Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora 28 Security Update: SDL Buffer Overflow Issue Resolved

fedora
Calendar Grey March 20, 2019
Dist Fedora Esm H88
This patch addresses a significant security vulnerability in SDL tied to improper handling of corrupted audio files, guaranteeing enhanced protection.
This release fixes a buffer overflow when processing RIFF/WAV files with in invalid MS ADPCM predictor.

Summary

Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed

to provide fast access to the graphics frame buffer and audio device.

This release fixes a buffer overflow when processing RIFF/WAV files with in

invalid MS ADPCM predictor.

* Tue Mar 12 2019 Petr Pisar - 1.2.15-32

- Fix CVE-2019-7577 completely (a buffer overread in MS_ADPCM_nibble and

MS_ADPCM_decode on an invalid predictor) (bug #1676510)

* Fri Feb 15 2019 Petr Pisar - 1.2.15-31

- Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (bug #1676510)

- Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (bug #1676744)

- Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (bug #1676750)

- Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (bug #1676754)

- Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (bug #1676754)

- Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM)

(bugs #1676752, #1676756)

- Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (bug #1676782)

- Fix CVE-2019-7638, CVE-2019-7636 (buffer overflows when processing BMP

images with too high number of colors) (bugs #1677144, #1677157)

- Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch) (bug #1677152)

- Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel

colors out the palette) (bug #1677159)

- Reject 2, 3, 5, 6, 7-bpp BMP images (bug #1677159)

[ 1 ] Bug #1676509 - CVE-2019-7577 SDL: Buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c

https://bugzilla.redhat.com/show_bug.cgi?id=1676509

su -c 'dnf upgrade --advisory FEDORA-2019-918aad6bd5' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora software patch update information media library SDL

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 1.2.15
Release: 32.fc28
URL: http://www.libsdl.org/
Summary: A cross-platform multimedia library

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora software patch update information media library SDL

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here