Mehrere Probleme in SDL2
ID: | SUSE-SU-2019:0950-1 |
Distribution: | SUSE |
Plattformen: | SUSE Linux Enterprise Module for Desktop Applications 15 |
Datum: | Mo, 15. April 2019, 17:06 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7575 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7577 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7576 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7637 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7572 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7636 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7573 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7578 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7574 |
Applikationen: | Simple DirectMedia Layer |
Originalnachricht |
|
SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0950-1 Rating: moderate References: #1124799 #1124800 #1124802 #1124803 #1124805 #1124806 #1124824 #1124825 #1124826 #1124827 #1125099 Cross-References: CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for SDL2 fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-950=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-3.9.1 libSDL2-2_0-0-2.0.8-3.9.1 libSDL2-2_0-0-debuginfo-2.0.8-3.9.1 libSDL2-devel-2.0.8-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-7572.html https://www.suse.com/security/cve/CVE-2019-7573.html https://www.suse.com/security/cve/CVE-2019-7574.html https://www.suse.com/security/cve/CVE-2019-7575.html https://www.suse.com/security/cve/CVE-2019-7576.html https://www.suse.com/security/cve/CVE-2019-7577.html https://www.suse.com/security/cve/CVE-2019-7578.html https://www.suse.com/security/cve/CVE-2019-7635.html https://www.suse.com/security/cve/CVE-2019-7636.html https://www.suse.com/security/cve/CVE-2019-7637.html https://www.suse.com/security/cve/CVE-2019-7638.html https://bugzilla.suse.com/1124799 https://bugzilla.suse.com/1124800 https://bugzilla.suse.com/1124802 https://bugzilla.suse.com/1124803 https://bugzilla.suse.com/1124805 https://bugzilla.suse.com/1124806 https://bugzilla.suse.com/1124824 https://bugzilla.suse.com/1124825 https://bugzilla.suse.com/1124826 https://bugzilla.suse.com/1124827 https://bugzilla.suse.com/1125099 _______________________________________________ sle-security-updates mailing list sle-security-updates@lists.suse.com http://lists.suse.com/mailman/listinfo/sle-security-updates |