SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1866

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1866

Security update for SDL2

Type: security

Severity: moderate

Issued: 2020-07-07

Description:

This update for SDL2 fixes the following issues:

Security issues fixed:

- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c (bsc#1141844).
- CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (bsc#1142031).

References

CVE: CVE-2019-13626
CVE: CVE-2019-13616
Bugzilla: 1142031 VUL-0: CVE-2019-13626: SDL2: integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c leads to heap-based buffer over-read in Fill_IMA_ADPCM_block
Bugzilla: 1141844 VUL-1: CVE-2019-13616: SDL,SDL2: through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

Packages

SDL2-2.0.8-3.15.1