[SECURITY] [DLA 4489-1] libvpx security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4489-1] libvpx security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 22 Feb 2026 18:35:45 +0000 (UTC)
Message-id: <[🔎] cd2c4fdb-295f-8362-c8cc-1d60279becf5@alteholz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4489-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
February 22, 2026                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libvpx
Version        : 1.9.0-1+deb11u5
CVE ID         : CVE-2026-2447


A buffer overflow was discovered in libvpx, a library implementing the
VP8/VP9 open video codecs, which could result in denial of service or
potentially the execution of arbitrary code.


For Debian 11 bullseye, this problem has been fixed in version
1.9.0-1+deb11u5.

We recommend that you upgrade your libvpx packages.

For the detailed security status of libvpx please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libvpx

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmmbTIJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEetyw//cm3bN9PwIv9f5UsHUyVQEZQjnweI6TlVKlGSEeAOVxJ6dFC3900ZPL2s
9F/C+jVK/AtA710hnyWtiZi9YHgVM78rSSYkbLE84iYE9kTqdQiU0CglhDoXH9vA
i1BNpoDFtOGOnvoWgGDcyITO2LfTaQoczYKCNuR8gmU6rvTDbBkz+4KbM0cBvx7E
1ao5+av/JveFU4izNFkGDJ7p86KbmHXN882EIGDvvyHlB+UQ1K8UDFqxqGiFK/cD
ucZz2bSxaLrwQQqqzQVWjGdYnsCxh3O7GNG+pbrS8wwDlp0Q1kMlkEYzReSmpIFb
dYIBEyRU0WWe//DFUGitJpfVc1QRB92lJG2tS4hsY1u+ThfT0AkTj3LiyB2G3FdW
DVHcpNk43wKs+/krRv42B7rin1qnDVMtwgouzqIRpxSfpKrF5kmDy2Rc6sOBJnd0
JAvsE2wLLWi9xG2FM5ctRqOGI5vsGN5AAQBUIicjHl1wLznHGBoSR+5Sio/ZjuSl
U6zjCDYKd7fGkYksPy7WH3PNXCXCADo8ggW5rQFUWV3R4Ed6h51sQlZXA9c8OFvU
BUF1aQHLvS3uF49oAJnLu3l1V/oNgSaE8A/v3qTdue34gwugeR9jMgPzKRc7yMYD
yMr0URRa4EQFUCwBk1Wn3sNw9vXaaUkxMbT5WU1GsVieJTwEQjM=
=Vkx/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4488-1] modsecurity-crs security update
Next by Date: [SECURITY] [DLA 4491-1] glib2.0 security update
Previous by thread: [SECURITY] [DLA 4488-1] modsecurity-crs security update
Next by thread: [SECURITY] [DLA 4491-1] glib2.0 security update
Index(es):
- Date
- Thread