Explore top 10 tips to secure your open-source projects now. Read More
×Important: libvpx security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:5537", "synopsis": "Important: libvpx security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libvpx.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.\n\nSecurity Fix(es):\n\n* libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)\n\n* libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2241191", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191", "description": ""}, {"ticket": "2241806", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2241806", "description": ""}], "cves": [{"name": "CVE-2023-44488", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-44488", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-755"}, {"name": "CVE-2023-5217", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-5217", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-119"}], "references": [], "publishedAt": "2026-03-18T06:01:13.733535Z", "rpms": {"Rocky Linux 8": {"nvras": ["libvpx-0:1.7.0-10.el8_8.aarch64.rpm", "libvpx-0:1.7.0-10.el8_8.i686.rpm", "libvpx-0:1.7.0-10.el8_8.src.rpm", "libvpx-0:1.7.0-10.el8_8.x86_64.rpm","libvpx-debuginfo-0:1.7.0-10.el8_8.aarch64.rpm", "libvpx-debuginfo-0:1.7.0-10.el8_8.i686.rpm", "libvpx-debuginfo-0:1.7.0-10.el8_8.x86_64.rpm", "libvpx-debugsource-0:1.7.0-10.el8_8.aarch64.rpm", "libvpx-debugsource-0:1.7.0-10.el8_8.i686.rpm", "libvpx-debugsource-0:1.7.0-10.el8_8.x86_64.rpm", "libvpx-devel-0:1.7.0-10.el8_8.aarch64.rpm", "libvpx-devel-0:1.7.0-10.el8_8.i686.rpm", "libvpx-devel-0:1.7.0-10.el8_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Potential risks from libvpx issues on Rocky Linux include heap buffer overflow and VP9 crashes. Immediate updates recommended.. Rocky Linux libvpx updates heap buffer overflow VP9 crash. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-4629 http://linux.oracle.com/errata/ELSA-2026-4629.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: libvpx-1.14.1-6.el10_1.x86_64.rpm libvpx-devel-1.14.1-6.el10_1.x86_64.rpm aarch64: libvpx-1.14.1-6.el10_1.aarch64.rpm libvpx-devel-1.14.1-6.el10_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/libvpx-1.14.1-6.el10_1.src.rpm Related CVEs: CVE-2026-2447 Description of changes: [1.14.1-6] - Add patch for superindex full Resolves: RHEL-150332 _______________________________________________ El-errata mailing list
Important: libvpx security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:4629", "synopsis": "Important: libvpx security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libvpx.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.\n\nSecurity Fix(es):\n\n* libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2440219", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2440219", "description": ""}], "cves": [{"name": "CVE-2026-2447", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}], "references": [], "publishedAt": "2026-03-17T12:07:50.329361Z", "rpms": {"Rocky Linux 10": {"nvras": ["libvpx-0:1.14.1-6.el10_1.src.rpm", "libvpx-debuginfo-0:1.14.1-6.el10_1.ppc64le.rpm", "libvpx-debuginfo-0:1.14.1-6.el10_1.aarch64.rpm", "libvpx-devel-0:1.14.1-6.el10_1.ppc64le.rpm", "libvpx-0:1.14.1-6.el10_1.s390x.rpm", "libvpx-devel-0:1.14.1-6.el10_1.x86_64.rpm", "libvpx-debugsource-0:1.14.1-6.el10_1.aarch64.rpm", "libvpx-debugsource-0:1.14.1-6.el10_1.x86_64.rpm", "libvpx-debugsource-0:1.14.1-6.el10_1.s390x.rpm", "libvpx-debuginfo-0:1.14.1-6.el10_1.x86_64.rpm", "libvpx-0:1.14.1-6.el10_1.ppc64le.rpm", "libvpx-debugsource-0:1.14.1-6.el10_1.ppc64le.rpm", "libvpx-0:1.14.1-6.el10_1.aarch64.rpm","libvpx-devel-0:1.14.1-6.el10_1.aarch64.rpm", "libvpx-0:1.14.1-6.el10_1.x86_64.rpm", "libvpx-debuginfo-0:1.14.1-6.el10_1.s390x.rpm", "libvpx-devel-0:1.14.1-6.el10_1.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. An important security update for libvpx in Rocky Linux addresses a critical buffer overflow issue identified as CVE-2026-2447.. Rocky Linux libvpx update buffer overflow CVE-2026-2447. . Severity: Important. LinuxSecurity.com Team
Important: libvpx security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:4447", "synopsis": "Important: libvpx security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libvpx.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.\n\nSecurity Fix(es):\n\n* libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2440219", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2440219", "description": ""}], "cves": [{"name": "CVE-2026-2447", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-2447", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}], "references": [], "publishedAt": "2026-03-13T12:03:59.563415Z", "rpms": {"Rocky Linux 9": {"nvras": ["libvpx-0:1.9.0-10.el9_7.aarch64.rpm", "libvpx-0:1.9.0-10.el9_7.i686.rpm", "libvpx-0:1.9.0-10.el9_7.ppc64le.rpm", "libvpx-0:1.9.0-10.el9_7.s390x.rpm", "libvpx-0:1.9.0-10.el9_7.src.rpm", "libvpx-0:1.9.0-10.el9_7.x86_64.rpm", "libvpx-debuginfo-0:1.9.0-10.el9_7.aarch64.rpm", "libvpx-debuginfo-0:1.9.0-10.el9_7.i686.rpm", "libvpx-debuginfo-0:1.9.0-10.el9_7.ppc64le.rpm", "libvpx-debuginfo-0:1.9.0-10.el9_7.s390x.rpm", "libvpx-debuginfo-0:1.9.0-10.el9_7.x86_64.rpm", "libvpx-debugsource-0:1.9.0-10.el9_7.aarch64.rpm", "libvpx-debugsource-0:1.9.0-10.el9_7.i686.rpm", "libvpx-debugsource-0:1.9.0-10.el9_7.ppc64le.rpm","libvpx-debugsource-0:1.9.0-10.el9_7.s390x.rpm", "libvpx-debugsource-0:1.9.0-10.el9_7.x86_64.rpm", "libvpx-devel-0:1.9.0-10.el9_7.aarch64.rpm", "libvpx-devel-0:1.9.0-10.el9_7.i686.rpm", "libvpx-devel-0:1.9.0-10.el9_7.ppc64le.rpm", "libvpx-devel-0:1.9.0-10.el9_7.s390x.rpm", "libvpx-devel-0:1.9.0-10.el9_7.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. ], 'cves': [], 'references': [], 'publishedAt': '2026-03-13T12:03:59.563415Z', 'rpms': }, 'rebootSug. important, libvpx, security, update, references', publishedat', 2026-03-13t12. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-4447 http://linux.oracle.com/errata/ELSA-2026-4447.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libvpx-1.9.0-10.el9_7.i686.rpm libvpx-1.9.0-10.el9_7.x86_64.rpm libvpx-devel-1.9.0-10.el9_7.i686.rpm libvpx-devel-1.9.0-10.el9_7.x86_64.rpm aarch64: libvpx-1.9.0-10.el9_7.aarch64.rpm libvpx-devel-1.9.0-10.el9_7.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/libvpx-1.9.0-10.el9_7.src.rpm Related CVEs: CVE-2026-2447 Description of changes: [1.9.0-10] - Add patch for superindex full Resolves: RHEL-150344 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-3967 http://linux.oracle.com/errata/ELSA-2026-3967.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libvpx-1.7.0-13.el8_10.i686.rpm libvpx-1.7.0-13.el8_10.x86_64.rpm libvpx-devel-1.7.0-13.el8_10.i686.rpm libvpx-devel-1.7.0-13.el8_10.x86_64.rpm aarch64: libvpx-1.7.0-13.el8_10.aarch64.rpm libvpx-devel-1.7.0-13.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/libvpx-1.7.0-13.el8_10.src.rpm Related CVEs: CVE-2026-2447 Description of changes: [1.7.0-13] - Add patch for superframe index full Resolves: RHEL-150334 _______________________________________________ El-errata mailing list
Important: libvpx security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:3967", "synopsis": "Important: libvpx security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libvpx.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format.\n\nSecurity Fix(es):\n\n* libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2440219", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2440219", "description": ""}], "cves": [{"name": "CVE-2026-2447", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-2447", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}], "references": [], "publishedAt": "2026-03-10T12:01:15.755248Z", "rpms": {"Rocky Linux 8": {"nvras": ["libvpx-0:1.7.0-13.el8_10.aarch64.rpm", "libvpx-0:1.7.0-13.el8_10.i686.rpm", "libvpx-0:1.7.0-13.el8_10.src.rpm", "libvpx-0:1.7.0-13.el8_10.x86_64.rpm", "libvpx-debuginfo-0:1.7.0-13.el8_10.aarch64.rpm", "libvpx-debuginfo-0:1.7.0-13.el8_10.i686.rpm", "libvpx-debuginfo-0:1.7.0-13.el8_10.x86_64.rpm", "libvpx-debugsource-0:1.7.0-13.el8_10.aarch64.rpm", "libvpx-debugsource-0:1.7.0-13.el8_10.i686.rpm", "libvpx-debugsource-0:1.7.0-13.el8_10.x86_64.rpm", "libvpx-devel-0:1.7.0-13.el8_10.aarch64.rpm", "libvpx-devel-0:1.7.0-13.el8_10.i686.rpm", "libvpx-devel-0:1.7.0-13.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences":[]}. A critical libvpx buffer overflow fix available for Rocky Linux 8. Updates address important security aspects.. Rocky Linux vulnerabilities libvpx updates buffer overflow. . Severity: Important. LinuxSecurity.com Team
A buffer overflow was discovered in libvpx, a library implementing the VP8/VP9 open video codecs, which could result in denial of service or potentially the execution of arbitrary code. For Debian 11 bullseye, this problem has been fixed in version 1.9.0-1+deb11u5.. Debian LTS Advisory DLA-4489-1
Get the latest Linux and open source security news straight to your inbox.