godot3-3.5.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12761 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z godot3-3.5.1-1.1 on GA media These are all security issues fixed in the godot3-3.5.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12761 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12761 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-26825/ SUSE CVE CVE-2021-26825 page https://www.suse.com/security/cve/CVE-2021-26826/ SUSE CVE CVE-2021-26826 page openSUSE Tumbleweed godot3-3.5.1-1.1 godot3-bash-completion-3.5.1-1.1 godot3-headless-3.5.1-1.1 godot3-runner-3.5.1-1.1 godot3-server-3.5.1-1.1 godot3-3.5.1-1.1 as a component of openSUSE Tumbleweed godot3-bash-completion-3.5.1-1.1 as a component of openSUSE Tumbleweed godot3-headless-3.5.1-1.1 as a component of openSUSE Tumbleweed godot3-runner-3.5.1-1.1 as a component of openSUSE Tumbleweed godot3-server-3.5.1-1.1 as a component of openSUSE Tumbleweed An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash. CVE-2021-26825 openSUSE Tumbleweed:godot3-3.5.1-1.1 openSUSE Tumbleweed:godot3-bash-completion-3.5.1-1.1 openSUSE Tumbleweed:godot3-headless-3.5.1-1.1 openSUSE Tumbleweed:godot3-runner-3.5.1-1.1 openSUSE Tumbleweed:godot3-server-3.5.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-26825.html CVE-2021-26825 https://bugzilla.suse.com/1182177 SUSE Bug 1182177 https://bugzilla.suse.com/1182178 SUSE Bug 1182178 A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash. CVE-2021-26826 openSUSE Tumbleweed:godot3-3.5.1-1.1 openSUSE Tumbleweed:godot3-bash-completion-3.5.1-1.1 openSUSE Tumbleweed:godot3-headless-3.5.1-1.1 openSUSE Tumbleweed:godot3-runner-3.5.1-1.1 openSUSE Tumbleweed:godot3-server-3.5.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-26826.html CVE-2021-26826 https://bugzilla.suse.com/1182178 SUSE Bug 1182178