USN-4143-1: SDL 2.0 vulnerabilities
30 September 2019
SDL 2.0 could be made to crash or run programs as your login if it opened a specially crafted file.
Releases
Packages
- libsdl2 - Simple DirectMedia Layer: cross-platform development library providing access to low level media interfaces
Details
It was discovered that SDL 2.0 mishandled crafted image files resulting in an
integer overflow. If a user were tricked into opening a malicious file, SDL
2.0 could be caused to crash or potentially run arbitrary code.
(CVE-2017-2888)
It was discovered that SDL 2.0 mishandled crafted image files. If a user were
tricked into opening a malicious file, SDL 2.0 could be caused to crash or
potentially run arbitrary code.
(CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04
Ubuntu 18.04
Ubuntu 16.04
In general, a standard system update will make all the necessary changes.
Related notices
- USN-4156-2: libsdl1.2debian, libsdl1.2, libsdl1.2-dev
- USN-4156-1: libsdl1.2debian, libsdl1.2, libsdl1.2-dev
- USN-4238-1: libsdl-image1.2, libsdl-image1.2-dev, sdl-image1.2