPMS: - 8/core/aom-2.0.1-3.5.mga8