Fedora 29: SDL Security Update

    Date25 Feb 2019
    CategoryFedora
    600
    Posted ByLinuxSecurity Advisories
    This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files.
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2019-7a554204c1
    2019-02-26 03:04:46.115334
    --------------------------------------------------------------------------------
    
    Name        : SDL
    Product     : Fedora 29
    Version     : 1.2.15
    Release     : 36.fc29
    URL         : http://www.libsdl.org/
    Summary     : A cross-platform multimedia library
    Description :
    Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed
    to provide fast access to the graphics frame buffer and audio device.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    This release fixes various buffer overflows when parsing or processing damaged
    Waveform audio and BMP image files.
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Fri Feb 15 2019 Petr Pisar  - 1.2.15-36
    - Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (bug #1676510)
    - Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (bug #1676744)
    - Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (bug #1676750)
    - Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (bug #1676754)
    - Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (bug #1676754)
    - Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM)
      (bugs #1676752, #1676756)
    - Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (bug #1676782)
    - Fix CVE-2019-7638, CVE-2019-7636 (buffer overflows when processing BMP
      images with too high number of colors) (bugs #1677144, #1677157)
    - Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch) (bug #1677152)
    - Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel
      colors out the palette) (bug #1677159)
    - Reject 2, 3, 5, 6, 7-bpp BMP images (bug #1677159)
    * Mon Jan 14 2019 Petr Pisar  - 1.2.15-35
    - Remove manual updating of config.{guess,sub} - this has been part of
      %configure since 2013
    - Use system glext.h to prevent from clashing on a GL_GLEXT_VERSION definition
      (bug #1662778)
    * Tue Aug 28 2018 Petr Pisar  - 1.2.15-34
    - Remove useless build-time dependency on audiofile-devel
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1676509 - CVE-2019-7577 SDL: Buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1676509
      [ 2 ] Bug #1676743 - CVE-2019-7575 SDL: Heap based buffer overflow in function MS_ADPCM_decode in audio/SDL_wave.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1676743
      [ 3 ] Bug #1676749 - CVE-2019-7574 SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1676749
      [ 4 ] Bug #1676753 - CVE-2019-7572 SDL: Buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1676753
      [ 5 ] Bug #1676751 - CVE-2019-7573 SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1676751
      [ 6 ] Bug #1676755 - CVE-2019-7576 SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1676755
      [ 7 ] Bug #1676781 - CVE-2019-7578 SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1676781
      [ 8 ] Bug #1677143 - CVE-2019-7638 SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1677143
      [ 9 ] Bug #1677156 - CVE-2019-7636 SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1677156
      [ 10 ] Bug #1677151 - CVE-2019-7637 SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1677151
      [ 11 ] Bug #1677158 - CVE-2019-7635 SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1677158
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2019-7a554204c1' at the command
    line. For more information, refer to the dnf documentation available at
    http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.