libSDL-1_2-0-1.2.15-22.13 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10606-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libSDL-1_2-0-1.2.15-22.13 on GA media These are all security issues fixed in the libSDL-1_2-0-1.2.15-22.13 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10606 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2019-13616/ SUSE CVE CVE-2019-13616 page https://www.suse.com/security/cve/CVE-2019-7572/ SUSE CVE CVE-2019-7572 page https://www.suse.com/security/cve/CVE-2019-7573/ SUSE CVE CVE-2019-7573 page https://www.suse.com/security/cve/CVE-2019-7574/ SUSE CVE CVE-2019-7574 page https://www.suse.com/security/cve/CVE-2019-7575/ SUSE CVE CVE-2019-7575 page https://www.suse.com/security/cve/CVE-2019-7577/ SUSE CVE CVE-2019-7577 page https://www.suse.com/security/cve/CVE-2019-7578/ SUSE CVE CVE-2019-7578 page https://www.suse.com/security/cve/CVE-2019-7635/ SUSE CVE CVE-2019-7635 page https://www.suse.com/security/cve/CVE-2019-7636/ SUSE CVE CVE-2019-7636 page https://www.suse.com/security/cve/CVE-2019-7637/ SUSE CVE CVE-2019-7637 page https://www.suse.com/security/cve/CVE-2019-7638/ SUSE CVE CVE-2019-7638 page openSUSE Tumbleweed libSDL-1_2-0-1.2.15-22.13 libSDL-1_2-0-32bit-1.2.15-22.13 libSDL-devel-1.2.15-22.13 libSDL-devel-32bit-1.2.15-22.13 libSDL-1_2-0-1.2.15-22.13 as a component of openSUSE Tumbleweed libSDL-1_2-0-32bit-1.2.15-22.13 as a component of openSUSE Tumbleweed libSDL-devel-1.2.15-22.13 as a component of openSUSE Tumbleweed libSDL-devel-32bit-1.2.15-22.13 as a component of openSUSE Tumbleweed SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. CVE-2019-13616 openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13 openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13616.html CVE-2019-13616 https://bugzilla.suse.com/1141844 SUSE Bug 1141844 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. CVE-2019-7572 openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13 openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7572.html CVE-2019-7572 https://bugzilla.suse.com/1124806 SUSE Bug 1124806 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). CVE-2019-7573 openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13 openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7573.html CVE-2019-7573 https://bugzilla.suse.com/1124805 SUSE Bug 1124805 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. CVE-2019-7574 openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13 openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7574.html CVE-2019-7574 https://bugzilla.suse.com/1124803 SUSE Bug 1124803 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. CVE-2019-7575 openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13 openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7575.html CVE-2019-7575 https://bugzilla.suse.com/1124802 SUSE Bug 1124802 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. CVE-2019-7577 openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13 openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7577.html CVE-2019-7577 https://bugzilla.suse.com/1124800 SUSE Bug 1124800 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. CVE-2019-7578 openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13 openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7578.html CVE-2019-7578 https://bugzilla.suse.com/1125099 SUSE Bug 1125099 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. CVE-2019-7635 openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13 openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7635.html CVE-2019-7635 https://bugzilla.suse.com/1124827 SUSE Bug 1124827 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. CVE-2019-7636 openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13 openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7636.html CVE-2019-7636 https://bugzilla.suse.com/1124826 SUSE Bug 1124826 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. CVE-2019-7637 openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13 openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7637.html CVE-2019-7637 https://bugzilla.suse.com/1124825 SUSE Bug 1124825 https://bugzilla.suse.com/1134135 SUSE Bug 1134135 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. CVE-2019-7638 openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13 openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13 openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7638.html CVE-2019-7638 https://bugzilla.suse.com/1124824 SUSE Bug 1124824