Bug 1141844 - (CVE-2019-13616) VUL-1: CVE-2019-13616: SDL,SDL2: through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
(CVE-2019-13616)
VUL-1: CVE-2019-13616: SDL,SDL2: through 1.2.15 and 2.x through 2.0.9 has a h...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/237332/
maint:released:sle10-sp3:64353 CVSSv3...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-17 11:52 UTC by Wolfgang Frisch
Modified: 2022-03-01 16:17 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-07-17 11:52:18 UTC
CVE-2019-13616

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a
heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from
SDL_SoftBlit in video/SDL_blit.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13616
http://www.cvedetails.com/cve/CVE-2019-13616/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616
https://bugzilla.libsdl.org/show_bug.cgi?id=4538
Comment 2 Swamp Workflow Management 2019-08-23 12:00:07 UTC
This is an autogenerated message for OBS integration:
This bug (1141844) was mentioned in
https://build.opensuse.org/request/show/725547 15.0 / SDL2
https://build.opensuse.org/request/show/725548 15.1 / SDL2
Comment 3 Swamp Workflow Management 2019-08-23 14:20:08 UTC
This is an autogenerated message for OBS integration:
This bug (1141844) was mentioned in
https://build.opensuse.org/request/show/725587 15.0 / SDL_image
https://build.opensuse.org/request/show/725588 15.1 / SDL_image
Comment 4 Swamp Workflow Management 2019-08-23 15:50:24 UTC
This is an autogenerated message for OBS integration:
This bug (1141844) was mentioned in
https://build.opensuse.org/request/show/725636 Factory / SDL2_image
https://build.opensuse.org/request/show/725637 15.0 / SDL2_image
https://build.opensuse.org/request/show/725638 15.1 / SDL2_image
Comment 8 Swamp Workflow Management 2019-09-05 13:13:54 UTC
openSUSE-SU-2019:2070-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1135787,1135789,1135796,1135806,1136101,1140419,1140421,1141844,1143763,1143764,1143766,1143768
CVE References: CVE-2019-12217,CVE-2019-12218,CVE-2019-12220,CVE-2019-12221,CVE-2019-12222,CVE-2019-13616,CVE-2019-5051,CVE-2019-5052,CVE-2019-5057,CVE-2019-5058,CVE-2019-5059,CVE-2019-5060
Sources used:
openSUSE Leap 15.1 (src):    SDL2_image-2.0.5-lp151.2.5.1
openSUSE Leap 15.0 (src):    SDL2_image-2.0.5-lp150.9.1
Comment 9 Swamp Workflow Management 2019-09-05 13:19:04 UTC
openSUSE-SU-2019:2071-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1124827,1140421,1141844,1143763,1143764,1143766,1143768
CVE References: CVE-2019-13616,CVE-2019-5052,CVE-2019-5057,CVE-2019-5058,CVE-2019-5059,CVE-2019-5060,CVE-2019-7635
Sources used:
openSUSE Leap 15.1 (src):    SDL_image-1.2.12+hg695-lp151.3.3.1
openSUSE Leap 15.0 (src):    SDL_image-1.2.12+hg695-lp150.2.3.1
Comment 10 Swamp Workflow Management 2019-09-06 13:08:11 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2019-09-20.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64352
Comment 11 Swamp Workflow Management 2019-09-10 19:13:09 UTC
openSUSE-SU-2019:2108-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1135787,1135789,1135796,1135806,1136101,1140419,1140421,1141844,1143763,1143764,1143766,1143768
CVE References: CVE-2019-12217,CVE-2019-12218,CVE-2019-12220,CVE-2019-12221,CVE-2019-12222,CVE-2019-13616,CVE-2019-5051,CVE-2019-5052,CVE-2019-5057,CVE-2019-5058,CVE-2019-5059,CVE-2019-5060
Sources used:
openSUSE Backports SLE-15-SP1 (src):    SDL2_image-2.0.5-bp151.4.3.1
openSUSE Backports SLE-15 (src):    SDL2_image-2.0.5-bp150.3.6.1
Comment 12 Swamp Workflow Management 2019-09-10 19:15:27 UTC
openSUSE-SU-2019:2109-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1124827,1140421,1141844,1143763,1143764,1143766,1143768
CVE References: CVE-2019-13616,CVE-2019-5052,CVE-2019-5057,CVE-2019-5058,CVE-2019-5059,CVE-2019-5060,CVE-2019-7635
Sources used:
openSUSE Backports SLE-15-SP1 (src):    SDL_image-1.2.12+hg695-bp151.4.3.1
openSUSE Backports SLE-15 (src):    SDL_image-1.2.12+hg695-bp150.3.3.1
Comment 13 Swamp Workflow Management 2019-09-25 19:12:41 UTC
SUSE-SU-2019:2463-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1141844,1142031
CVE References: CVE-2019-13616,CVE-2019-13626
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    SDL2-2.0.8-3.15.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    SDL2-2.0.8-3.15.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    SDL2-2.0.8-3.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2019-09-30 22:12:16 UTC
openSUSE-SU-2019:2226-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1141844,1142031
CVE References: CVE-2019-13616,CVE-2019-13626
Sources used:
openSUSE Leap 15.1 (src):    SDL2-2.0.8-lp151.4.6.1
Comment 15 Swamp Workflow Management 2019-09-30 22:14:26 UTC
openSUSE-SU-2019:2224-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1141844,1142031
CVE References: CVE-2019-13616,CVE-2019-13626
Sources used:
openSUSE Leap 15.0 (src):    SDL2-2.0.8-lp150.2.9.1
Comment 16 Swamp Workflow Management 2020-07-07 16:14:44 UTC
SUSE-SU-2019:2463-2: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1141844,1142031
CVE References: CVE-2019-13616,CVE-2019-13626
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src):    SDL2-2.0.8-3.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2020-10-26 14:20:42 UTC
SUSE-SU-2020:3030-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1141844
CVE References: CVE-2019-13616
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    SDL-1.2.15-15.14.2
SUSE Linux Enterprise Server 12-SP5 (src):    SDL-1.2.15-15.14.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2020-11-10 14:19:17 UTC
SUSE-SU-2020:3261-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1141844
CVE References: CVE-2019-13616
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    SDL-1.2.15-3.12.73
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    SDL-1.2.15-3.12.73

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2020-11-14 14:14:35 UTC
openSUSE-SU-2020:1916-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1141844
CVE References: CVE-2019-13616
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    SDL-1.2.15-lp152.5.3.1
Comment 20 Swamp Workflow Management 2020-11-21 14:16:53 UTC
openSUSE-SU-2020:1990-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1141844
CVE References: CVE-2019-13616
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    SDL-1.2.15-lp151.4.3.1
Comment 21 Wolfgang Frisch 2020-12-09 16:28:05 UTC
Released.