Bug 24496 - SDL12 new security issues CVE-2019-757[2-8] and CVE-2019-763[5-8]
Summary: SDL12 new security issues CVE-2019-757[2-8] and CVE-2019-763[5-8]
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA6-32-OK MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2019-03-12 15:36 CET by David Walser
Modified: 2019-04-05 20:14 CEST (History)
5 users (show)

See Also:
Source RPM: SDL12-1.2.15-22.mga7.src.rpm, mingw-SDL
Status comment: Patches available from Fedora


Description David Walser 2019-03-12 15:36:17 CET
Fedora has issued an advisory on February 26:

Mageia 6 is also affected.
David Walser 2019-03-12 15:36:30 CET

Status comment: (none) => Patches available from Fedora
Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2019-03-14 15:55:37 CET
Assigning to our registered SDL12  maintainer.

Assignee: bugsquad => shlomif
CC: (none) => marja11

Rémi Verschelde 2019-03-16 20:49:24 CET

Source RPM: SDL12-1.2.15-22.mga7.src.rpm => SDL12-1.2.15-22.mga7.src.rpm, mingw-SDL

Rémi Verschelde 2019-03-29 11:10:52 CET

Assignee: shlomif => rverschelde

Comment 3 Rémi Verschelde 2019-03-29 11:45:25 CET
Fixed in Cauldron with SDL12-1.2.15-23.mga7 and mingw-SDL-1.2.15-10.mga7.
Update candidate for Mageia 6 below:


  This release fixes various buffer overflows when parsing or processing damaged
  Waveform audio and BMP image files.

  - Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (rhbz#1676510)
  - Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (rhbz#1676744)
  - Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (rhbz#1676750)
  - Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (rhbz#1676754)
  - Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (rhbz#1676754)
  - Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM)
    (rhbz#1676752, rhbz#1676756)
  - Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (rhbz#1676782)
  - Fix CVE-2019-7638, CVE-2019-7636 (buffer overflows when processing BMP images
    with too high number of colors) (rhbz#1677144, rhbz#1677157)
  - Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch) (rhbz#1677152)
  - Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel
    colors out the palette) (rhbz#1677159)
  - Reject 2, 3, 5, 6, 7-bpp BMP images (rhbz#1677159)

 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OHEXXGCOKNICFBDMNVYYDTSDLQ42K5G5/

RPMs in core/updates_testing:



SRPMs in core/updates_testing:


Assignee: rverschelde => qa-bugs
Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 4 Herman Viaene 2019-04-02 11:19:09 CEST
MGA6-32 MATE on IBM Thinpad R50e
No installation issues
I do not have specfic HW as per bug 11800, however there are a lot of dependencies on libSDL1.2_0 listed as result of 
# urpmq --whatrequires libSDL1.2_0

I picked pinball and run
$ strace -o libSDL.txt pinball and loaded a the tux table and launched a ball.
checked the trace file and found ref to libSDL-1.2.so.0
Good for me.

Whiteboard: (none) => MGA6-32-OK
CC: (none) => herman.viaene

Comment 5 Thomas Andrews 2019-04-03 03:28:57 CEST
Following Herman's lead, I installed pinball and played a game, then installed the lib64SDL update and played some more. I tried the Gnu and Professor tables, got a higher score with each game.

Good fun - reminded me of the pinball games I played back in my Atari 8-bit/ST days.

No installation issues, no regressions noted. OKing for 64-bit and validating. Suggested advisory in Comment 3.

Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2019-04-04 15:17:19 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 6 Mageia Robot 2019-04-05 20:14:17 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.