Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

openSUSE 15.0: 2019:1261-1 Moderate: SDL2 Heap Overflow

opensuse
Calendar Grey April 23, 2019
Dist Opensuse Esm H88
Patch Note 2023:4590-2 for Fedora addresses 9 vulnerabilities in GTK3, improving system security and stability against emerging risks.
An update that fixes 11 vulnerabilities is now available.

Description

This update for SDL2 fixes the following issues:

Security issues fixed:

- CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in

audio/SDL_wave.c.(bsc#1124806).

- CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in

audio/SDL_wave.c (bsc#1125099).

- CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in

audio/SDL_wave.c (bsc#1124799).

- CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in

audio/SDL_wave.c (bsc#1124805).

- CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in

video/SDL_blit_1.c. (bsc#1124827).

- CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in

video/SDL_pixels.c (bsc#1124826).

- CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in

video/SDL_pixels.c (bsc#1124824).

- CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode

in audio/SDL_wave.c (bsc#1124803).

- CVE-2019-7575: Fixed a...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1261=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

SDL2-debugsource-2.0.8-lp150.2.3.1

libSDL2-2_0-0-2.0.8-lp150.2.3.1

libSDL2-2_0-0-debuginfo-2.0.8-lp150.2.3.1

libSDL2-devel-2.0.8-lp150.2.3.1

- openSUSE Leap 15.0 (x86_64):

libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1

libSDL2-2_0-0-32bit-debuginfo-2.0.8-lp150.2.3.1

libSDL2-devel-32bit-2.0.8-lp150.2.3.1

References

https://www.suse.com/security/cve/CVE-2019-7572.html

https://www.suse.com/security/cve/CVE-2019-7573.html

https://www.suse.com/security/cve/CVE-2019-7574.html

https://www.suse.com/security/cve/CVE-2019-7575.html

https://www.suse.com/security/cve/CVE-2019-7576.html

https://www.suse.com/security/cve/CVE-2019-7577.html

https://www.suse.com/security/cve/CVE-2019-7578.html

https://www.suse.com/security/cve/CVE-2019-7635.html

https://www.suse.com/security/cve/CVE-2019-7636.html

https://www.suse.com/security/cve/CVE-2019-7637.html

https://www.suse.com/security/cve/CVE-2019-7638.html

https://bugzilla.suse.com/1124799

https://bugzilla.suse.com/1124800

https://bugzilla.suse.com/1124802

https://bugzilla.suse.com/1124803

https://bugzilla.suse.com/1124805

https://bugzilla.suse.com/1124806

https://bugzilla.suse.com/1124824

https://bugzilla.suse.com/1124825

https://bugzilla.suse.com/1124826

https://bugzilla.suse.com/1124827

https://bugzilla.suse.com/1125099

--

Announcement ID: openSUSE-SU-2019:1261-1
Rating: moderate
Affected Products: openSUSE Leap 15.0

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.