Mageia 2019-0127: SDL12 security update
Summary
This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files. - Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (rhbz#1676510) - Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (rhbz#1676744) - Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (rhbz#1676750) - Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (rhbz#1676754) - Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (rhbz#1676754) - Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM) (rhbz#1676752, rhbz#1676756) - Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (rhbz#1676782) - Fix CVE-2019-7638, CVE-2019-7636 (buffer overflows when processing BMP images with too high number of colors) (rhbz#1677144, rhbz#1677157) - Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch) (rhbz#1677152) - Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel colors out the palette) (rhbz#16...
References
- https://bugs.mageia.org/show_bug.cgi?id=24496
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OHEXXGCOKNICFBDMNVYYDTSDLQ42K5G5/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7572
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7573
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7574
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7575
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7577
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7635
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7637
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7638
Resolution
MGASA-2019-0127 - Updated SDL12 packages fix security vulnerability
SRPMS
- 6/core/SDL12-1.2.15-19.1.mga6
- 6/core/mingw-SDL-1.2.15-8.1.mga6