SDL2-devel-2.28.5-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13582 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z SDL2-devel-2.28.5-2.1 on GA media These are all security issues fixed in the SDL2-devel-2.28.5-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13582 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13582 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2019-7572/ SUSE CVE CVE-2019-7572 page https://www.suse.com/security/cve/CVE-2019-7573/ SUSE CVE CVE-2019-7573 page https://www.suse.com/security/cve/CVE-2019-7574/ SUSE CVE CVE-2019-7574 page https://www.suse.com/security/cve/CVE-2019-7575/ SUSE CVE CVE-2019-7575 page https://www.suse.com/security/cve/CVE-2019-7577/ SUSE CVE CVE-2019-7577 page https://www.suse.com/security/cve/CVE-2019-7578/ SUSE CVE CVE-2019-7578 page https://www.suse.com/security/cve/CVE-2019-7636/ SUSE CVE CVE-2019-7636 page https://www.suse.com/security/cve/CVE-2019-7637/ SUSE CVE CVE-2019-7637 page https://www.suse.com/security/cve/CVE-2020-14409/ SUSE CVE CVE-2020-14409 page https://www.suse.com/security/cve/CVE-2020-14410/ SUSE CVE CVE-2020-14410 page https://www.suse.com/security/cve/CVE-2021-33657/ SUSE CVE CVE-2021-33657 page https://www.suse.com/security/cve/CVE-2022-4743/ SUSE CVE CVE-2022-4743 page openSUSE Tumbleweed SDL2-devel-2.28.5-2.1 SDL2-devel-32bit-2.28.5-2.1 libSDL2-2_0-0-2.28.5-2.1 libSDL2-2_0-0-32bit-2.28.5-2.1 SDL2-devel-2.28.5-2.1 as a component of openSUSE Tumbleweed SDL2-devel-32bit-2.28.5-2.1 as a component of openSUSE Tumbleweed libSDL2-2_0-0-2.28.5-2.1 as a component of openSUSE Tumbleweed libSDL2-2_0-0-32bit-2.28.5-2.1 as a component of openSUSE Tumbleweed SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. CVE-2019-7572 openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1 openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7572.html CVE-2019-7572 https://bugzilla.suse.com/1124806 SUSE Bug 1124806 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). CVE-2019-7573 openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1 openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7573.html CVE-2019-7573 https://bugzilla.suse.com/1124805 SUSE Bug 1124805 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. CVE-2019-7574 openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1 openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7574.html CVE-2019-7574 https://bugzilla.suse.com/1124803 SUSE Bug 1124803 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. CVE-2019-7575 openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1 openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7575.html CVE-2019-7575 https://bugzilla.suse.com/1124802 SUSE Bug 1124802 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. CVE-2019-7577 openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1 openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7577.html CVE-2019-7577 https://bugzilla.suse.com/1124800 SUSE Bug 1124800 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. CVE-2019-7578 openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1 openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7578.html CVE-2019-7578 https://bugzilla.suse.com/1125099 SUSE Bug 1125099 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. CVE-2019-7636 openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1 openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7636.html CVE-2019-7636 https://bugzilla.suse.com/1124826 SUSE Bug 1124826 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. CVE-2019-7637 openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1 openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7637.html CVE-2019-7637 https://bugzilla.suse.com/1124825 SUSE Bug 1124825 https://bugzilla.suse.com/1134135 SUSE Bug 1134135 SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. CVE-2020-14409 openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1 openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14409.html CVE-2020-14409 https://bugzilla.suse.com/1181202 SUSE Bug 1181202 https://bugzilla.suse.com/1200204 SUSE Bug 1200204 SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. CVE-2020-14410 openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1 openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14410.html CVE-2020-14410 https://bugzilla.suse.com/1181201 SUSE Bug 1181201 https://bugzilla.suse.com/1200204 SUSE Bug 1200204 There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. CVE-2021-33657 openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1 openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-33657.html CVE-2021-33657 https://bugzilla.suse.com/1198001 SUSE Bug 1198001 https://bugzilla.suse.com/1199105 SUSE Bug 1199105 https://bugzilla.suse.com/1200204 SUSE Bug 1200204 A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. CVE-2022-4743 openSUSE Tumbleweed:SDL2-devel-2.28.5-2.1 openSUSE Tumbleweed:SDL2-devel-32bit-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-2.28.5-2.1 openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.28.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4743.html CVE-2022-4743 https://bugzilla.suse.com/1206727 SUSE Bug 1206727