drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Simple DirectMedia Layer
Name: |
Ausführen beliebiger Kommandos in Simple DirectMedia Layer |
|
ID: |
USN-5398-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 21.10 |
|
Datum: |
Fr, 29. April 2022, 07:44 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33657 |
|
Applikationen: |
Simple DirectMedia Layer |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============2270358672043727450== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------U0j0gIPbzMYPd11S3HHfLewP"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------U0j0gIPbzMYPd11S3HHfLewP Content-Type: multipart/mixed; boundary="------------CKJZMNeBzBWiPMb5auq6K3Vc"; protected-headers="v1" From: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com> Reply-To: security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <1ca65130-b2c2-4c05-7b49-f8ca19199bdd@canonical.com> Subject: [USN-5398-1] Simple DirectMedia Layer vulnerability
--------------CKJZMNeBzBWiPMb5auq6K3Vc Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5398-1 April 28, 2022
libsdl1.2, libsdl2 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM
Summary:
SDL (Simple DirectMedia Layer) could be made to crash or run programs if it opened a specially crafted file.
Software Description: - libsdl2: Cross-platform multimedia library with low access to hardware - libsdl1.2: Simple DirectMedia Layer
Details:
It was discovered that SDL (Simple DirectMedia Layer) incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libsdl2-2.0-0 2.0.14+dfsg2-3ubuntu0.1
Ubuntu 18.04 LTS: libsdl1.2debian 1.2.15+dfsg2-0.1ubuntu0.2
Ubuntu 16.04 ESM: libsdl1.2debian 1.2.15+dfsg1-3ubuntu0.1+esm1
Ubuntu 14.04 ESM: libsdl1.2debian 1.2.15-8ubuntu1.1+esm2
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5398-1 CVE-2021-33657
Package Information: https://launchpad.net/ubuntu/+source/libsdl2/2.0.14+dfsg2-3ubuntu0.1 https://launchpad.net/ubuntu/+source/libsdl1.2/1.2.15+dfsg2-0.1ubuntu0.2 --------------CKJZMNeBzBWiPMb5auq6K3Vc--
--------------U0j0gIPbzMYPd11S3HHfLewP Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmJrBc4FAwAAAAAACgkQZ0GeRcM5nt2o zQgAnJlCg8cG7gtLB6mbOGHafR4GXIAk0OLfoBBBBoySpCnoX2HEiRWsGMJeVHs+cEXPHWS902sk ATEDhGV8f3qM9ta0ECz0jMK6uOAGH22V8kXmgJRLK1jtbdrsyqyzjuTv1xxZ/1SphUWDCMIvjxfi hlrUt3pbboMktJh+SDOeKIajxbhfNkFd/CiOPi4MxwTs9HMd1Vz4i4JhVwnI2vAcVs0w730o3Jqz I2rgzG6Cmqv6PRpiKzBTIadPX6G6v71eaF5iZuS4V2oQCABKk3YRm3ZZVa0nl4bECwzx/godiOVC O6GOZS6VVjzxIXclfell+Am3s3s73SWmwhBdswk8YQ== =eAUM -----END PGP SIGNATURE-----
--------------U0j0gIPbzMYPd11S3HHfLewP--
--===============2270358672043727450== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============2270358672043727450==--
|
|
|
|