Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201909-07 ] Simple DirectMedia Layer: Multiple vulnerabilities
Date: Sun, 08 Sep 2019 17:47:22
Message-Id: 5f5e93e1-d85a-f12d-8975-43212d05b346@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201909-07
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Simple DirectMedia Layer: Multiple vulnerabilities
9 Date: September 08, 2019
10 Bugs: #690064, #692392
11 ID: 201909-07
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Simple DirectMedia Layer,
19 the worst of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Simple DirectMedia Layer is a cross-platform development library
25 designed to provide low level access to audio, keyboard, mouse,
26 joystick, and graphics hardware via OpenGL and Direct3D.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 media-libs/libsdl2 < 2.0.10 >= 2.0.10
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in Simple DirectMedia
40 Layer. Please review the CVE identifiers referenced below for details.
41
42 Impact
43 ======
44
45 A remote attacker could entice a user to process a specially crafted
46 audio or video, possibly resulting in execution of arbitrary code with
47 the privileges of the process or a Denial of Service condition.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All Simple DirectMedia Layer users should upgrade to the latest
58 version:
59
60 # emerge --sync
61 # emerge --ask --oneshot --verbose ">=media-libs/libsdl2-2.0.10"
62
63 References
64 ==========
65
66 [ 1 ] CVE-2019-13626
67 https://nvd.nist.gov/vuln/detail/CVE-2019-13626
68 [ 2 ] CVE-2019-7572
69 https://nvd.nist.gov/vuln/detail/CVE-2019-7572
70 [ 3 ] CVE-2019-7573
71 https://nvd.nist.gov/vuln/detail/CVE-2019-7573
72 [ 4 ] CVE-2019-7574
73 https://nvd.nist.gov/vuln/detail/CVE-2019-7574
74 [ 5 ] CVE-2019-7575
75 https://nvd.nist.gov/vuln/detail/CVE-2019-7575
76 [ 6 ] CVE-2019-7576
77 https://nvd.nist.gov/vuln/detail/CVE-2019-7576
78 [ 7 ] CVE-2019-7577
79 https://nvd.nist.gov/vuln/detail/CVE-2019-7577
80 [ 8 ] CVE-2019-7578
81 https://nvd.nist.gov/vuln/detail/CVE-2019-7578
82 [ 9 ] CVE-2019-7635
83 https://nvd.nist.gov/vuln/detail/CVE-2019-7635
84 [ 10 ] CVE-2019-7636
85 https://nvd.nist.gov/vuln/detail/CVE-2019-7636
86 [ 11 ] CVE-2019-7638
87 https://nvd.nist.gov/vuln/detail/CVE-2019-7638
88
89 Availability
90 ============
91
92 This GLSA and any updates to it are available for viewing at
93 the Gentoo Security Website:
94
95 https://security.gentoo.org/glsa/201909-07
96
97 Concerns?
98 =========
99
100 Security is a primary focus of Gentoo Linux and ensuring the
101 confidentiality and security of our users' machines is of utmost
102 importance to us. Any security concerns should be addressed to
103 security@g.o or alternatively, you may file a bug at
104 https://bugs.gentoo.org.
105
106 License
107 =======
108
109 Copyright 2019 Gentoo Foundation, Inc; referenced text
110 belongs to its owner(s).
111
112 The contents of this document are licensed under the
113 Creative Commons - Attribution / Share Alike license.
114
115 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups