openSUSE: 2019:2109-1: moderate: SDL_image

    Date10 Sep 2019
    CategoryopenSUSE
    245
    Posted ByLinuxSecurity Advisories
    An update that fixes 7 vulnerabilities is now available.
       openSUSE Security Update: Security update for SDL_image
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:2109-1
    Rating:             moderate
    References:         #1124827 #1140421 #1141844 #1143763 #1143764 
                        #1143766 #1143768 
    Cross-References:   CVE-2019-13616 CVE-2019-5052 CVE-2019-5057
                        CVE-2019-5058 CVE-2019-5059 CVE-2019-5060
                        CVE-2019-7635
    Affected Products:
                        openSUSE Backports SLE-15-SP1
                        openSUSE Backports SLE-15
    ______________________________________________________________________________
    
       An update that fixes 7 vulnerabilities is now available.
    
    Description:
    
       This update for SDL_image fixes the following issues:
    
       Update SDL_Image to new snapshot 1.2.12+hg695.
    
       Security issues fixed:
    
       * TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow
         vulnerability when loading a PCX file (boo#1140421)
       * TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX
         image-rendering functionality of SDL2_image (boo#1143763)
       * TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can
         lead to code execution (boo#1143764)
       * TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling
         (boo#1143766)
       * TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image
         (boo#1143768)
       * CVE-2019-7635: heap-based buffer over-read in Blit1to4 in
         video/SDL_blit_1.c (boo#1124827)
       * CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file
         (boo#1141844).
    
       This update was imported from the openSUSE:Leap:15.0:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Backports SLE-15-SP1:
    
          zypper in -t patch openSUSE-2019-2109=1
    
       - openSUSE Backports SLE-15:
    
          zypper in -t patch openSUSE-2019-2109=1
    
    
    
    Package List:
    
       - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
    
          SDL_image-debugsource-1.2.12+hg695-bp151.4.3.1
          libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1
          libSDL_image-1_2-0-debuginfo-1.2.12+hg695-bp151.4.3.1
          libSDL_image-devel-1.2.12+hg695-bp151.4.3.1
    
       - openSUSE Backports SLE-15-SP1 (aarch64_ilp32):
    
          libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1
          libSDL_image-1_2-0-64bit-debuginfo-1.2.12+hg695-bp151.4.3.1
          libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1
    
       - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):
    
          libSDL_image-1_2-0-1.2.12+hg695-bp150.3.3.1
          libSDL_image-devel-1.2.12+hg695-bp150.3.3.1
    
       - openSUSE Backports SLE-15 (aarch64_ilp32):
    
          libSDL_image-1_2-0-64bit-1.2.12+hg695-bp150.3.3.1
          libSDL_image-devel-64bit-1.2.12+hg695-bp150.3.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-13616.html
       https://www.suse.com/security/cve/CVE-2019-5052.html
       https://www.suse.com/security/cve/CVE-2019-5057.html
       https://www.suse.com/security/cve/CVE-2019-5058.html
       https://www.suse.com/security/cve/CVE-2019-5059.html
       https://www.suse.com/security/cve/CVE-2019-5060.html
       https://www.suse.com/security/cve/CVE-2019-7635.html
       https://bugzilla.suse.com/1124827
       https://bugzilla.suse.com/1140421
       https://bugzilla.suse.com/1141844
       https://bugzilla.suse.com/1143763
       https://bugzilla.suse.com/1143764
       https://bugzilla.suse.com/1143766
       https://bugzilla.suse.com/1143768
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"15","type":"x","order":"1","pct":53.57,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"9","type":"x","order":"3","pct":32.14,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.