Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Fedora 31: FEDORA-2020-ff2fe47ba4 Critical: SDL2 Multiple Issues

fedora
Calendar Grey February 7, 2020
Dist Fedora Esm H88
The latest MinGW SDL2 update in Fedora 31 addresses major security vulnerabilities. Explore the specific enhancements and fixes that boost stability and security.
MinGW cross compiled SDL 2.0.10, fixing a number of CVE issues.

Summary

Simple DirectMedia Layer (SDL) is a cross-platform multimedia library

designed to provide fast access to the graphics frame buffer and audio

device.

MinGW cross compiled SDL 2.0.10, fixing a number of CVE issues.

* Thu Nov 14 2019 Sandro Mani - 2.0.10-1

- Update to 2.0.10

* Tue Oct 8 2019 Sandro Mani - 2.0.9-4

- Rebuild (Changes/Mingw32GccDwarf2)

[ 1 ] Bug #1754614 - CVE-2019-13626 mingw-SDL2: SDL: integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c leads to heap-based buffer over-read in Fill_IMA_ADPCM_block [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1754614

[ 2 ] Bug #1754009 - CVE-2019-13616 mingw-SDL2: SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1754009

[ 3 ] Bug #1754601 - CVE-2019-12222 mingw-SDL2: SDL: out-of-bounds read in function SDL_InvalidateMap in video/SDL_pixels.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1754601

[ 4 ] Bug #1752631 - CVE-2019-12222 mingw-SDL2: SDL: out-of-bounds read in function SDL_InvalidateMap in video/SDL_pixels.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1752631

[ 5 ] Bug #1752616 - CVE-2019-12218 mingw-SDL2: SDL: null-pointer dereference in function IMG_LoadPCX_RW in IMG_pcx.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1752616

[ 6 ] Bug #1752612 - CVE-2019-12217 mingw-SDL2: SDL: null-pointer dereference in function stdio_read in file/SDL_rwops.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1752612

[ 7 ] Bug #1752604 - CVE-2019-12221 mingw-SDL2: SDL: null-pointer dereference in function SDL_free_REAL in stdlib/SDL_malloc.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1752604

[ 8 ] Bug #1752622 - CVE-2019-12219 mingw-SDL2: SDL: invalid free error in function SDL_SetError_REAL [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1752622

[ 9 ] Bug #1752626 - CVE-2019-12220 mingw-SDL2: SDL: out-of-bounds read in function SDL_FreePalette_REAL in video/SDL_pixels.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1752626

[ 10 ] Bug #1752608 - CVE-2019-12216 mingw-SDL2: SDL: heap-based buffer overflow in function SDL2_image function IMG_LoadPCX_RW in IMG_pcx.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1752608

su -c 'dnf upgrade --advisory FEDORA-2020-ff2fe47ba4' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 31
Version: 2.0.10
Release: 1.fc31
Summary: MinGW Windows port of SDL2 cross-platform multimedia library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.