openSUSE: 2019:1261-1: moderate: SDL2

    Date23 Apr 2019
    CategoryopenSUSE
    382
    Posted ByLinuxSecurity Advisories
    An update that fixes 11 vulnerabilities is now available.
       openSUSE Security Update: Security update for SDL2
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:1261-1
    Rating:             moderate
    References:         #1124799 #1124800 #1124802 #1124803 #1124805 
                        #1124806 #1124824 #1124825 #1124826 #1124827 
                        #1125099 
    Cross-References:   CVE-2019-7572 CVE-2019-7573 CVE-2019-7574
                        CVE-2019-7575 CVE-2019-7576 CVE-2019-7577
                        CVE-2019-7578 CVE-2019-7635 CVE-2019-7636
                        CVE-2019-7637 CVE-2019-7638
    Affected Products:
                        openSUSE Leap 15.0
    ______________________________________________________________________________
    
       An update that fixes 11 vulnerabilities is now available.
    
    Description:
    
       This update for SDL2 fixes the following issues:
    
       Security issues fixed:
    
       - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in
         audio/SDL_wave.c.(bsc#1124806).
       - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in
         audio/SDL_wave.c (bsc#1125099).
       - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in
         audio/SDL_wave.c (bsc#1124799).
       - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in
         audio/SDL_wave.c (bsc#1124805).
       - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in
         video/SDL_blit_1.c. (bsc#1124827).
       - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in
         video/SDL_pixels.c (bsc#1124826).
       - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in
         video/SDL_pixels.c (bsc#1124824).
       - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode
         in audio/SDL_wave.c (bsc#1124803).
       - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in
         audio/SDL_wave.c (bsc#1124802).
       - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect
         function in SDL_surface.c (bsc#1124825).
       - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in
         audio/SDL_wave.c (bsc#1124800).
    
       This update was imported from the SUSE:SLE-15:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.0:
    
          zypper in -t patch openSUSE-2019-1261=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.0 (i586 x86_64):
    
          SDL2-debugsource-2.0.8-lp150.2.3.1
          libSDL2-2_0-0-2.0.8-lp150.2.3.1
          libSDL2-2_0-0-debuginfo-2.0.8-lp150.2.3.1
          libSDL2-devel-2.0.8-lp150.2.3.1
    
       - openSUSE Leap 15.0 (x86_64):
    
          libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1
          libSDL2-2_0-0-32bit-debuginfo-2.0.8-lp150.2.3.1
          libSDL2-devel-32bit-2.0.8-lp150.2.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-7572.html
       https://www.suse.com/security/cve/CVE-2019-7573.html
       https://www.suse.com/security/cve/CVE-2019-7574.html
       https://www.suse.com/security/cve/CVE-2019-7575.html
       https://www.suse.com/security/cve/CVE-2019-7576.html
       https://www.suse.com/security/cve/CVE-2019-7577.html
       https://www.suse.com/security/cve/CVE-2019-7578.html
       https://www.suse.com/security/cve/CVE-2019-7635.html
       https://www.suse.com/security/cve/CVE-2019-7636.html
       https://www.suse.com/security/cve/CVE-2019-7637.html
       https://www.suse.com/security/cve/CVE-2019-7638.html
       https://bugzilla.suse.com/1124799
       https://bugzilla.suse.com/1124800
       https://bugzilla.suse.com/1124802
       https://bugzilla.suse.com/1124803
       https://bugzilla.suse.com/1124805
       https://bugzilla.suse.com/1124806
       https://bugzilla.suse.com/1124824
       https://bugzilla.suse.com/1124825
       https://bugzilla.suse.com/1124826
       https://bugzilla.suse.com/1124827
       https://bugzilla.suse.com/1125099
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.