Fedora 28: 2019-6092f8c0dc Moderate: SDL Buffer Overflow Fix

Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed

to provide fast access to the graphics frame buffer and audio device.

This release fixes various buffer overflows when parsing or processing damaged

Waveform audio and BMP image files.

* Fri Feb 15 2019 Petr Pisar - 1.2.15-31

- Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (bug #1676510)

- Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (bug #1676744)

- Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (bug #1676750)

- Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (bug #1676754)

- Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (bug #1676754)

- Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM)

(bugs #1676752, #1676756)

- Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (bug #1676782)

- Fix CVE-2019-7638, CVE-2019-7636 (buffer overflows when processing BMP

images with too high number of colors) (bugs #1677144, #1677157)

- Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch) (bug #1677152)

- Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel

colors out the palette) (bug #1677159)

- Reject 2, 3, 5, 6, 7-bpp BMP images (bug #1677159)

[ 1 ] Bug #1676509 - CVE-2019-7577 SDL: Buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c

https://bugzilla.redhat.com/show_bug.cgi?id=1676509

[ 2 ] Bug #1676743 - CVE-2019-7575 SDL: Heap based buffer overflow in function MS_ADPCM_decode in audio/SDL_wave.c

https://bugzilla.redhat.com/show_bug.cgi?id=1676743

[ 3 ] Bug #1676749 - CVE-2019-7574 SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c

https://bugzilla.redhat.com/show_bug.cgi?id=1676749

[ 4 ] Bug #1676753 - CVE-2019-7572 SDL: Buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c

https://bugzilla.redhat.com/show_bug.cgi?id=1676753

[ 5 ] Bug #1676751 - CVE-2019-7573 SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c

https://bugzilla.redhat.com/show_bug.cgi?id=1676751

[ 6 ] Bug #1676755 - CVE-2019-7576 SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c

https://bugzilla.redhat.com/show_bug.cgi?id=1676755

[ 7 ] Bug #1676781 - CVE-2019-7578 SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c

https://bugzilla.redhat.com/show_bug.cgi?id=1676781

[ 8 ] Bug #1677143 - CVE-2019-7638 SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c

https://bugzilla.redhat.com/show_bug.cgi?id=1677143

[ 9 ] Bug #1677156 - CVE-2019-7636 SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c

https://bugzilla.redhat.com/show_bug.cgi?id=1677156

[ 10 ] Bug #1677151 - CVE-2019-7637 SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c

https://bugzilla.redhat.com/show_bug.cgi?id=1677151

[ 11 ] Bug #1677158 - CVE-2019-7635 SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c

https://bugzilla.redhat.com/show_bug.cgi?id=1677158

su -c 'dnf upgrade --advisory FEDORA-2019-6092f8c0dc' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/