Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

openSUSE: 2019:2109-1 Moderate: SDL_image Security Update Announcement

opensuse
Calendar Grey September 10, 2019
Dist Opensuse Esm H88
The latest Fedora patch tackles several PNG security issues categorized as moderate. Apply it promptly to mitigate potential threats.
An update that fixes 7 vulnerabilities is now available.

Description

This update for SDL_image fixes the following issues:

Update SDL_Image to new snapshot 1.2.12+hg695.

Security issues fixed:

* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow

vulnerability when loading a PCX file (boo#1140421)

* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX

image-rendering functionality of SDL2_image (boo#1143763)

* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can

lead to code execution (boo#1143764)

* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling

(boo#1143766)

* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image

(boo#1143768)

* CVE-2019-7635: heap-based buffer over-read in Blit1to4 in

video/SDL_blit_1.c (boo#1124827)

* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file

(boo#1141844).

This update was imported from the openSUSE:Leap:15.0:Update update project.

Topics%20covered

Topics Covered

security advisory moderate code execution heap overflow openSUSE SDL_image exploitable integer overflow

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2019-2109=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-2109=1

Package List

- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

SDL_image-debugsource-1.2.12+hg695-bp151.4.3.1

libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1

libSDL_image-1_2-0-debuginfo-1.2.12+hg695-bp151.4.3.1

libSDL_image-devel-1.2.12+hg695-bp151.4.3.1

- openSUSE Backports SLE-15-SP1 (aarch64_ilp32):

libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1

libSDL_image-1_2-0-64bit-debuginfo-1.2.12+hg695-bp151.4.3.1

libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1

- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

libSDL_image-1_2-0-1.2.12+hg695-bp150.3.3.1

libSDL_image-devel-1.2.12+hg695-bp150.3.3.1

- openSUSE Backports SLE-15 (aarch64_ilp32):

libSDL_image-1_2-0-64bit-1.2.12+hg695-bp150.3.3.1

libSDL_image-devel-64bit-1.2.12+hg695-bp150.3.3.1

References

https://www.suse.com/security/cve/CVE-2019-13616.html

https://www.suse.com/security/cve/CVE-2019-5052.html

https://www.suse.com/security/cve/CVE-2019-5057.html

https://www.suse.com/security/cve/CVE-2019-5058.html

https://www.suse.com/security/cve/CVE-2019-5059.html

https://www.suse.com/security/cve/CVE-2019-5060.html

https://www.suse.com/security/cve/CVE-2019-7635.html

https://bugzilla.suse.com/1124827

https://bugzilla.suse.com/1140421

https://bugzilla.suse.com/1141844

https://bugzilla.suse.com/1143763

https://bugzilla.suse.com/1143764

https://bugzilla.suse.com/1143766

https://bugzilla.suse.com/1143768

--

Announcement ID: openSUSE-SU-2019:2109-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15

Topics%20covered

Topics Covered

security advisory moderate code execution heap overflow openSUSE SDL_image exploitable integer overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here