You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa SDL

Sigurnosni nedostaci programskog paketa SDL

——————————————————————————–
Fedora Update Notification
FEDORA-2019-6092f8c0dc
2019-03-02 01:20:05.967657
——————————————————————————–

Name : SDL
Product : Fedora 28
Version : 1.2.15
Release : 31.fc28
URL : http://www.libsdl.org/
Summary : A cross-platform multimedia library
Description :
Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed
to provide fast access to the graphics frame buffer and audio device.

——————————————————————————–
Update Information:

This release fixes various buffer overflows when parsing or processing damaged
Waveform audio and BMP image files.
——————————————————————————–
ChangeLog:

* Fri Feb 15 2019 Petr Pisar <ppisar@redhat.com> – 1.2.15-31
– Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (bug #1676510)
– Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (bug #1676744)
– Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (bug #1676750)
– Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (bug #1676754)
– Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (bug #1676754)
– Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM)
(bugs #1676752, #1676756)
– Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (bug #1676782)
– Fix CVE-2019-7638, CVE-2019-7636 (buffer overflows when processing BMP
images with too high number of colors) (bugs #1677144, #1677157)
– Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch) (bug #1677152)
– Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel
colors out the palette) (bug #1677159)
– Reject 2, 3, 5, 6, 7-bpp BMP images (bug #1677159)
——————————————————————————–
References:

[ 1 ] Bug #1676509 – CVE-2019-7577 SDL: Buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c
https://bugzilla.redhat.com/show_bug.cgi?id=1676509
[ 2 ] Bug #1676743 – CVE-2019-7575 SDL: Heap based buffer overflow in function MS_ADPCM_decode in audio/SDL_wave.c
https://bugzilla.redhat.com/show_bug.cgi?id=1676743
[ 3 ] Bug #1676749 – CVE-2019-7574 SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c
https://bugzilla.redhat.com/show_bug.cgi?id=1676749
[ 4 ] Bug #1676753 – CVE-2019-7572 SDL: Buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c
https://bugzilla.redhat.com/show_bug.cgi?id=1676753
[ 5 ] Bug #1676751 – CVE-2019-7573 SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
https://bugzilla.redhat.com/show_bug.cgi?id=1676751
[ 6 ] Bug #1676755 – CVE-2019-7576 SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
https://bugzilla.redhat.com/show_bug.cgi?id=1676755
[ 7 ] Bug #1676781 – CVE-2019-7578 SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c
https://bugzilla.redhat.com/show_bug.cgi?id=1676781
[ 8 ] Bug #1677143 – CVE-2019-7638 SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c
https://bugzilla.redhat.com/show_bug.cgi?id=1677143
[ 9 ] Bug #1677156 – CVE-2019-7636 SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c
https://bugzilla.redhat.com/show_bug.cgi?id=1677156
[ 10 ] Bug #1677151 – CVE-2019-7637 SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c
https://bugzilla.redhat.com/show_bug.cgi?id=1677151
[ 11 ] Bug #1677158 – CVE-2019-7635 SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c
https://bugzilla.redhat.com/show_bug.cgi?id=1677158
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-6092f8c0dc’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libexif

Otkriven je sigurnosni nedostatak programske biblioteke libexif za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuju izazivanje DoS stanja. Savjetuje...

Close