Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Mageia 2019-0239 Moderate: sdl2 Buffer Overflow Security Fixes

mageia
Calendar Grey September 6, 2019
Dist Mageia Esm H88
Mageia's latest Sdl2 updates released addressing numerous vulnerabilities in both graphic and sound manipulation applications.
Updated sdl2 packages fix security vulnerabilities This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files

Summary

Updated sdl2 packages fix security vulnerabilities
This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files.
- Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (rhbz#1676754) - Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (rhbz#1676754) - Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM) (rhbz#1676752, rhbz#1676756) - Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (rhbz#1676750) - Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (rhbz#1676744) - Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (rhbz#1676510) - Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (rhbz#1676782) - Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel colors out the palette) (rhbz#1677159) - Fix CVE-2019-7636, CVE-2019-7638 (buffer overflows when processing BMP images with too high number of colors) (rhbz#1677144, rhbz#1677157) - Fix CVE-2019-7637 (an...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24497

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OHEXXGCOKNICFBDMNVYYDTSDLQ42K5G5/

- https://security-tracker.debian.org/tracker/CVE-2019-13616

- https://github.com/libsdl-org/SDL/blob/0e9560aea22818884921e5e5064953257bfe7fa7/WhatsNew.txt

- https://www.cve.org/CVERecord?id=CVE-2010-13616

- https://www.cve.org/CVERecord?id=CVE-2019-7572

- https://www.cve.org/CVERecord?id=CVE-2019-7573

- https://www.cve.org/CVERecord?id=CVE-2019-7574

- https://www.cve.org/CVERecord?id=CVE-2019-7575

- https://www.cve.org/CVERecord?id=CVE-2019-7576

- https://www.cve.org/CVERecord?id=CVE-2019-7577

- https://www.cve.org/CVERecord?id=CVE-2019-7578

- https://www.cve.org/CVERecord?id=CVE-2019-7635

- https://www.cve.org/CVERecord?id=CVE-2019-7636

- https://www.cve.org/CVERecord?id=CVE-2019-7637

- https://www.cve.org/CVERecord?id=CVE-2019-7638

Topics%20covered

Topics Covered

security advisory buffer overflow software update vulnerability Mageia sdl2

Resolution

SRPMS

- 7/core/sdl2-2.0.10-1.mga7

- 7/core/mingw-SDL2-2.0.10-1.mga7

- 6/core/sdl2-2.0.10-1.mga6

- 6/core/mingw-SDL2-2.0.10-1.mga6

Publication date: 06 Sep 2019
URL: https://advisories.mageia.org/MGASA-2019-0239.html
Type: security
CVE: CVE-2010-13616, CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638

Topics%20covered

Topics Covered

security advisory buffer overflow software update vulnerability Mageia sdl2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here