Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 603
Alerts This Week
Warning Icon 1 603

openSUSE: 2019:1223-1 Moderate: SDL Buffer Overflow Fix

opensuse
Calendar Grey April 17, 2019
Dist Opensuse Esm H88
openSUSE Security Update: Security update for SDL __________________________________________________
An update that fixes 11 vulnerabilities is now available.

Description

This update for SDL fixes the following issues:

Security issues fixed:

- CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in

audio/SDL_wave.c.(bsc#1124806).

- CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in

audio/SDL_wave.c (bsc#1125099).

- CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in

audio/SDL_wave.c (bsc#1124799).

- CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in

audio/SDL_wave.c (bsc#1124805).

- CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in

video/SDL_blit_1.c. (bsc#1124827).

- CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in

video/SDL_pixels.c (bsc#1124826).

- CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in

video/SDL_pixels.c (bsc#1124824).

- CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode

in audio/SDL_wave.c (bsc#1124803).

- CVE-2019-7575: Fixed a...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1223=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

SDL-debugsource-1.2.15-lp150.2.3.1

libSDL-1_2-0-1.2.15-lp150.2.3.1

libSDL-1_2-0-debuginfo-1.2.15-lp150.2.3.1

libSDL-devel-1.2.15-lp150.2.3.1

- openSUSE Leap 15.0 (x86_64):

libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1

libSDL-1_2-0-32bit-debuginfo-1.2.15-lp150.2.3.1

libSDL-devel-32bit-1.2.15-lp150.2.3.1

References

https://www.suse.com/security/cve/CVE-2019-7572.html

https://www.suse.com/security/cve/CVE-2019-7573.html

https://www.suse.com/security/cve/CVE-2019-7574.html

https://www.suse.com/security/cve/CVE-2019-7575.html

https://www.suse.com/security/cve/CVE-2019-7576.html

https://www.suse.com/security/cve/CVE-2019-7577.html

https://www.suse.com/security/cve/CVE-2019-7578.html

https://www.suse.com/security/cve/CVE-2019-7635.html

https://www.suse.com/security/cve/CVE-2019-7636.html

https://www.suse.com/security/cve/CVE-2019-7637.html

https://www.suse.com/security/cve/CVE-2019-7638.html

https://bugzilla.suse.com/1124799

https://bugzilla.suse.com/1124800

https://bugzilla.suse.com/1124802

https://bugzilla.suse.com/1124803

https://bugzilla.suse.com/1124805

https://bugzilla.suse.com/1124806

https://bugzilla.suse.com/1124824

https://bugzilla.suse.com/1124825

https://bugzilla.suse.com/1124826

https://bugzilla.suse.com/1124827

https://bugzilla.suse.com/1125099

--

Announcement ID: openSUSE-SU-2019:1223-1
Rating: moderate
Affected Products: openSUSE Leap 15.0

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.