openSUSE: 2019:2108-1: moderate: SDL2_image

    Date10 Sep 2019
    Posted ByLinuxSecurity Advisories
    An update that fixes 12 vulnerabilities is now available.
       openSUSE Security Update: Security update for SDL2_image
    Announcement ID:    openSUSE-SU-2019:2108-1
    Rating:             moderate
    References:         #1135787 #1135789 #1135796 #1135806 #1136101 
                        #1140419 #1140421 #1141844 #1143763 #1143764 
                        #1143766 #1143768 
    Cross-References:   CVE-2019-12217 CVE-2019-12218 CVE-2019-12220
                        CVE-2019-12221 CVE-2019-12222 CVE-2019-13616
                        CVE-2019-5051 CVE-2019-5052 CVE-2019-5057
                        CVE-2019-5058 CVE-2019-5059 CVE-2019-5060
    Affected Products:
                        openSUSE Backports SLE-15-SP1
                        openSUSE Backports SLE-15
       An update that fixes 12 vulnerabilities is now available.
       This update for SDL2_image fixes the following issues:
       Update to new upstream release 2.0.5.
       Security issues fixed:
       * TALOS-2019-0820 CVE-2019-5051: exploitable heap-based buffer overflow
         vulnerability when loading a PCX file (boo#1140419)
       * TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow
         vulnerability when loading a PCX file (boo#1140421)
       * TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX
         image-rendering functionality of SDL2_image (boo#1143763)
       * TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can
         lead to code execution (boo#1143764)
       * TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image (boo#1143766)
       * TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image
       Not mentioned by upstream, but issues seemingly further fixed:
       * CVE-2019-12218: NULL pointer dereference in the SDL2_image function
         IMG_LoadPCX_RW (boo#1135789)
       * CVE-2019-12217: NULL pointer dereference in the SDL stdio_read function
       * CVE-2019-12220: SDL_image triggers an out-of-bounds read in the SDL
         function SDL_FreePalette_REAL (boo#1135806)
       * CVE-2019-12221: a SEGV caused by SDL_image in SDL function SDL_free_REAL
         in stdlib/SDL_malloc.c (boo#1135796)
       * CVE-2019-12222: out-of-bounds read triggered by SDL_image in the
         function SDL_InvalidateMap at video/SDL_pixels.c (boo#1136101)
       * CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file
       This update was imported from the openSUSE:Leap:15.0:Update update project.
    Patch Instructions:
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
       Alternatively you can run the command listed for your product:
       - openSUSE Backports SLE-15-SP1:
          zypper in -t patch openSUSE-2019-2108=1
       - openSUSE Backports SLE-15:
          zypper in -t patch openSUSE-2019-2108=1
    Package List:
       - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
       - openSUSE Backports SLE-15-SP1 (aarch64_ilp32):
       - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):
       - openSUSE Backports SLE-15 (aarch64_ilp32):

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"15","type":"x","order":"1","pct":53.57,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"9","type":"x","order":"3","pct":32.14,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.