Updated sdl2 packages fix security vulnerabilities
Publication date: 06 Sep 2019Modification date: 06 Sep 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2010-13616 , CVE-2019-7572 , CVE-2019-7573 , CVE-2019-7574 , CVE-2019-7575 , CVE-2019-7576 , CVE-2019-7577 , CVE-2019-7578 , CVE-2019-7635 , CVE-2019-7636 , CVE-2019-7637 , CVE-2019-7638
Description
Updated sdl2 packages fix security vulnerabilities
This release fixes various buffer overflows when parsing or processing
damaged Waveform audio and BMP image files.
- Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (rhbz#1676754)
- Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (rhbz#1676754)
- Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM)
(rhbz#1676752, rhbz#1676756)
- Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (rhbz#1676750)
- Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (rhbz#1676744)
- Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (rhbz#1676510)
- Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (rhbz#1676782)
- Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel
colors out the palette) (rhbz#1677159)
- Fix CVE-2019-7636, CVE-2019-7638 (buffer overflows when processing BMP
images with too high number of colors) (rhbz#1677144, rhbz#1677157)
- Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch)
(rhbz#1677152)
- Reject 2, 3, 5, 6, 7-bpp BMP images (rhbz#1677159)
- Fix CVE-2010-13616 (heap-based buffer over-read in BlitNtoN in
video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c)
The 2.0.10 release also provides various features and bug fixes.
References
- https://bugs.mageia.org/show_bug.cgi?id=24497
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OHEXXGCOKNICFBDMNVYYDTSDLQ42K5G5/
- https://security-tracker.debian.org/tracker/CVE-2019-13616
- https://hg.libsdl.org/SDL/file/bc90ce38f1e2/WhatsNew.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-13616
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7572
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7573
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7574
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7575
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7576
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7577
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7578
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7635
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7636
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7637
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7638
SRPMS
7/core
- sdl2-2.0.10-1.mga7
- mingw-SDL2-2.0.10-1.mga7
6/core
- sdl2-2.0.10-1.mga6
- mingw-SDL2-2.0.10-1.mga6