openSUSE: 2019:2108-1: moderate: SDL2_image

    Date10 Sep 2019
    CategoryopenSUSE
    239
    Posted ByLinuxSecurity Advisories
    An update that fixes 12 vulnerabilities is now available.
       openSUSE Security Update: Security update for SDL2_image
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:2108-1
    Rating:             moderate
    References:         #1135787 #1135789 #1135796 #1135806 #1136101 
                        #1140419 #1140421 #1141844 #1143763 #1143764 
                        #1143766 #1143768 
    Cross-References:   CVE-2019-12217 CVE-2019-12218 CVE-2019-12220
                        CVE-2019-12221 CVE-2019-12222 CVE-2019-13616
                        CVE-2019-5051 CVE-2019-5052 CVE-2019-5057
                        CVE-2019-5058 CVE-2019-5059 CVE-2019-5060
                       
    Affected Products:
                        openSUSE Backports SLE-15-SP1
                        openSUSE Backports SLE-15
    ______________________________________________________________________________
    
       An update that fixes 12 vulnerabilities is now available.
    
    Description:
    
       This update for SDL2_image fixes the following issues:
    
       Update to new upstream release 2.0.5.
    
       Security issues fixed:
    
       * TALOS-2019-0820 CVE-2019-5051: exploitable heap-based buffer overflow
         vulnerability when loading a PCX file (boo#1140419)
       * TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow
         vulnerability when loading a PCX file (boo#1140421)
       * TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX
         image-rendering functionality of SDL2_image (boo#1143763)
       * TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can
         lead to code execution (boo#1143764)
       * TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image (boo#1143766)
       * TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image
         (boo#1143768)
    
       Not mentioned by upstream, but issues seemingly further fixed:
    
       * CVE-2019-12218: NULL pointer dereference in the SDL2_image function
         IMG_LoadPCX_RW (boo#1135789)
       * CVE-2019-12217: NULL pointer dereference in the SDL stdio_read function
         (boo#1135787)
       * CVE-2019-12220: SDL_image triggers an out-of-bounds read in the SDL
         function SDL_FreePalette_REAL (boo#1135806)
       * CVE-2019-12221: a SEGV caused by SDL_image in SDL function SDL_free_REAL
         in stdlib/SDL_malloc.c (boo#1135796)
       * CVE-2019-12222: out-of-bounds read triggered by SDL_image in the
         function SDL_InvalidateMap at video/SDL_pixels.c (boo#1136101)
       * CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file
         (boo#1141844).
    
    
    
       This update was imported from the openSUSE:Leap:15.0:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Backports SLE-15-SP1:
    
          zypper in -t patch openSUSE-2019-2108=1
    
       - openSUSE Backports SLE-15:
    
          zypper in -t patch openSUSE-2019-2108=1
    
    
    
    Package List:
    
       - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
    
          SDL2_image-debugsource-2.0.5-bp151.4.3.1
          libSDL2_image-2_0-0-2.0.5-bp151.4.3.1
          libSDL2_image-2_0-0-debuginfo-2.0.5-bp151.4.3.1
          libSDL2_image-devel-2.0.5-bp151.4.3.1
    
       - openSUSE Backports SLE-15-SP1 (aarch64_ilp32):
    
          libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1
          libSDL2_image-2_0-0-64bit-debuginfo-2.0.5-bp151.4.3.1
          libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1
    
       - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):
    
          libSDL2_image-2_0-0-2.0.5-bp150.3.6.1
          libSDL2_image-devel-2.0.5-bp150.3.6.1
    
       - openSUSE Backports SLE-15 (aarch64_ilp32):
    
          libSDL2_image-2_0-0-64bit-2.0.5-bp150.3.6.1
          libSDL2_image-devel-64bit-2.0.5-bp150.3.6.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-12217.html
       https://www.suse.com/security/cve/CVE-2019-12218.html
       https://www.suse.com/security/cve/CVE-2019-12220.html
       https://www.suse.com/security/cve/CVE-2019-12221.html
       https://www.suse.com/security/cve/CVE-2019-12222.html
       https://www.suse.com/security/cve/CVE-2019-13616.html
       https://www.suse.com/security/cve/CVE-2019-5051.html
       https://www.suse.com/security/cve/CVE-2019-5052.html
       https://www.suse.com/security/cve/CVE-2019-5057.html
       https://www.suse.com/security/cve/CVE-2019-5058.html
       https://www.suse.com/security/cve/CVE-2019-5059.html
       https://www.suse.com/security/cve/CVE-2019-5060.html
       https://bugzilla.suse.com/1135787
       https://bugzilla.suse.com/1135789
       https://bugzilla.suse.com/1135796
       https://bugzilla.suse.com/1135806
       https://bugzilla.suse.com/1136101
       https://bugzilla.suse.com/1140419
       https://bugzilla.suse.com/1140421
       https://bugzilla.suse.com/1141844
       https://bugzilla.suse.com/1143763
       https://bugzilla.suse.com/1143764
       https://bugzilla.suse.com/1143766
       https://bugzilla.suse.com/1143768
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"15","type":"x","order":"1","pct":53.57,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"9","type":"x","order":"3","pct":32.14,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.