openSUSE Leap 15: 2019:2070-1 Moderate: SDL2_image Buffer Overflows
opensuse
September 5, 2019
An update that fixes 12 vulnerabilities is now available.
Description
This update for SDL2_image fixes the following issues:
Update to new upstream release 2.0.5.
Security issues fixed:
* TALOS-2019-0820 CVE-2019-5051: exploitable heap-based buffer overflow
vulnerability when loading a PCX file (boo#1140419)
* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow
vulnerability when loading a PCX file (boo#1140421)
* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX
image-rendering functionality of SDL2_image (boo#1143763)
* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can
lead to code execution (boo#1143764)
* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image (boo#1143766)
* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image
(boo#1143768)
Not mentioned by upstream, but issues seemingly further fixed:
* CVE-2019-12218: NULL pointer dereference in the SDL2_image function
IMG_LoadPCX_RW (boo#1135789)
*...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-2070=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-2070=1
Package List
- openSUSE Leap 15.1 (i586 x86_64):
SDL2_image-debugsource-2.0.5-lp151.2.5.1
libSDL2_image-2_0-0-2.0.5-lp151.2.5.1
libSDL2_image-2_0-0-debuginfo-2.0.5-lp151.2.5.1
libSDL2_image-devel-2.0.5-lp151.2.5.1
- openSUSE Leap 15.1 (x86_64):
libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1
libSDL2_image-2_0-0-32bit-debuginfo-2.0.5-lp151.2.5.1
libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1
- openSUSE Leap 15.0 (i586 x86_64):
SDL2_image-debugsource-2.0.5-lp150.9.1
libSDL2_image-2_0-0-2.0.5-lp150.9.1
libSDL2_image-2_0-0-debuginfo-2.0.5-lp150.9.1
libSDL2_image-devel-2.0.5-lp150.9.1
- openSUSE Leap 15.0 (x86_64):
libSDL2_image-2_0-0-32bit-2.0.5-lp150.9.1
libSDL2_image-2_0-0-32bit-debuginfo-2.0.5-lp150.9.1
libSDL2_image-devel-32bit-2.0.5-lp150.9.1
References
https://www.suse.com/security/cve/CVE-2019-12217.html
https://www.suse.com/security/cve/CVE-2019-12218.html
https://www.suse.com/security/cve/CVE-2019-12220.html
https://www.suse.com/security/cve/CVE-2019-12221.html
https://www.suse.com/security/cve/CVE-2019-12222.html
https://www.suse.com/security/cve/CVE-2019-13616.html
https://www.suse.com/security/cve/CVE-2019-5051.html
https://www.suse.com/security/cve/CVE-2019-5052.html
https://www.suse.com/security/cve/CVE-2019-5057.html
https://www.suse.com/security/cve/CVE-2019-5058.html
https://www.suse.com/security/cve/CVE-2019-5059.html
https://www.suse.com/security/cve/CVE-2019-5060.html
https://bugzilla.suse.com/1135787
https://bugzilla.suse.com/1135789
https://bugzilla.suse.com/1135796
https://bugzilla.suse.com/1135806
https://bugzilla.suse.com/1136101
https://bugzilla.suse.com/1140419
https://bugzilla.suse.com/1140421
https://bugzilla.suse.com/1141844
https://bugzilla.suse.com/1143763
https://bugzilla.suse.com/1143764
https://bugzilla.suse.com/1143766
https:/...
Read the Full Advisory
PREVIOUS
NEXT
Announcement ID: openSUSE-SU-2019:2070-1
Rating: moderate
Affected Products:
openSUSE Leap 15.1
openSUSE Leap 15.0
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!