Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-13616 (GCVE-0-2019-13616)
Vulnerability from cvelistv5 – Published: 2019-07-16 00:00 – Updated: 2024-08-04 23:57
VLAI?
EPSS
Summary
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538"
},
{
"name": "openSUSE-SU-2019:2070",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"name": "openSUSE-SU-2019:2071",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"name": "FEDORA-2019-e08f78d4a6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/"
},
{
"name": "FEDORA-2019-446ca9f695",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/"
},
{
"name": "openSUSE-SU-2019:2109",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
},
{
"name": "openSUSE-SU-2019:2108",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
},
{
"name": "openSUSE-SU-2019:2226",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html"
},
{
"name": "openSUSE-SU-2019:2224",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html"
},
{
"name": "FEDORA-2019-8ef33a69ca",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/"
},
{
"name": "USN-4156-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"name": "USN-4156-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4156-2/"
},
{
"name": "RHSA-2019:3951",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3951"
},
{
"name": "RHSA-2019:3950",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3950"
},
{
"name": "USN-4238-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4238-1/"
},
{
"name": "RHSA-2020:0293",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0293"
},
{
"name": "FEDORA-2020-ff2fe47ba4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/"
},
{
"name": "FEDORA-2020-24652fe41c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"name": "GLSA-202305-17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538"
},
{
"name": "openSUSE-SU-2019:2070",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"name": "openSUSE-SU-2019:2071",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"name": "FEDORA-2019-e08f78d4a6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/"
},
{
"name": "FEDORA-2019-446ca9f695",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/"
},
{
"name": "openSUSE-SU-2019:2109",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
},
{
"name": "openSUSE-SU-2019:2108",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
},
{
"name": "openSUSE-SU-2019:2226",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html"
},
{
"name": "openSUSE-SU-2019:2224",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html"
},
{
"name": "FEDORA-2019-8ef33a69ca",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/"
},
{
"name": "USN-4156-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"name": "USN-4156-2",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4156-2/"
},
{
"name": "RHSA-2019:3951",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3951"
},
{
"name": "RHSA-2019:3950",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3950"
},
{
"name": "USN-4238-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4238-1/"
},
{
"name": "RHSA-2020:0293",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0293"
},
{
"name": "FEDORA-2020-ff2fe47ba4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/"
},
{
"name": "FEDORA-2020-24652fe41c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"name": "GLSA-202305-17",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-17"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13616",
"datePublished": "2019-07-16T00:00:00.000Z",
"dateReserved": "2019-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:57:39.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.2.15\", \"matchCriteriaId\": \"1987484C-BB76-4554-B040-1A8D2C90F0AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndIncluding\": \"2.0.9\", \"matchCriteriaId\": \"85C1FFE9-9495-4484-9D25-590ECE49482B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"40513095-7E6E-46B3-B604-C926F1BA3568\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D100F7CE-FC64-4CC6-852A-6136D72DA419\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"815D70A8-47D3-459C-A32C-9FEACA0659D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83737173-E12E-4641-BC49-0BD84A6B29D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92BC9265-6959-4D37-BE5E-8C45E98992F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7431ABC1-9252-419E-8CC1-311B41360078\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.\"}, {\"lang\": \"es\", \"value\": \"hasta 2.0.9, presenta una lectura excesiva del b\\u00fafer en la regi\\u00f3n heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c.\"}]",
"id": "CVE-2019-13616",
"lastModified": "2024-11-21T04:25:22.080",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:P\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-07-16T17:15:12.657",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3950\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3951\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0293\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.libsdl.org/show_bug.cgi?id=4538\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202305-17\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/4156-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4156-2/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4238-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3950\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3951\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0293\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.libsdl.org/show_bug.cgi?id=4538\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202305-17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/4156-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4156-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4238-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-13616\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-07-16T17:15:12.657\",\"lastModified\":\"2024-11-21T04:25:22.080\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.\"},{\"lang\":\"es\",\"value\":\"hasta 2.0.9, presenta una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.15\",\"matchCriteriaId\":\"1987484C-BB76-4554-B040-1A8D2C90F0AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.0.9\",\"matchCriteriaId\":\"85C1FFE9-9495-4484-9D25-590ECE49482B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40513095-7E6E-46B3-B604-C926F1BA3568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83737173-E12E-4641-BC49-0BD84A6B29D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BC9265-6959-4D37-BE5E-8C45E98992F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7431ABC1-9252-419E-8CC1-311B41360078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3950\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3951\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0293\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.libsdl.org/show_bug.cgi?id=4538\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202305-17\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4156-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4156-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4238-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3951\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0293\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.libsdl.org/show_bug.cgi?id=4538\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202305-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4156-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4156-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4238-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
OPENSUSE-SU-2025:15205-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00Summary
SDL-1.2.15-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: SDL-1.2.15-1.1 on GA media
Description of the patch: These are all security issues fixed in the SDL-1.2.15-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15205
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SDL-1.2.15-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the SDL-1.2.15-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15205",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15205-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7572 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7573 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7574 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7575 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7635 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7636 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7637 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7638 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33657 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33657/"
}
],
"title": "SDL-1.2.15-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15205-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "SDL-1.2.15-1.1.aarch64",
"product": {
"name": "SDL-1.2.15-1.1.aarch64",
"product_id": "SDL-1.2.15-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-1.2.15-1.1.ppc64le",
"product": {
"name": "SDL-1.2.15-1.1.ppc64le",
"product_id": "SDL-1.2.15-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-1.2.15-1.1.s390x",
"product": {
"name": "SDL-1.2.15-1.1.s390x",
"product_id": "SDL-1.2.15-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-1.2.15-1.1.x86_64",
"product": {
"name": "SDL-1.2.15-1.1.x86_64",
"product_id": "SDL-1.2.15-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-1.2.15-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64"
},
"product_reference": "SDL-1.2.15-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-1.2.15-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le"
},
"product_reference": "SDL-1.2.15-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-1.2.15-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x"
},
"product_reference": "SDL-1.2.15-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-1.2.15-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
},
"product_reference": "SDL-1.2.15-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-7572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7572"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7572",
"url": "https://www.suse.com/security/cve/CVE-2019-7572"
},
{
"category": "external",
"summary": "SUSE Bug 1124806 for CVE-2019-7572",
"url": "https://bugzilla.suse.com/1124806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7572"
},
{
"cve": "CVE-2019-7573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7573"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7573",
"url": "https://www.suse.com/security/cve/CVE-2019-7573"
},
{
"category": "external",
"summary": "SUSE Bug 1124805 for CVE-2019-7573",
"url": "https://bugzilla.suse.com/1124805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7573"
},
{
"cve": "CVE-2019-7574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7574"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7574",
"url": "https://www.suse.com/security/cve/CVE-2019-7574"
},
{
"category": "external",
"summary": "SUSE Bug 1124803 for CVE-2019-7574",
"url": "https://bugzilla.suse.com/1124803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7574"
},
{
"cve": "CVE-2019-7575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7575"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7575",
"url": "https://www.suse.com/security/cve/CVE-2019-7575"
},
{
"category": "external",
"summary": "SUSE Bug 1124802 for CVE-2019-7575",
"url": "https://bugzilla.suse.com/1124802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7575"
},
{
"cve": "CVE-2019-7577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7577"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7577",
"url": "https://www.suse.com/security/cve/CVE-2019-7577"
},
{
"category": "external",
"summary": "SUSE Bug 1124800 for CVE-2019-7577",
"url": "https://bugzilla.suse.com/1124800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7577"
},
{
"cve": "CVE-2019-7578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7578"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7578",
"url": "https://www.suse.com/security/cve/CVE-2019-7578"
},
{
"category": "external",
"summary": "SUSE Bug 1125099 for CVE-2019-7578",
"url": "https://bugzilla.suse.com/1125099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7578"
},
{
"cve": "CVE-2019-7635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7635"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7635",
"url": "https://www.suse.com/security/cve/CVE-2019-7635"
},
{
"category": "external",
"summary": "SUSE Bug 1124827 for CVE-2019-7635",
"url": "https://bugzilla.suse.com/1124827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7635"
},
{
"cve": "CVE-2019-7636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7636"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7636",
"url": "https://www.suse.com/security/cve/CVE-2019-7636"
},
{
"category": "external",
"summary": "SUSE Bug 1124826 for CVE-2019-7636",
"url": "https://bugzilla.suse.com/1124826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7636"
},
{
"cve": "CVE-2019-7637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7637"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7637",
"url": "https://www.suse.com/security/cve/CVE-2019-7637"
},
{
"category": "external",
"summary": "SUSE Bug 1124825 for CVE-2019-7637",
"url": "https://bugzilla.suse.com/1124825"
},
{
"category": "external",
"summary": "SUSE Bug 1134135 for CVE-2019-7637",
"url": "https://bugzilla.suse.com/1134135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7637"
},
{
"cve": "CVE-2019-7638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7638"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7638",
"url": "https://www.suse.com/security/cve/CVE-2019-7638"
},
{
"category": "external",
"summary": "SUSE Bug 1124824 for CVE-2019-7638",
"url": "https://bugzilla.suse.com/1124824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7638"
},
{
"cve": "CVE-2021-33657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33657"
}
],
"notes": [
{
"category": "general",
"text": "There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33657",
"url": "https://www.suse.com/security/cve/CVE-2021-33657"
},
{
"category": "external",
"summary": "SUSE Bug 1198001 for CVE-2021-33657",
"url": "https://bugzilla.suse.com/1198001"
},
{
"category": "external",
"summary": "SUSE Bug 1199105 for CVE-2021-33657",
"url": "https://bugzilla.suse.com/1199105"
},
{
"category": "external",
"summary": "SUSE Bug 1200204 for CVE-2021-33657",
"url": "https://bugzilla.suse.com/1200204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:SDL-1.2.15-1.1.aarch64",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.ppc64le",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.s390x",
"openSUSE Tumbleweed:SDL-1.2.15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33657"
}
]
}
OPENSUSE-SU-2019:2109-1
Vulnerability from csaf_opensuse - Published: 2019-09-10 14:20 - Updated: 2019-09-10 14:20Summary
Security update for SDL_image
Severity
Moderate
Notes
Title of the patch: Security update for SDL_image
Description of the patch: This update for SDL_image fixes the following issues:
Update SDL_Image to new snapshot 1.2.12+hg695.
Security issues fixed:
* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)
* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)
* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)
* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling (boo#1143766)
* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)
* CVE-2019-7635: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (boo#1124827)
* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patchnames: openSUSE-2019-2109
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL_image",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL_image fixes the following issues:\n\nUpdate SDL_Image to new snapshot 1.2.12+hg695.\n\nSecurity issues fixed:\n\n* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)\n* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)\n* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)\n* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling (boo#1143766)\n* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)\n* CVE-2019-7635: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (boo#1124827)\n* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2109",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2109-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2109-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LT2L2SUT2SJMJ23HFEUSMEN3PCAFI5LM/#LT2L2SUT2SJMJ23HFEUSMEN3PCAFI5LM"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2109-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LT2L2SUT2SJMJ23HFEUSMEN3PCAFI5LM/#LT2L2SUT2SJMJ23HFEUSMEN3PCAFI5LM"
},
{
"category": "self",
"summary": "SUSE Bug 1124827",
"url": "https://bugzilla.suse.com/1124827"
},
{
"category": "self",
"summary": "SUSE Bug 1140421",
"url": "https://bugzilla.suse.com/1140421"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE Bug 1143763",
"url": "https://bugzilla.suse.com/1143763"
},
{
"category": "self",
"summary": "SUSE Bug 1143764",
"url": "https://bugzilla.suse.com/1143764"
},
{
"category": "self",
"summary": "SUSE Bug 1143766",
"url": "https://bugzilla.suse.com/1143766"
},
{
"category": "self",
"summary": "SUSE Bug 1143768",
"url": "https://bugzilla.suse.com/1143768"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5052 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5057 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5058 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5059 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5060 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7635 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7635/"
}
],
"title": "Security update for SDL_image",
"tracking": {
"current_release_date": "2019-09-10T14:20:33Z",
"generator": {
"date": "2019-09-10T14:20:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2109-1",
"initial_release_date": "2019-09-10T14:20:33Z",
"revision_history": [
{
"date": "2019-09-10T14:20:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"product_id": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"product": {
"name": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"product_id": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"product": {
"name": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"product_id": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"product_id": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"product_id": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"product_id": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
},
"product_reference": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
},
"product_reference": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
},
"product_reference": "libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
},
"product_reference": "libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-5052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5052"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5052",
"url": "https://www.suse.com/security/cve/CVE-2019-5052"
},
{
"category": "external",
"summary": "SUSE Bug 1140421 for CVE-2019-5052",
"url": "https://bugzilla.suse.com/1140421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-5052"
},
{
"cve": "CVE-2019-5057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5057"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5057",
"url": "https://www.suse.com/security/cve/CVE-2019-5057"
},
{
"category": "external",
"summary": "SUSE Bug 1143763 for CVE-2019-5057",
"url": "https://bugzilla.suse.com/1143763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-5057"
},
{
"cve": "CVE-2019-5058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5058"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5058",
"url": "https://www.suse.com/security/cve/CVE-2019-5058"
},
{
"category": "external",
"summary": "SUSE Bug 1143764 for CVE-2019-5058",
"url": "https://bugzilla.suse.com/1143764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-5058"
},
{
"cve": "CVE-2019-5059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5059"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5059",
"url": "https://www.suse.com/security/cve/CVE-2019-5059"
},
{
"category": "external",
"summary": "SUSE Bug 1143766 for CVE-2019-5059",
"url": "https://bugzilla.suse.com/1143766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-5059"
},
{
"cve": "CVE-2019-5060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5060"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5060",
"url": "https://www.suse.com/security/cve/CVE-2019-5060"
},
{
"category": "external",
"summary": "SUSE Bug 1143768 for CVE-2019-5060",
"url": "https://bugzilla.suse.com/1143768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "important"
}
],
"title": "CVE-2019-5060"
},
{
"cve": "CVE-2019-7635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7635"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7635",
"url": "https://www.suse.com/security/cve/CVE-2019-7635"
},
{
"category": "external",
"summary": "SUSE Bug 1124827 for CVE-2019-7635",
"url": "https://bugzilla.suse.com/1124827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-1_2-0-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-1_2-0-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL_image-devel-1.2.12+hg695-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL_image-devel-64bit-1.2.12+hg695-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-7635"
}
]
}
OPENSUSE-SU-2020:1916-1
Vulnerability from csaf_opensuse - Published: 2020-11-14 09:26 - Updated: 2020-11-14 09:26Summary
Security update for SDL
Severity
Moderate
Notes
Title of the patch: Security update for SDL
Description of the patch: This update for SDL fixes the following issues:
Security issue fixed:
- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2020-1916
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1916",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1916-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1916-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KFAVEMB6RSGK626NYU5HGZQL46KEPIB5/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1916-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KFAVEMB6RSGK626NYU5HGZQL46KEPIB5/"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
}
],
"title": "Security update for SDL",
"tracking": {
"current_release_date": "2020-11-14T09:26:36Z",
"generator": {
"date": "2020-11-14T09:26:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1916-1",
"initial_release_date": "2020-11-14T09:26:36Z",
"revision_history": [
{
"date": "2020-11-14T09:26:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-lp152.5.3.1.i586",
"product": {
"name": "libSDL-1_2-0-1.2.15-lp152.5.3.1.i586",
"product_id": "libSDL-1_2-0-1.2.15-lp152.5.3.1.i586"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-lp152.5.3.1.i586",
"product": {
"name": "libSDL-devel-1.2.15-lp152.5.3.1.i586",
"product_id": "libSDL-devel-1.2.15-lp152.5.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-lp152.5.3.1.x86_64",
"product": {
"name": "libSDL-1_2-0-1.2.15-lp152.5.3.1.x86_64",
"product_id": "libSDL-1_2-0-1.2.15-lp152.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-1_2-0-32bit-1.2.15-lp152.5.3.1.x86_64",
"product": {
"name": "libSDL-1_2-0-32bit-1.2.15-lp152.5.3.1.x86_64",
"product_id": "libSDL-1_2-0-32bit-1.2.15-lp152.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-lp152.5.3.1.x86_64",
"product": {
"name": "libSDL-devel-1.2.15-lp152.5.3.1.x86_64",
"product_id": "libSDL-devel-1.2.15-lp152.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-32bit-1.2.15-lp152.5.3.1.x86_64",
"product": {
"name": "libSDL-devel-32bit-1.2.15-lp152.5.3.1.x86_64",
"product_id": "libSDL-devel-32bit-1.2.15-lp152.5.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-lp152.5.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libSDL-1_2-0-1.2.15-lp152.5.3.1.i586"
},
"product_reference": "libSDL-1_2-0-1.2.15-lp152.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-lp152.5.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libSDL-1_2-0-1.2.15-lp152.5.3.1.x86_64"
},
"product_reference": "libSDL-1_2-0-1.2.15-lp152.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-32bit-1.2.15-lp152.5.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libSDL-1_2-0-32bit-1.2.15-lp152.5.3.1.x86_64"
},
"product_reference": "libSDL-1_2-0-32bit-1.2.15-lp152.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-lp152.5.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libSDL-devel-1.2.15-lp152.5.3.1.i586"
},
"product_reference": "libSDL-devel-1.2.15-lp152.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-lp152.5.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libSDL-devel-1.2.15-lp152.5.3.1.x86_64"
},
"product_reference": "libSDL-devel-1.2.15-lp152.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-32bit-1.2.15-lp152.5.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libSDL-devel-32bit-1.2.15-lp152.5.3.1.x86_64"
},
"product_reference": "libSDL-devel-32bit-1.2.15-lp152.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:libSDL-1_2-0-1.2.15-lp152.5.3.1.i586",
"openSUSE Leap 15.2:libSDL-1_2-0-1.2.15-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:libSDL-1_2-0-32bit-1.2.15-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:libSDL-devel-1.2.15-lp152.5.3.1.i586",
"openSUSE Leap 15.2:libSDL-devel-1.2.15-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:libSDL-devel-32bit-1.2.15-lp152.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:libSDL-1_2-0-1.2.15-lp152.5.3.1.i586",
"openSUSE Leap 15.2:libSDL-1_2-0-1.2.15-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:libSDL-1_2-0-32bit-1.2.15-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:libSDL-devel-1.2.15-lp152.5.3.1.i586",
"openSUSE Leap 15.2:libSDL-devel-1.2.15-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:libSDL-devel-32bit-1.2.15-lp152.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.2:libSDL-1_2-0-1.2.15-lp152.5.3.1.i586",
"openSUSE Leap 15.2:libSDL-1_2-0-1.2.15-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:libSDL-1_2-0-32bit-1.2.15-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:libSDL-devel-1.2.15-lp152.5.3.1.i586",
"openSUSE Leap 15.2:libSDL-devel-1.2.15-lp152.5.3.1.x86_64",
"openSUSE Leap 15.2:libSDL-devel-32bit-1.2.15-lp152.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-14T09:26:36Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
}
]
}
OPENSUSE-SU-2024:10607-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libSDL2-2_0-0-2.0.16-2.3 on GA media
Severity
Moderate
Notes
Title of the patch: libSDL2-2_0-0-2.0.16-2.3 on GA media
Description of the patch: These are all security issues fixed in the libSDL2-2_0-0-2.0.16-2.3 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10607
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libSDL2-2_0-0-2.0.16-2.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libSDL2-2_0-0-2.0.16-2.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10607",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10607-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2888 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13626 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13626/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7635 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7638 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7638/"
}
],
"title": "libSDL2-2_0-0-2.0.16-2.3 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10607-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.16-2.3.aarch64",
"product": {
"name": "libSDL2-2_0-0-2.0.16-2.3.aarch64",
"product_id": "libSDL2-2_0-0-2.0.16-2.3.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"product": {
"name": "libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"product_id": "libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.16-2.3.aarch64",
"product": {
"name": "libSDL2-devel-2.0.16-2.3.aarch64",
"product_id": "libSDL2-devel-2.0.16-2.3.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"product": {
"name": "libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"product_id": "libSDL2-devel-32bit-2.0.16-2.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"product": {
"name": "libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"product_id": "libSDL2-2_0-0-2.0.16-2.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"product": {
"name": "libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"product_id": "libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.16-2.3.ppc64le",
"product": {
"name": "libSDL2-devel-2.0.16-2.3.ppc64le",
"product_id": "libSDL2-devel-2.0.16-2.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"product": {
"name": "libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"product_id": "libSDL2-devel-32bit-2.0.16-2.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.16-2.3.s390x",
"product": {
"name": "libSDL2-2_0-0-2.0.16-2.3.s390x",
"product_id": "libSDL2-2_0-0-2.0.16-2.3.s390x"
}
},
{
"category": "product_version",
"name": "libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"product": {
"name": "libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"product_id": "libSDL2-2_0-0-32bit-2.0.16-2.3.s390x"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.16-2.3.s390x",
"product": {
"name": "libSDL2-devel-2.0.16-2.3.s390x",
"product_id": "libSDL2-devel-2.0.16-2.3.s390x"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-32bit-2.0.16-2.3.s390x",
"product": {
"name": "libSDL2-devel-32bit-2.0.16-2.3.s390x",
"product_id": "libSDL2-devel-32bit-2.0.16-2.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.16-2.3.x86_64",
"product": {
"name": "libSDL2-2_0-0-2.0.16-2.3.x86_64",
"product_id": "libSDL2-2_0-0-2.0.16-2.3.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"product": {
"name": "libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"product_id": "libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.16-2.3.x86_64",
"product": {
"name": "libSDL2-devel-2.0.16-2.3.x86_64",
"product_id": "libSDL2-devel-2.0.16-2.3.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-32bit-2.0.16-2.3.x86_64",
"product": {
"name": "libSDL2-devel-32bit-2.0.16-2.3.x86_64",
"product_id": "libSDL2-devel-32bit-2.0.16-2.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.16-2.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64"
},
"product_reference": "libSDL2-2_0-0-2.0.16-2.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.16-2.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le"
},
"product_reference": "libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.16-2.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x"
},
"product_reference": "libSDL2-2_0-0-2.0.16-2.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.16-2.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64"
},
"product_reference": "libSDL2-2_0-0-2.0.16-2.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64"
},
"product_reference": "libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le"
},
"product_reference": "libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-32bit-2.0.16-2.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x"
},
"product_reference": "libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64"
},
"product_reference": "libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.16-2.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64"
},
"product_reference": "libSDL2-devel-2.0.16-2.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.16-2.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le"
},
"product_reference": "libSDL2-devel-2.0.16-2.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.16-2.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x"
},
"product_reference": "libSDL2-devel-2.0.16-2.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.16-2.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64"
},
"product_reference": "libSDL2-devel-2.0.16-2.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-32bit-2.0.16-2.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64"
},
"product_reference": "libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-32bit-2.0.16-2.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le"
},
"product_reference": "libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-32bit-2.0.16-2.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x"
},
"product_reference": "libSDL2-devel-32bit-2.0.16-2.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-32bit-2.0.16-2.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
},
"product_reference": "libSDL2-devel-32bit-2.0.16-2.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-2888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2888"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2888",
"url": "https://www.suse.com/security/cve/CVE-2017-2888"
},
{
"category": "external",
"summary": "SUSE Bug 1062777 for CVE-2017-2888",
"url": "https://bugzilla.suse.com/1062777"
},
{
"category": "external",
"summary": "SUSE Bug 1062784 for CVE-2017-2888",
"url": "https://bugzilla.suse.com/1062784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-2888"
},
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-13626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13626"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13626",
"url": "https://www.suse.com/security/cve/CVE-2019-13626"
},
{
"category": "external",
"summary": "SUSE Bug 1142031 for CVE-2019-13626",
"url": "https://bugzilla.suse.com/1142031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-13626"
},
{
"cve": "CVE-2019-7635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7635"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7635",
"url": "https://www.suse.com/security/cve/CVE-2019-7635"
},
{
"category": "external",
"summary": "SUSE Bug 1124827 for CVE-2019-7635",
"url": "https://bugzilla.suse.com/1124827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7635"
},
{
"cve": "CVE-2019-7638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7638"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7638",
"url": "https://www.suse.com/security/cve/CVE-2019-7638"
},
{
"category": "external",
"summary": "SUSE Bug 1124824 for CVE-2019-7638",
"url": "https://bugzilla.suse.com/1124824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
"openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7638"
}
]
}
OPENSUSE-SU-2020:1990-1
Vulnerability from csaf_opensuse - Published: 2020-11-21 09:23 - Updated: 2020-11-21 09:23Summary
Security update for SDL
Severity
Moderate
Notes
Title of the patch: Security update for SDL
Description of the patch: This update for SDL fixes the following issues:
Security issue fixed:
- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2020-1990
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1990",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1990-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1990-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BGSHRLXRLM6QT7N73JKYMSATV36M64Q6/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1990-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BGSHRLXRLM6QT7N73JKYMSATV36M64Q6/"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
}
],
"title": "Security update for SDL",
"tracking": {
"current_release_date": "2020-11-21T09:23:50Z",
"generator": {
"date": "2020-11-21T09:23:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1990-1",
"initial_release_date": "2020-11-21T09:23:50Z",
"revision_history": [
{
"date": "2020-11-21T09:23:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-lp151.4.3.1.i586",
"product": {
"name": "libSDL-1_2-0-1.2.15-lp151.4.3.1.i586",
"product_id": "libSDL-1_2-0-1.2.15-lp151.4.3.1.i586"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-lp151.4.3.1.i586",
"product": {
"name": "libSDL-devel-1.2.15-lp151.4.3.1.i586",
"product_id": "libSDL-devel-1.2.15-lp151.4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-lp151.4.3.1.x86_64",
"product": {
"name": "libSDL-1_2-0-1.2.15-lp151.4.3.1.x86_64",
"product_id": "libSDL-1_2-0-1.2.15-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-1_2-0-32bit-1.2.15-lp151.4.3.1.x86_64",
"product": {
"name": "libSDL-1_2-0-32bit-1.2.15-lp151.4.3.1.x86_64",
"product_id": "libSDL-1_2-0-32bit-1.2.15-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-lp151.4.3.1.x86_64",
"product": {
"name": "libSDL-devel-1.2.15-lp151.4.3.1.x86_64",
"product_id": "libSDL-devel-1.2.15-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-32bit-1.2.15-lp151.4.3.1.x86_64",
"product": {
"name": "libSDL-devel-32bit-1.2.15-lp151.4.3.1.x86_64",
"product_id": "libSDL-devel-32bit-1.2.15-lp151.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-lp151.4.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL-1_2-0-1.2.15-lp151.4.3.1.i586"
},
"product_reference": "libSDL-1_2-0-1.2.15-lp151.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL-1_2-0-1.2.15-lp151.4.3.1.x86_64"
},
"product_reference": "libSDL-1_2-0-1.2.15-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-32bit-1.2.15-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL-1_2-0-32bit-1.2.15-lp151.4.3.1.x86_64"
},
"product_reference": "libSDL-1_2-0-32bit-1.2.15-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-lp151.4.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL-devel-1.2.15-lp151.4.3.1.i586"
},
"product_reference": "libSDL-devel-1.2.15-lp151.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL-devel-1.2.15-lp151.4.3.1.x86_64"
},
"product_reference": "libSDL-devel-1.2.15-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-32bit-1.2.15-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL-devel-32bit-1.2.15-lp151.4.3.1.x86_64"
},
"product_reference": "libSDL-devel-32bit-1.2.15-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libSDL-1_2-0-1.2.15-lp151.4.3.1.i586",
"openSUSE Leap 15.1:libSDL-1_2-0-1.2.15-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libSDL-1_2-0-32bit-1.2.15-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libSDL-devel-1.2.15-lp151.4.3.1.i586",
"openSUSE Leap 15.1:libSDL-devel-1.2.15-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libSDL-devel-32bit-1.2.15-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libSDL-1_2-0-1.2.15-lp151.4.3.1.i586",
"openSUSE Leap 15.1:libSDL-1_2-0-1.2.15-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libSDL-1_2-0-32bit-1.2.15-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libSDL-devel-1.2.15-lp151.4.3.1.i586",
"openSUSE Leap 15.1:libSDL-devel-1.2.15-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libSDL-devel-32bit-1.2.15-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libSDL-1_2-0-1.2.15-lp151.4.3.1.i586",
"openSUSE Leap 15.1:libSDL-1_2-0-1.2.15-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libSDL-1_2-0-32bit-1.2.15-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libSDL-devel-1.2.15-lp151.4.3.1.i586",
"openSUSE Leap 15.1:libSDL-devel-1.2.15-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libSDL-devel-32bit-1.2.15-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-21T09:23:50Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
}
]
}
OPENSUSE-SU-2024:10609-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libSDL_image-1_2-0-1.2.12+hg695-1.12 on GA media
Severity
Moderate
Notes
Title of the patch: libSDL_image-1_2-0-1.2.12+hg695-1.12 on GA media
Description of the patch: These are all security issues fixed in the libSDL_image-1_2-0-1.2.12+hg695-1.12 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10609
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libSDL_image-1_2-0-1.2.12+hg695-1.12 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libSDL_image-1_2-0-1.2.12+hg695-1.12 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10609",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10609-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5052 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5057 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5058 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5059 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5060 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7635 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7635/"
}
],
"title": "libSDL_image-1_2-0-1.2.12+hg695-1.12 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10609-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"product": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"product_id": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"product_id": "libSDL_image-devel-1.2.12+hg695-1.12.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"product": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"product_id": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"product": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"product_id": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"product_id": "libSDL_image-devel-1.2.12+hg695-1.12.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"product": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"product_id": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x"
}
},
{
"category": "product_version",
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"product": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"product_id": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"product_id": "libSDL_image-devel-1.2.12+hg695-1.12.s390x"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"product": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"product_id": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"product": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"product_id": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"product_id": "libSDL_image-devel-1.2.12+hg695-1.12.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64",
"product": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64",
"product_id": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64"
},
"product_reference": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le"
},
"product_reference": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x"
},
"product_reference": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64"
},
"product_reference": "libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-1.12.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-1.12.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-1.12.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-1.12.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64"
},
"product_reference": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le"
},
"product_reference": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x"
},
"product_reference": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
},
"product_reference": "libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-5052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5052"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5052",
"url": "https://www.suse.com/security/cve/CVE-2019-5052"
},
{
"category": "external",
"summary": "SUSE Bug 1140421 for CVE-2019-5052",
"url": "https://bugzilla.suse.com/1140421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5052"
},
{
"cve": "CVE-2019-5057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5057"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5057",
"url": "https://www.suse.com/security/cve/CVE-2019-5057"
},
{
"category": "external",
"summary": "SUSE Bug 1143763 for CVE-2019-5057",
"url": "https://bugzilla.suse.com/1143763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5057"
},
{
"cve": "CVE-2019-5058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5058"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5058",
"url": "https://www.suse.com/security/cve/CVE-2019-5058"
},
{
"category": "external",
"summary": "SUSE Bug 1143764 for CVE-2019-5058",
"url": "https://bugzilla.suse.com/1143764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5058"
},
{
"cve": "CVE-2019-5059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5059"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5059",
"url": "https://www.suse.com/security/cve/CVE-2019-5059"
},
{
"category": "external",
"summary": "SUSE Bug 1143766 for CVE-2019-5059",
"url": "https://bugzilla.suse.com/1143766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5059"
},
{
"cve": "CVE-2019-5060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5060"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5060",
"url": "https://www.suse.com/security/cve/CVE-2019-5060"
},
{
"category": "external",
"summary": "SUSE Bug 1143768 for CVE-2019-5060",
"url": "https://bugzilla.suse.com/1143768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-5060"
},
{
"cve": "CVE-2019-7635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7635"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7635",
"url": "https://www.suse.com/security/cve/CVE-2019-7635"
},
{
"category": "external",
"summary": "SUSE Bug 1124827 for CVE-2019-7635",
"url": "https://bugzilla.suse.com/1124827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-1_2-0-32bit-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-1.2.12+hg695-1.12.x86_64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.aarch64",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.ppc64le",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.s390x",
"openSUSE Tumbleweed:libSDL_image-devel-32bit-1.2.12+hg695-1.12.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7635"
}
]
}
OPENSUSE-SU-2019:2224-1
Vulnerability from csaf_opensuse - Published: 2019-09-30 16:21 - Updated: 2019-09-30 16:21Summary
Security update for SDL2
Severity
Moderate
Notes
Title of the patch: Security update for SDL2
Description of the patch: This update for SDL2 fixes the following issues:
Security issues fixed:
- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c (bsc#1141844).
- CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (bsc#1142031).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2224
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c (bsc#1141844).\n- CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (bsc#1142031).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2224",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2224-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2224-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L5YO2SMMKMNOUCDJA5YX7FDHQRWWPZYC/#L5YO2SMMKMNOUCDJA5YX7FDHQRWWPZYC"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2224-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L5YO2SMMKMNOUCDJA5YX7FDHQRWWPZYC/#L5YO2SMMKMNOUCDJA5YX7FDHQRWWPZYC"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE Bug 1142031",
"url": "https://bugzilla.suse.com/1142031"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13626 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13626/"
}
],
"title": "Security update for SDL2",
"tracking": {
"current_release_date": "2019-09-30T16:21:38Z",
"generator": {
"date": "2019-09-30T16:21:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2224-1",
"initial_release_date": "2019-09-30T16:21:38Z",
"revision_history": [
{
"date": "2019-09-30T16:21:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-lp150.2.9.1.i586",
"product": {
"name": "libSDL2-2_0-0-2.0.8-lp150.2.9.1.i586",
"product_id": "libSDL2-2_0-0-2.0.8-lp150.2.9.1.i586"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-lp150.2.9.1.i586",
"product": {
"name": "libSDL2-devel-2.0.8-lp150.2.9.1.i586",
"product_id": "libSDL2-devel-2.0.8-lp150.2.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-lp150.2.9.1.x86_64",
"product": {
"name": "libSDL2-2_0-0-2.0.8-lp150.2.9.1.x86_64",
"product_id": "libSDL2-2_0-0-2.0.8-lp150.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.9.1.x86_64",
"product": {
"name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.9.1.x86_64",
"product_id": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-lp150.2.9.1.x86_64",
"product": {
"name": "libSDL2-devel-2.0.8-lp150.2.9.1.x86_64",
"product_id": "libSDL2-devel-2.0.8-lp150.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-32bit-2.0.8-lp150.2.9.1.x86_64",
"product": {
"name": "libSDL2-devel-32bit-2.0.8-lp150.2.9.1.x86_64",
"product_id": "libSDL2-devel-32bit-2.0.8-lp150.2.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-lp150.2.9.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.i586"
},
"product_reference": "libSDL2-2_0-0-2.0.8-lp150.2.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-lp150.2.9.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.x86_64"
},
"product_reference": "libSDL2-2_0-0-2.0.8-lp150.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.9.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.9.1.x86_64"
},
"product_reference": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-lp150.2.9.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.i586"
},
"product_reference": "libSDL2-devel-2.0.8-lp150.2.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-lp150.2.9.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.x86_64"
},
"product_reference": "libSDL2-devel-2.0.8-lp150.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-32bit-2.0.8-lp150.2.9.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.9.1.x86_64"
},
"product_reference": "libSDL2-devel-32bit-2.0.8-lp150.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-30T16:21:38Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-13626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13626"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13626",
"url": "https://www.suse.com/security/cve/CVE-2019-13626"
},
{
"category": "external",
"summary": "SUSE Bug 1142031 for CVE-2019-13626",
"url": "https://bugzilla.suse.com/1142031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.i586",
"openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.i586",
"openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.9.1.x86_64",
"openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-30T16:21:38Z",
"details": "moderate"
}
],
"title": "CVE-2019-13626"
}
]
}
OPENSUSE-SU-2024:10606-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libSDL-1_2-0-1.2.15-22.13 on GA media
Severity
Moderate
Notes
Title of the patch: libSDL-1_2-0-1.2.15-22.13 on GA media
Description of the patch: These are all security issues fixed in the libSDL-1_2-0-1.2.15-22.13 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10606
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libSDL-1_2-0-1.2.15-22.13 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libSDL-1_2-0-1.2.15-22.13 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10606",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10606-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7572 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7573 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7574 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7575 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7635 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7636 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7637 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7638 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7638/"
}
],
"title": "libSDL-1_2-0-1.2.15-22.13 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10606-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-22.13.aarch64",
"product": {
"name": "libSDL-1_2-0-1.2.15-22.13.aarch64",
"product_id": "libSDL-1_2-0-1.2.15-22.13.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"product": {
"name": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-22.13.aarch64",
"product": {
"name": "libSDL-devel-1.2.15-22.13.aarch64",
"product_id": "libSDL-devel-1.2.15-22.13.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-32bit-1.2.15-22.13.aarch64",
"product": {
"name": "libSDL-devel-32bit-1.2.15-22.13.aarch64",
"product_id": "libSDL-devel-32bit-1.2.15-22.13.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-22.13.ppc64le",
"product": {
"name": "libSDL-1_2-0-1.2.15-22.13.ppc64le",
"product_id": "libSDL-1_2-0-1.2.15-22.13.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"product": {
"name": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-22.13.ppc64le",
"product": {
"name": "libSDL-devel-1.2.15-22.13.ppc64le",
"product_id": "libSDL-devel-1.2.15-22.13.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"product": {
"name": "libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"product_id": "libSDL-devel-32bit-1.2.15-22.13.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-22.13.s390x",
"product": {
"name": "libSDL-1_2-0-1.2.15-22.13.s390x",
"product_id": "libSDL-1_2-0-1.2.15-22.13.s390x"
}
},
{
"category": "product_version",
"name": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"product": {
"name": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-22.13.s390x",
"product": {
"name": "libSDL-devel-1.2.15-22.13.s390x",
"product_id": "libSDL-devel-1.2.15-22.13.s390x"
}
},
{
"category": "product_version",
"name": "libSDL-devel-32bit-1.2.15-22.13.s390x",
"product": {
"name": "libSDL-devel-32bit-1.2.15-22.13.s390x",
"product_id": "libSDL-devel-32bit-1.2.15-22.13.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-22.13.x86_64",
"product": {
"name": "libSDL-1_2-0-1.2.15-22.13.x86_64",
"product_id": "libSDL-1_2-0-1.2.15-22.13.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"product": {
"name": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-22.13.x86_64",
"product": {
"name": "libSDL-devel-1.2.15-22.13.x86_64",
"product_id": "libSDL-devel-1.2.15-22.13.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-32bit-1.2.15-22.13.x86_64",
"product": {
"name": "libSDL-devel-32bit-1.2.15-22.13.x86_64",
"product_id": "libSDL-devel-32bit-1.2.15-22.13.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64"
},
"product_reference": "libSDL-1_2-0-1.2.15-22.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le"
},
"product_reference": "libSDL-1_2-0-1.2.15-22.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x"
},
"product_reference": "libSDL-1_2-0-1.2.15-22.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64"
},
"product_reference": "libSDL-1_2-0-1.2.15-22.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64"
},
"product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le"
},
"product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x"
},
"product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64"
},
"product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64"
},
"product_reference": "libSDL-devel-1.2.15-22.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le"
},
"product_reference": "libSDL-devel-1.2.15-22.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x"
},
"product_reference": "libSDL-devel-1.2.15-22.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64"
},
"product_reference": "libSDL-devel-1.2.15-22.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-32bit-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64"
},
"product_reference": "libSDL-devel-32bit-1.2.15-22.13.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-32bit-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le"
},
"product_reference": "libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-32bit-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x"
},
"product_reference": "libSDL-devel-32bit-1.2.15-22.13.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-32bit-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
},
"product_reference": "libSDL-devel-32bit-1.2.15-22.13.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-7572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7572"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7572",
"url": "https://www.suse.com/security/cve/CVE-2019-7572"
},
{
"category": "external",
"summary": "SUSE Bug 1124806 for CVE-2019-7572",
"url": "https://bugzilla.suse.com/1124806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-7572"
},
{
"cve": "CVE-2019-7573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7573"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7573",
"url": "https://www.suse.com/security/cve/CVE-2019-7573"
},
{
"category": "external",
"summary": "SUSE Bug 1124805 for CVE-2019-7573",
"url": "https://bugzilla.suse.com/1124805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7573"
},
{
"cve": "CVE-2019-7574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7574"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7574",
"url": "https://www.suse.com/security/cve/CVE-2019-7574"
},
{
"category": "external",
"summary": "SUSE Bug 1124803 for CVE-2019-7574",
"url": "https://bugzilla.suse.com/1124803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7574"
},
{
"cve": "CVE-2019-7575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7575"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7575",
"url": "https://www.suse.com/security/cve/CVE-2019-7575"
},
{
"category": "external",
"summary": "SUSE Bug 1124802 for CVE-2019-7575",
"url": "https://bugzilla.suse.com/1124802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7575"
},
{
"cve": "CVE-2019-7577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7577"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7577",
"url": "https://www.suse.com/security/cve/CVE-2019-7577"
},
{
"category": "external",
"summary": "SUSE Bug 1124800 for CVE-2019-7577",
"url": "https://bugzilla.suse.com/1124800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7577"
},
{
"cve": "CVE-2019-7578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7578"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7578",
"url": "https://www.suse.com/security/cve/CVE-2019-7578"
},
{
"category": "external",
"summary": "SUSE Bug 1125099 for CVE-2019-7578",
"url": "https://bugzilla.suse.com/1125099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7578"
},
{
"cve": "CVE-2019-7635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7635"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7635",
"url": "https://www.suse.com/security/cve/CVE-2019-7635"
},
{
"category": "external",
"summary": "SUSE Bug 1124827 for CVE-2019-7635",
"url": "https://bugzilla.suse.com/1124827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7635"
},
{
"cve": "CVE-2019-7636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7636"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7636",
"url": "https://www.suse.com/security/cve/CVE-2019-7636"
},
{
"category": "external",
"summary": "SUSE Bug 1124826 for CVE-2019-7636",
"url": "https://bugzilla.suse.com/1124826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7636"
},
{
"cve": "CVE-2019-7637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7637"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7637",
"url": "https://www.suse.com/security/cve/CVE-2019-7637"
},
{
"category": "external",
"summary": "SUSE Bug 1124825 for CVE-2019-7637",
"url": "https://bugzilla.suse.com/1124825"
},
{
"category": "external",
"summary": "SUSE Bug 1134135 for CVE-2019-7637",
"url": "https://bugzilla.suse.com/1134135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7637"
},
{
"cve": "CVE-2019-7638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7638"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7638",
"url": "https://www.suse.com/security/cve/CVE-2019-7638"
},
{
"category": "external",
"summary": "SUSE Bug 1124824 for CVE-2019-7638",
"url": "https://bugzilla.suse.com/1124824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
"openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7638"
}
]
}
OPENSUSE-SU-2019:2071-1
Vulnerability from csaf_opensuse - Published: 2019-09-05 08:23 - Updated: 2019-09-05 08:23Summary
Security update for SDL_image
Severity
Moderate
Notes
Title of the patch: Security update for SDL_image
Description of the patch: This update for SDL_image fixes the following issues:
Update SDL_Image to new snapshot 1.2.12+hg695.
Security issues fixed:
* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)
* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)
* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)
* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling (boo#1143766)
* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)
* CVE-2019-7635: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (boo#1124827)
* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).
Patchnames: openSUSE-2019-2071
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL_image",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL_image fixes the following issues:\n\nUpdate SDL_Image to new snapshot 1.2.12+hg695.\n\nSecurity issues fixed:\n\n* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)\n* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)\n* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)\n* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling (boo#1143766)\n* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)\n* CVE-2019-7635: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (boo#1124827)\n* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2071",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2071-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2071-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3QX7GXNBMMTXZSXQVKMIC4P6EVVZNDRA/#3QX7GXNBMMTXZSXQVKMIC4P6EVVZNDRA"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2071-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3QX7GXNBMMTXZSXQVKMIC4P6EVVZNDRA/#3QX7GXNBMMTXZSXQVKMIC4P6EVVZNDRA"
},
{
"category": "self",
"summary": "SUSE Bug 1124827",
"url": "https://bugzilla.suse.com/1124827"
},
{
"category": "self",
"summary": "SUSE Bug 1140421",
"url": "https://bugzilla.suse.com/1140421"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE Bug 1143763",
"url": "https://bugzilla.suse.com/1143763"
},
{
"category": "self",
"summary": "SUSE Bug 1143764",
"url": "https://bugzilla.suse.com/1143764"
},
{
"category": "self",
"summary": "SUSE Bug 1143766",
"url": "https://bugzilla.suse.com/1143766"
},
{
"category": "self",
"summary": "SUSE Bug 1143768",
"url": "https://bugzilla.suse.com/1143768"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5052 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5057 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5058 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5059 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5060 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7635 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7635/"
}
],
"title": "Security update for SDL_image",
"tracking": {
"current_release_date": "2019-09-05T08:23:59Z",
"generator": {
"date": "2019-09-05T08:23:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2071-1",
"initial_release_date": "2019-09-05T08:23:59Z",
"revision_history": [
{
"date": "2019-09-05T08:23:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"product_id": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"product": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"product_id": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"product": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"product_id": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"product": {
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"product_id": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"product": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"product_id": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
},
"product_reference": "libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-5052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5052"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5052",
"url": "https://www.suse.com/security/cve/CVE-2019-5052"
},
{
"category": "external",
"summary": "SUSE Bug 1140421 for CVE-2019-5052",
"url": "https://bugzilla.suse.com/1140421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-5052"
},
{
"cve": "CVE-2019-5057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5057"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5057",
"url": "https://www.suse.com/security/cve/CVE-2019-5057"
},
{
"category": "external",
"summary": "SUSE Bug 1143763 for CVE-2019-5057",
"url": "https://bugzilla.suse.com/1143763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-5057"
},
{
"cve": "CVE-2019-5058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5058"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5058",
"url": "https://www.suse.com/security/cve/CVE-2019-5058"
},
{
"category": "external",
"summary": "SUSE Bug 1143764 for CVE-2019-5058",
"url": "https://bugzilla.suse.com/1143764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-5058"
},
{
"cve": "CVE-2019-5059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5059"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5059",
"url": "https://www.suse.com/security/cve/CVE-2019-5059"
},
{
"category": "external",
"summary": "SUSE Bug 1143766 for CVE-2019-5059",
"url": "https://bugzilla.suse.com/1143766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-5059"
},
{
"cve": "CVE-2019-5060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5060"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5060",
"url": "https://www.suse.com/security/cve/CVE-2019-5060"
},
{
"category": "external",
"summary": "SUSE Bug 1143768 for CVE-2019-5060",
"url": "https://bugzilla.suse.com/1143768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "important"
}
],
"title": "CVE-2019-5060"
},
{
"cve": "CVE-2019-7635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7635"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7635",
"url": "https://www.suse.com/security/cve/CVE-2019-7635"
},
{
"category": "external",
"summary": "SUSE Bug 1124827 for CVE-2019-7635",
"url": "https://bugzilla.suse.com/1124827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.0:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.0:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libSDL_image-devel-1.2.12+hg695-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-7635"
}
]
}
OPENSUSE-SU-2019:2226-1
Vulnerability from csaf_opensuse - Published: 2019-09-30 18:21 - Updated: 2019-09-30 18:21Summary
Security update for SDL2
Severity
Moderate
Notes
Title of the patch: Security update for SDL2
Description of the patch: This update for SDL2 fixes the following issues:
Security issues fixed:
- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c (bsc#1141844).
- CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (bsc#1142031).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2226
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c (bsc#1141844).\n- CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (bsc#1142031).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2226",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2226-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2226-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IQBBVL7NKFQCKXQSXMKBM2TVT7PV2MZZ/#IQBBVL7NKFQCKXQSXMKBM2TVT7PV2MZZ"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2226-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IQBBVL7NKFQCKXQSXMKBM2TVT7PV2MZZ/#IQBBVL7NKFQCKXQSXMKBM2TVT7PV2MZZ"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE Bug 1142031",
"url": "https://bugzilla.suse.com/1142031"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13626 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13626/"
}
],
"title": "Security update for SDL2",
"tracking": {
"current_release_date": "2019-09-30T18:21:43Z",
"generator": {
"date": "2019-09-30T18:21:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2226-1",
"initial_release_date": "2019-09-30T18:21:43Z",
"revision_history": [
{
"date": "2019-09-30T18:21:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-lp151.4.6.1.i586",
"product": {
"name": "libSDL2-2_0-0-2.0.8-lp151.4.6.1.i586",
"product_id": "libSDL2-2_0-0-2.0.8-lp151.4.6.1.i586"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-lp151.4.6.1.i586",
"product": {
"name": "libSDL2-devel-2.0.8-lp151.4.6.1.i586",
"product_id": "libSDL2-devel-2.0.8-lp151.4.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-lp151.4.6.1.x86_64",
"product": {
"name": "libSDL2-2_0-0-2.0.8-lp151.4.6.1.x86_64",
"product_id": "libSDL2-2_0-0-2.0.8-lp151.4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-2_0-0-32bit-2.0.8-lp151.4.6.1.x86_64",
"product": {
"name": "libSDL2-2_0-0-32bit-2.0.8-lp151.4.6.1.x86_64",
"product_id": "libSDL2-2_0-0-32bit-2.0.8-lp151.4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-lp151.4.6.1.x86_64",
"product": {
"name": "libSDL2-devel-2.0.8-lp151.4.6.1.x86_64",
"product_id": "libSDL2-devel-2.0.8-lp151.4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-32bit-2.0.8-lp151.4.6.1.x86_64",
"product": {
"name": "libSDL2-devel-32bit-2.0.8-lp151.4.6.1.x86_64",
"product_id": "libSDL2-devel-32bit-2.0.8-lp151.4.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-lp151.4.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.i586"
},
"product_reference": "libSDL2-2_0-0-2.0.8-lp151.4.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.x86_64"
},
"product_reference": "libSDL2-2_0-0-2.0.8-lp151.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-32bit-2.0.8-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL2-2_0-0-32bit-2.0.8-lp151.4.6.1.x86_64"
},
"product_reference": "libSDL2-2_0-0-32bit-2.0.8-lp151.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-lp151.4.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.i586"
},
"product_reference": "libSDL2-devel-2.0.8-lp151.4.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.x86_64"
},
"product_reference": "libSDL2-devel-2.0.8-lp151.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-32bit-2.0.8-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL2-devel-32bit-2.0.8-lp151.4.6.1.x86_64"
},
"product_reference": "libSDL2-devel-32bit-2.0.8-lp151.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.i586",
"openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-2_0-0-32bit-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.i586",
"openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-devel-32bit-2.0.8-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.i586",
"openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-2_0-0-32bit-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.i586",
"openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-devel-32bit-2.0.8-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.i586",
"openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-2_0-0-32bit-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.i586",
"openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-devel-32bit-2.0.8-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-30T18:21:43Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-13626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13626"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.i586",
"openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-2_0-0-32bit-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.i586",
"openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-devel-32bit-2.0.8-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13626",
"url": "https://www.suse.com/security/cve/CVE-2019-13626"
},
{
"category": "external",
"summary": "SUSE Bug 1142031 for CVE-2019-13626",
"url": "https://bugzilla.suse.com/1142031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.i586",
"openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-2_0-0-32bit-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.i586",
"openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-devel-32bit-2.0.8-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.i586",
"openSUSE Leap 15.1:libSDL2-2_0-0-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-2_0-0-32bit-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.i586",
"openSUSE Leap 15.1:libSDL2-devel-2.0.8-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:libSDL2-devel-32bit-2.0.8-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-30T18:21:43Z",
"details": "moderate"
}
],
"title": "CVE-2019-13626"
}
]
}
OPENSUSE-SU-2019:2108-1
Vulnerability from csaf_opensuse - Published: 2019-09-10 14:20 - Updated: 2019-09-10 14:20Summary
Security update for SDL2_image
Severity
Moderate
Notes
Title of the patch: Security update for SDL2_image
Description of the patch: This update for SDL2_image fixes the following issues:
Update to new upstream release 2.0.5.
Security issues fixed:
* TALOS-2019-0820 CVE-2019-5051: exploitable heap-based buffer overflow vulnerability when loading a PCX file (boo#1140419)
* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)
* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)
* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)
* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image (boo#1143766)
* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)
Not mentioned by upstream, but issues seemingly further fixed:
* CVE-2019-12218: NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW (boo#1135789)
* CVE-2019-12217: NULL pointer dereference in the SDL stdio_read function (boo#1135787)
* CVE-2019-12220: SDL_image triggers an out-of-bounds read in the SDL function SDL_FreePalette_REAL (boo#1135806)
* CVE-2019-12221: a SEGV caused by SDL_image in SDL function SDL_free_REAL in stdlib/SDL_malloc.c (boo#1135796)
* CVE-2019-12222: out-of-bounds read triggered by SDL_image in the function SDL_InvalidateMap at video/SDL_pixels.c (boo#1136101)
* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patchnames: openSUSE-2019-2108
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL2_image",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL2_image fixes the following issues:\n\nUpdate to new upstream release 2.0.5.\n\nSecurity issues fixed:\n\n* TALOS-2019-0820 CVE-2019-5051: exploitable heap-based buffer overflow vulnerability when loading a PCX file (boo#1140419)\n* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)\n* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)\n* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)\n* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image (boo#1143766)\n* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)\n\nNot mentioned by upstream, but issues seemingly further fixed:\n\n* CVE-2019-12218: NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW (boo#1135789)\n* CVE-2019-12217: NULL pointer dereference in the SDL stdio_read function (boo#1135787)\n* CVE-2019-12220: SDL_image triggers an out-of-bounds read in the SDL function SDL_FreePalette_REAL (boo#1135806)\n* CVE-2019-12221: a SEGV caused by SDL_image in SDL function SDL_free_REAL in stdlib/SDL_malloc.c (boo#1135796)\n* CVE-2019-12222: out-of-bounds read triggered by SDL_image in the function SDL_InvalidateMap at video/SDL_pixels.c (boo#1136101)\n* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).\n\n\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2108",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2108-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2108-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L64IV5QDMXKI6JPESXNTCMESEKNUADR2/#L64IV5QDMXKI6JPESXNTCMESEKNUADR2"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2108-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L64IV5QDMXKI6JPESXNTCMESEKNUADR2/#L64IV5QDMXKI6JPESXNTCMESEKNUADR2"
},
{
"category": "self",
"summary": "SUSE Bug 1135787",
"url": "https://bugzilla.suse.com/1135787"
},
{
"category": "self",
"summary": "SUSE Bug 1135789",
"url": "https://bugzilla.suse.com/1135789"
},
{
"category": "self",
"summary": "SUSE Bug 1135796",
"url": "https://bugzilla.suse.com/1135796"
},
{
"category": "self",
"summary": "SUSE Bug 1135806",
"url": "https://bugzilla.suse.com/1135806"
},
{
"category": "self",
"summary": "SUSE Bug 1136101",
"url": "https://bugzilla.suse.com/1136101"
},
{
"category": "self",
"summary": "SUSE Bug 1140419",
"url": "https://bugzilla.suse.com/1140419"
},
{
"category": "self",
"summary": "SUSE Bug 1140421",
"url": "https://bugzilla.suse.com/1140421"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE Bug 1143763",
"url": "https://bugzilla.suse.com/1143763"
},
{
"category": "self",
"summary": "SUSE Bug 1143764",
"url": "https://bugzilla.suse.com/1143764"
},
{
"category": "self",
"summary": "SUSE Bug 1143766",
"url": "https://bugzilla.suse.com/1143766"
},
{
"category": "self",
"summary": "SUSE Bug 1143768",
"url": "https://bugzilla.suse.com/1143768"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12217 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12218 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12220 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12221 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12222 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5051 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5052 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5057 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5058 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5059 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5060 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5060/"
}
],
"title": "Security update for SDL2_image",
"tracking": {
"current_release_date": "2019-09-10T14:20:24Z",
"generator": {
"date": "2019-09-10T14:20:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2108-1",
"initial_release_date": "2019-09-10T14:20:24Z",
"revision_history": [
{
"date": "2019-09-10T14:20:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"product": {
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"product_id": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"product": {
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"product_id": "libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"product": {
"name": "libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"product_id": "libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"product": {
"name": "libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"product_id": "libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"product": {
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"product_id": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"product": {
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"product_id": "libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"product": {
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"product_id": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"product": {
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"product_id": "libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"product": {
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"product_id": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"product": {
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"product_id": "libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
},
"product_reference": "libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64"
},
"product_reference": "libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le"
},
"product_reference": "libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x"
},
"product_reference": "libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64"
},
"product_reference": "libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
},
"product_reference": "libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
},
"product_reference": "libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64"
},
"product_reference": "libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le"
},
"product_reference": "libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x"
},
"product_reference": "libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64"
},
"product_reference": "libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
},
"product_reference": "libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12217"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12217",
"url": "https://www.suse.com/security/cve/CVE-2019-12217"
},
{
"category": "external",
"summary": "SUSE Bug 1135787 for CVE-2019-12217",
"url": "https://bugzilla.suse.com/1135787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2019-12217"
},
{
"cve": "CVE-2019-12218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12218"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12218",
"url": "https://www.suse.com/security/cve/CVE-2019-12218"
},
{
"category": "external",
"summary": "SUSE Bug 1135789 for CVE-2019-12218",
"url": "https://bugzilla.suse.com/1135789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2019-12218"
},
{
"cve": "CVE-2019-12220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12220"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12220",
"url": "https://www.suse.com/security/cve/CVE-2019-12220"
},
{
"category": "external",
"summary": "SUSE Bug 1135806 for CVE-2019-12220",
"url": "https://bugzilla.suse.com/1135806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2019-12220"
},
{
"cve": "CVE-2019-12221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12221"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12221",
"url": "https://www.suse.com/security/cve/CVE-2019-12221"
},
{
"category": "external",
"summary": "SUSE Bug 1135796 for CVE-2019-12221",
"url": "https://bugzilla.suse.com/1135796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2019-12221"
},
{
"cve": "CVE-2019-12222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12222"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12222",
"url": "https://www.suse.com/security/cve/CVE-2019-12222"
},
{
"category": "external",
"summary": "SUSE Bug 1136101 for CVE-2019-12222",
"url": "https://bugzilla.suse.com/1136101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2019-12222"
},
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-5051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5051"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5051",
"url": "https://www.suse.com/security/cve/CVE-2019-5051"
},
{
"category": "external",
"summary": "SUSE Bug 1140419 for CVE-2019-5051",
"url": "https://bugzilla.suse.com/1140419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2019-5051"
},
{
"cve": "CVE-2019-5052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5052"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5052",
"url": "https://www.suse.com/security/cve/CVE-2019-5052"
},
{
"category": "external",
"summary": "SUSE Bug 1140421 for CVE-2019-5052",
"url": "https://bugzilla.suse.com/1140421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2019-5052"
},
{
"cve": "CVE-2019-5057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5057"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5057",
"url": "https://www.suse.com/security/cve/CVE-2019-5057"
},
{
"category": "external",
"summary": "SUSE Bug 1143763 for CVE-2019-5057",
"url": "https://bugzilla.suse.com/1143763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2019-5057"
},
{
"cve": "CVE-2019-5058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5058"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5058",
"url": "https://www.suse.com/security/cve/CVE-2019-5058"
},
{
"category": "external",
"summary": "SUSE Bug 1143764 for CVE-2019-5058",
"url": "https://bugzilla.suse.com/1143764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2019-5058"
},
{
"cve": "CVE-2019-5059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5059"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5059",
"url": "https://www.suse.com/security/cve/CVE-2019-5059"
},
{
"category": "external",
"summary": "SUSE Bug 1143766 for CVE-2019-5059",
"url": "https://bugzilla.suse.com/1143766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2019-5059"
},
{
"cve": "CVE-2019-5060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5060"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5060",
"url": "https://www.suse.com/security/cve/CVE-2019-5060"
},
{
"category": "external",
"summary": "SUSE Bug 1143768 for CVE-2019-5060",
"url": "https://bugzilla.suse.com/1143768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-2_0-0-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-2_0-0-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15:libSDL2_image-devel-2.0.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15:libSDL2_image-devel-64bit-2.0.5-bp151.4.3.1.aarch64_ilp32"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T14:20:24Z",
"details": "important"
}
],
"title": "CVE-2019-5060"
}
]
}
OPENSUSE-SU-2019:2070-1
Vulnerability from csaf_opensuse - Published: 2019-09-05 08:23 - Updated: 2019-09-05 08:23Summary
Security update for SDL2_image
Severity
Moderate
Notes
Title of the patch: Security update for SDL2_image
Description of the patch: This update for SDL2_image fixes the following issues:
Update to new upstream release 2.0.5.
Security issues fixed:
* TALOS-2019-0820 CVE-2019-5051: exploitable heap-based buffer overflow vulnerability when loading a PCX file (boo#1140419)
* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)
* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)
* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)
* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image (boo#1143766)
* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)
Not mentioned by upstream, but issues seemingly further fixed:
* CVE-2019-12218: NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW (boo#1135789)
* CVE-2019-12217: NULL pointer dereference in the SDL stdio_read function (boo#1135787)
* CVE-2019-12220: SDL_image triggers an out-of-bounds read in the SDL function SDL_FreePalette_REAL (boo#1135806)
* CVE-2019-12221: a SEGV caused by SDL_image in SDL function SDL_free_REAL in stdlib/SDL_malloc.c (boo#1135796)
* CVE-2019-12222: out-of-bounds read triggered by SDL_image in the function SDL_InvalidateMap at video/SDL_pixels.c (boo#1136101)
* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).
Patchnames: openSUSE-2019-2070
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL2_image",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL2_image fixes the following issues:\n\nUpdate to new upstream release 2.0.5.\n\nSecurity issues fixed:\n\n* TALOS-2019-0820 CVE-2019-5051: exploitable heap-based buffer overflow vulnerability when loading a PCX file (boo#1140419)\n* TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421)\n* TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763)\n* TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764)\n* TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image (boo#1143766)\n* TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768)\n\nNot mentioned by upstream, but issues seemingly further fixed:\n\n* CVE-2019-12218: NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW (boo#1135789)\n* CVE-2019-12217: NULL pointer dereference in the SDL stdio_read function (boo#1135787)\n* CVE-2019-12220: SDL_image triggers an out-of-bounds read in the SDL function SDL_FreePalette_REAL (boo#1135806)\n* CVE-2019-12221: a SEGV caused by SDL_image in SDL function SDL_free_REAL in stdlib/SDL_malloc.c (boo#1135796)\n* CVE-2019-12222: out-of-bounds read triggered by SDL_image in the function SDL_InvalidateMap at video/SDL_pixels.c (boo#1136101)\n* CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844).\n\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2070",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2070-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2070-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H6CP3W3YJYYFIAMX7CDOYPH65QZMBRGD/#H6CP3W3YJYYFIAMX7CDOYPH65QZMBRGD"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2070-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H6CP3W3YJYYFIAMX7CDOYPH65QZMBRGD/#H6CP3W3YJYYFIAMX7CDOYPH65QZMBRGD"
},
{
"category": "self",
"summary": "SUSE Bug 1135787",
"url": "https://bugzilla.suse.com/1135787"
},
{
"category": "self",
"summary": "SUSE Bug 1135789",
"url": "https://bugzilla.suse.com/1135789"
},
{
"category": "self",
"summary": "SUSE Bug 1135796",
"url": "https://bugzilla.suse.com/1135796"
},
{
"category": "self",
"summary": "SUSE Bug 1135806",
"url": "https://bugzilla.suse.com/1135806"
},
{
"category": "self",
"summary": "SUSE Bug 1136101",
"url": "https://bugzilla.suse.com/1136101"
},
{
"category": "self",
"summary": "SUSE Bug 1140419",
"url": "https://bugzilla.suse.com/1140419"
},
{
"category": "self",
"summary": "SUSE Bug 1140421",
"url": "https://bugzilla.suse.com/1140421"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE Bug 1143763",
"url": "https://bugzilla.suse.com/1143763"
},
{
"category": "self",
"summary": "SUSE Bug 1143764",
"url": "https://bugzilla.suse.com/1143764"
},
{
"category": "self",
"summary": "SUSE Bug 1143766",
"url": "https://bugzilla.suse.com/1143766"
},
{
"category": "self",
"summary": "SUSE Bug 1143768",
"url": "https://bugzilla.suse.com/1143768"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12217 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12218 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12220 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12221 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12222 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5051 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5052 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5057 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5058 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5059 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5060 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5060/"
}
],
"title": "Security update for SDL2_image",
"tracking": {
"current_release_date": "2019-09-05T08:23:48Z",
"generator": {
"date": "2019-09-05T08:23:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2070-1",
"initial_release_date": "2019-09-05T08:23:48Z",
"revision_history": [
{
"date": "2019-09-05T08:23:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"product": {
"name": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"product_id": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"product": {
"name": "libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"product_id": "libSDL2_image-devel-2.0.5-lp151.2.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"product": {
"name": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"product_id": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"product": {
"name": "libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"product_id": "libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"product": {
"name": "libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"product_id": "libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"product": {
"name": "libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"product_id": "libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64"
},
"product_reference": "libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-lp151.2.5.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586"
},
"product_reference": "libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64"
},
"product_reference": "libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
},
"product_reference": "libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64"
},
"product_reference": "libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-lp151.2.5.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586"
},
"product_reference": "libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64"
},
"product_reference": "libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
},
"product_reference": "libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12217"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12217",
"url": "https://www.suse.com/security/cve/CVE-2019-12217"
},
{
"category": "external",
"summary": "SUSE Bug 1135787 for CVE-2019-12217",
"url": "https://bugzilla.suse.com/1135787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-12217"
},
{
"cve": "CVE-2019-12218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12218"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12218",
"url": "https://www.suse.com/security/cve/CVE-2019-12218"
},
{
"category": "external",
"summary": "SUSE Bug 1135789 for CVE-2019-12218",
"url": "https://bugzilla.suse.com/1135789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-12218"
},
{
"cve": "CVE-2019-12220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12220"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12220",
"url": "https://www.suse.com/security/cve/CVE-2019-12220"
},
{
"category": "external",
"summary": "SUSE Bug 1135806 for CVE-2019-12220",
"url": "https://bugzilla.suse.com/1135806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-12220"
},
{
"cve": "CVE-2019-12221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12221"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12221",
"url": "https://www.suse.com/security/cve/CVE-2019-12221"
},
{
"category": "external",
"summary": "SUSE Bug 1135796 for CVE-2019-12221",
"url": "https://bugzilla.suse.com/1135796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-12221"
},
{
"cve": "CVE-2019-12222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12222"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12222",
"url": "https://www.suse.com/security/cve/CVE-2019-12222"
},
{
"category": "external",
"summary": "SUSE Bug 1136101 for CVE-2019-12222",
"url": "https://bugzilla.suse.com/1136101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-12222"
},
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-5051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5051"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5051",
"url": "https://www.suse.com/security/cve/CVE-2019-5051"
},
{
"category": "external",
"summary": "SUSE Bug 1140419 for CVE-2019-5051",
"url": "https://bugzilla.suse.com/1140419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-5051"
},
{
"cve": "CVE-2019-5052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5052"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5052",
"url": "https://www.suse.com/security/cve/CVE-2019-5052"
},
{
"category": "external",
"summary": "SUSE Bug 1140421 for CVE-2019-5052",
"url": "https://bugzilla.suse.com/1140421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-5052"
},
{
"cve": "CVE-2019-5057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5057"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5057",
"url": "https://www.suse.com/security/cve/CVE-2019-5057"
},
{
"category": "external",
"summary": "SUSE Bug 1143763 for CVE-2019-5057",
"url": "https://bugzilla.suse.com/1143763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-5057"
},
{
"cve": "CVE-2019-5058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5058"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5058",
"url": "https://www.suse.com/security/cve/CVE-2019-5058"
},
{
"category": "external",
"summary": "SUSE Bug 1143764 for CVE-2019-5058",
"url": "https://bugzilla.suse.com/1143764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-5058"
},
{
"cve": "CVE-2019-5059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5059"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5059",
"url": "https://www.suse.com/security/cve/CVE-2019-5059"
},
{
"category": "external",
"summary": "SUSE Bug 1143766 for CVE-2019-5059",
"url": "https://bugzilla.suse.com/1143766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:48Z",
"details": "moderate"
}
],
"title": "CVE-2019-5059"
},
{
"cve": "CVE-2019-5060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5060"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5060",
"url": "https://www.suse.com/security/cve/CVE-2019-5060"
},
{
"category": "external",
"summary": "SUSE Bug 1143768 for CVE-2019-5060",
"url": "https://bugzilla.suse.com/1143768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.0:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.0:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.i586",
"openSUSE Leap 15.1:libSDL2_image-devel-2.0.5-lp151.2.5.1.x86_64",
"openSUSE Leap 15.1:libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:23:48Z",
"details": "important"
}
],
"title": "CVE-2019-5060"
}
]
}
OPENSUSE-SU-2025:15206-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00Summary
SDL2-2.32.8-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: SDL2-2.32.8-1.1 on GA media
Description of the patch: These are all security issues fixed in the SDL2-2.32.8-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15206
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SDL2-2.32.8-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the SDL2-2.32.8-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15206",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15206-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2888 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13626 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13626/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7572 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7573 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7574 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7575 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7635 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7636 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7637 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7638 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14409 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14410 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33657 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4743 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4743/"
}
],
"title": "SDL2-2.32.8-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15206-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "SDL2-2.32.8-1.1.aarch64",
"product": {
"name": "SDL2-2.32.8-1.1.aarch64",
"product_id": "SDL2-2.32.8-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL2-2.32.8-1.1.ppc64le",
"product": {
"name": "SDL2-2.32.8-1.1.ppc64le",
"product_id": "SDL2-2.32.8-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL2-2.32.8-1.1.s390x",
"product": {
"name": "SDL2-2.32.8-1.1.s390x",
"product_id": "SDL2-2.32.8-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL2-2.32.8-1.1.x86_64",
"product": {
"name": "SDL2-2.32.8-1.1.x86_64",
"product_id": "SDL2-2.32.8-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL2-2.32.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64"
},
"product_reference": "SDL2-2.32.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL2-2.32.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le"
},
"product_reference": "SDL2-2.32.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL2-2.32.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x"
},
"product_reference": "SDL2-2.32.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL2-2.32.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
},
"product_reference": "SDL2-2.32.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-2888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2888"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2888",
"url": "https://www.suse.com/security/cve/CVE-2017-2888"
},
{
"category": "external",
"summary": "SUSE Bug 1062777 for CVE-2017-2888",
"url": "https://bugzilla.suse.com/1062777"
},
{
"category": "external",
"summary": "SUSE Bug 1062784 for CVE-2017-2888",
"url": "https://bugzilla.suse.com/1062784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-2888"
},
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-13626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13626"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13626",
"url": "https://www.suse.com/security/cve/CVE-2019-13626"
},
{
"category": "external",
"summary": "SUSE Bug 1142031 for CVE-2019-13626",
"url": "https://bugzilla.suse.com/1142031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-13626"
},
{
"cve": "CVE-2019-7572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7572"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7572",
"url": "https://www.suse.com/security/cve/CVE-2019-7572"
},
{
"category": "external",
"summary": "SUSE Bug 1124806 for CVE-2019-7572",
"url": "https://bugzilla.suse.com/1124806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7572"
},
{
"cve": "CVE-2019-7573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7573"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7573",
"url": "https://www.suse.com/security/cve/CVE-2019-7573"
},
{
"category": "external",
"summary": "SUSE Bug 1124805 for CVE-2019-7573",
"url": "https://bugzilla.suse.com/1124805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7573"
},
{
"cve": "CVE-2019-7574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7574"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7574",
"url": "https://www.suse.com/security/cve/CVE-2019-7574"
},
{
"category": "external",
"summary": "SUSE Bug 1124803 for CVE-2019-7574",
"url": "https://bugzilla.suse.com/1124803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7574"
},
{
"cve": "CVE-2019-7575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7575"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7575",
"url": "https://www.suse.com/security/cve/CVE-2019-7575"
},
{
"category": "external",
"summary": "SUSE Bug 1124802 for CVE-2019-7575",
"url": "https://bugzilla.suse.com/1124802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7575"
},
{
"cve": "CVE-2019-7577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7577"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7577",
"url": "https://www.suse.com/security/cve/CVE-2019-7577"
},
{
"category": "external",
"summary": "SUSE Bug 1124800 for CVE-2019-7577",
"url": "https://bugzilla.suse.com/1124800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7577"
},
{
"cve": "CVE-2019-7578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7578"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7578",
"url": "https://www.suse.com/security/cve/CVE-2019-7578"
},
{
"category": "external",
"summary": "SUSE Bug 1125099 for CVE-2019-7578",
"url": "https://bugzilla.suse.com/1125099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7578"
},
{
"cve": "CVE-2019-7635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7635"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7635",
"url": "https://www.suse.com/security/cve/CVE-2019-7635"
},
{
"category": "external",
"summary": "SUSE Bug 1124827 for CVE-2019-7635",
"url": "https://bugzilla.suse.com/1124827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7635"
},
{
"cve": "CVE-2019-7636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7636"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7636",
"url": "https://www.suse.com/security/cve/CVE-2019-7636"
},
{
"category": "external",
"summary": "SUSE Bug 1124826 for CVE-2019-7636",
"url": "https://bugzilla.suse.com/1124826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7636"
},
{
"cve": "CVE-2019-7637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7637"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7637",
"url": "https://www.suse.com/security/cve/CVE-2019-7637"
},
{
"category": "external",
"summary": "SUSE Bug 1124825 for CVE-2019-7637",
"url": "https://bugzilla.suse.com/1124825"
},
{
"category": "external",
"summary": "SUSE Bug 1134135 for CVE-2019-7637",
"url": "https://bugzilla.suse.com/1134135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7637"
},
{
"cve": "CVE-2019-7638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7638"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7638",
"url": "https://www.suse.com/security/cve/CVE-2019-7638"
},
{
"category": "external",
"summary": "SUSE Bug 1124824 for CVE-2019-7638",
"url": "https://bugzilla.suse.com/1124824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7638"
},
{
"cve": "CVE-2020-14409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14409"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14409",
"url": "https://www.suse.com/security/cve/CVE-2020-14409"
},
{
"category": "external",
"summary": "SUSE Bug 1181202 for CVE-2020-14409",
"url": "https://bugzilla.suse.com/1181202"
},
{
"category": "external",
"summary": "SUSE Bug 1200204 for CVE-2020-14409",
"url": "https://bugzilla.suse.com/1200204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14409"
},
{
"cve": "CVE-2020-14410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14410"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14410",
"url": "https://www.suse.com/security/cve/CVE-2020-14410"
},
{
"category": "external",
"summary": "SUSE Bug 1181201 for CVE-2020-14410",
"url": "https://bugzilla.suse.com/1181201"
},
{
"category": "external",
"summary": "SUSE Bug 1200204 for CVE-2020-14410",
"url": "https://bugzilla.suse.com/1200204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14410"
},
{
"cve": "CVE-2021-33657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33657"
}
],
"notes": [
{
"category": "general",
"text": "There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33657",
"url": "https://www.suse.com/security/cve/CVE-2021-33657"
},
{
"category": "external",
"summary": "SUSE Bug 1198001 for CVE-2021-33657",
"url": "https://bugzilla.suse.com/1198001"
},
{
"category": "external",
"summary": "SUSE Bug 1199105 for CVE-2021-33657",
"url": "https://bugzilla.suse.com/1199105"
},
{
"category": "external",
"summary": "SUSE Bug 1200204 for CVE-2021-33657",
"url": "https://bugzilla.suse.com/1200204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33657"
},
{
"cve": "CVE-2022-4743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4743"
}
],
"notes": [
{
"category": "general",
"text": "A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4743",
"url": "https://www.suse.com/security/cve/CVE-2022-4743"
},
{
"category": "external",
"summary": "SUSE Bug 1206727 for CVE-2022-4743",
"url": "https://bugzilla.suse.com/1206727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.aarch64",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.ppc64le",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.s390x",
"openSUSE Tumbleweed:SDL2-2.32.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-4743"
}
]
}
OPENSUSE-SU-2024:10608-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libSDL2_image-2_0-0-2.0.5-1.14 on GA media
Severity
Moderate
Notes
Title of the patch: libSDL2_image-2_0-0-2.0.5-1.14 on GA media
Description of the patch: These are all security issues fixed in the libSDL2_image-2_0-0-2.0.5-1.14 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10608
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libSDL2_image-2_0-0-2.0.5-1.14 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libSDL2_image-2_0-0-2.0.5-1.14 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10608",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10608-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12122 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14440 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14440/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14441 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14442 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14442/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14448 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14449 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14450 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14450/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2887 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3839 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3977 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3977/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12217 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12218 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12220 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12221 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12222 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5051 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5052 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5057 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5058 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5059 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5060 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5060/"
}
],
"title": "libSDL2_image-2_0-0-2.0.5-1.14 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10608-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"product": {
"name": "libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"product_id": "libSDL2_image-2_0-0-2.0.5-1.14.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"product": {
"name": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"product_id": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-2.0.5-1.14.aarch64",
"product": {
"name": "libSDL2_image-devel-2.0.5-1.14.aarch64",
"product_id": "libSDL2_image-devel-2.0.5-1.14.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"product": {
"name": "libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"product_id": "libSDL2_image-devel-32bit-2.0.5-1.14.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"product": {
"name": "libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"product_id": "libSDL2_image-2_0-0-2.0.5-1.14.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"product": {
"name": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"product_id": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-2.0.5-1.14.ppc64le",
"product": {
"name": "libSDL2_image-devel-2.0.5-1.14.ppc64le",
"product_id": "libSDL2_image-devel-2.0.5-1.14.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"product": {
"name": "libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"product_id": "libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"product": {
"name": "libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"product_id": "libSDL2_image-2_0-0-2.0.5-1.14.s390x"
}
},
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"product": {
"name": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"product_id": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-2.0.5-1.14.s390x",
"product": {
"name": "libSDL2_image-devel-2.0.5-1.14.s390x",
"product_id": "libSDL2_image-devel-2.0.5-1.14.s390x"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"product": {
"name": "libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"product_id": "libSDL2_image-devel-32bit-2.0.5-1.14.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"product": {
"name": "libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"product_id": "libSDL2_image-2_0-0-2.0.5-1.14.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"product": {
"name": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"product_id": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-2.0.5-1.14.x86_64",
"product": {
"name": "libSDL2_image-devel-2.0.5-1.14.x86_64",
"product_id": "libSDL2_image-devel-2.0.5-1.14.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2_image-devel-32bit-2.0.5-1.14.x86_64",
"product": {
"name": "libSDL2_image-devel-32bit-2.0.5-1.14.x86_64",
"product_id": "libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-1.14.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-1.14.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-1.14.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-2.0.5-1.14.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64"
},
"product_reference": "libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64"
},
"product_reference": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le"
},
"product_reference": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x"
},
"product_reference": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64"
},
"product_reference": "libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-1.14.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64"
},
"product_reference": "libSDL2_image-devel-2.0.5-1.14.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-1.14.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le"
},
"product_reference": "libSDL2_image-devel-2.0.5-1.14.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-1.14.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x"
},
"product_reference": "libSDL2_image-devel-2.0.5-1.14.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-2.0.5-1.14.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64"
},
"product_reference": "libSDL2_image-devel-2.0.5-1.14.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-32bit-2.0.5-1.14.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64"
},
"product_reference": "libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le"
},
"product_reference": "libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-32bit-2.0.5-1.14.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x"
},
"product_reference": "libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2_image-devel-32bit-2.0.5-1.14.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
},
"product_reference": "libSDL2_image-devel-32bit-2.0.5-1.14.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-12122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12122"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12122",
"url": "https://www.suse.com/security/cve/CVE-2017-12122"
},
{
"category": "external",
"summary": "SUSE Bug 1084256 for CVE-2017-12122",
"url": "https://bugzilla.suse.com/1084256"
},
{
"category": "external",
"summary": "SUSE Bug 1084257 for CVE-2017-12122",
"url": "https://bugzilla.suse.com/1084257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12122"
},
{
"cve": "CVE-2017-14440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14440"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14440",
"url": "https://www.suse.com/security/cve/CVE-2017-14440"
},
{
"category": "external",
"summary": "SUSE Bug 1084256 for CVE-2017-14440",
"url": "https://bugzilla.suse.com/1084256"
},
{
"category": "external",
"summary": "SUSE Bug 1084257 for CVE-2017-14440",
"url": "https://bugzilla.suse.com/1084257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14440"
},
{
"cve": "CVE-2017-14441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14441"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14441",
"url": "https://www.suse.com/security/cve/CVE-2017-14441"
},
{
"category": "external",
"summary": "SUSE Bug 1084256 for CVE-2017-14441",
"url": "https://bugzilla.suse.com/1084256"
},
{
"category": "external",
"summary": "SUSE Bug 1084282 for CVE-2017-14441",
"url": "https://bugzilla.suse.com/1084282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14441"
},
{
"cve": "CVE-2017-14442",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14442"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14442",
"url": "https://www.suse.com/security/cve/CVE-2017-14442"
},
{
"category": "external",
"summary": "SUSE Bug 1084256 for CVE-2017-14442",
"url": "https://bugzilla.suse.com/1084256"
},
{
"category": "external",
"summary": "SUSE Bug 1084304 for CVE-2017-14442",
"url": "https://bugzilla.suse.com/1084304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-14442"
},
{
"cve": "CVE-2017-14448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14448"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14448",
"url": "https://www.suse.com/security/cve/CVE-2017-14448"
},
{
"category": "external",
"summary": "SUSE Bug 1084256 for CVE-2017-14448",
"url": "https://bugzilla.suse.com/1084256"
},
{
"category": "external",
"summary": "SUSE Bug 1084303 for CVE-2017-14448",
"url": "https://bugzilla.suse.com/1084303"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14448"
},
{
"cve": "CVE-2017-14449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14449"
}
],
"notes": [
{
"category": "general",
"text": "A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14449",
"url": "https://www.suse.com/security/cve/CVE-2017-14449"
},
{
"category": "external",
"summary": "SUSE Bug 1084256 for CVE-2017-14449",
"url": "https://bugzilla.suse.com/1084256"
},
{
"category": "external",
"summary": "SUSE Bug 1084297 for CVE-2017-14449",
"url": "https://bugzilla.suse.com/1084297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14449"
},
{
"cve": "CVE-2017-14450",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14450"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14450",
"url": "https://www.suse.com/security/cve/CVE-2017-14450"
},
{
"category": "external",
"summary": "SUSE Bug 1084256 for CVE-2017-14450",
"url": "https://bugzilla.suse.com/1084256"
},
{
"category": "external",
"summary": "SUSE Bug 1084288 for CVE-2017-14450",
"url": "https://bugzilla.suse.com/1084288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14450"
},
{
"cve": "CVE-2017-2887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2887"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2887",
"url": "https://www.suse.com/security/cve/CVE-2017-2887"
},
{
"category": "external",
"summary": "SUSE Bug 1062777 for CVE-2017-2887",
"url": "https://bugzilla.suse.com/1062777"
},
{
"category": "external",
"summary": "SUSE Bug 1062784 for CVE-2017-2887",
"url": "https://bugzilla.suse.com/1062784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-2887"
},
{
"cve": "CVE-2018-3839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3839"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3839",
"url": "https://www.suse.com/security/cve/CVE-2018-3839"
},
{
"category": "external",
"summary": "SUSE Bug 1089087 for CVE-2018-3839",
"url": "https://bugzilla.suse.com/1089087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-3839"
},
{
"cve": "CVE-2018-3977",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3977"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3977",
"url": "https://www.suse.com/security/cve/CVE-2018-3977"
},
{
"category": "external",
"summary": "SUSE Bug 1114519 for CVE-2018-3977",
"url": "https://bugzilla.suse.com/1114519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-3977"
},
{
"cve": "CVE-2019-12217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12217"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12217",
"url": "https://www.suse.com/security/cve/CVE-2019-12217"
},
{
"category": "external",
"summary": "SUSE Bug 1135787 for CVE-2019-12217",
"url": "https://bugzilla.suse.com/1135787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12217"
},
{
"cve": "CVE-2019-12218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12218"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12218",
"url": "https://www.suse.com/security/cve/CVE-2019-12218"
},
{
"category": "external",
"summary": "SUSE Bug 1135789 for CVE-2019-12218",
"url": "https://bugzilla.suse.com/1135789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12218"
},
{
"cve": "CVE-2019-12220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12220"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12220",
"url": "https://www.suse.com/security/cve/CVE-2019-12220"
},
{
"category": "external",
"summary": "SUSE Bug 1135806 for CVE-2019-12220",
"url": "https://bugzilla.suse.com/1135806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12220"
},
{
"cve": "CVE-2019-12221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12221"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12221",
"url": "https://www.suse.com/security/cve/CVE-2019-12221"
},
{
"category": "external",
"summary": "SUSE Bug 1135796 for CVE-2019-12221",
"url": "https://bugzilla.suse.com/1135796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12221"
},
{
"cve": "CVE-2019-12222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12222"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12222",
"url": "https://www.suse.com/security/cve/CVE-2019-12222"
},
{
"category": "external",
"summary": "SUSE Bug 1136101 for CVE-2019-12222",
"url": "https://bugzilla.suse.com/1136101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12222"
},
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-5051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5051"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5051",
"url": "https://www.suse.com/security/cve/CVE-2019-5051"
},
{
"category": "external",
"summary": "SUSE Bug 1140419 for CVE-2019-5051",
"url": "https://bugzilla.suse.com/1140419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5051"
},
{
"cve": "CVE-2019-5052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5052"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5052",
"url": "https://www.suse.com/security/cve/CVE-2019-5052"
},
{
"category": "external",
"summary": "SUSE Bug 1140421 for CVE-2019-5052",
"url": "https://bugzilla.suse.com/1140421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5052"
},
{
"cve": "CVE-2019-5057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5057"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5057",
"url": "https://www.suse.com/security/cve/CVE-2019-5057"
},
{
"category": "external",
"summary": "SUSE Bug 1143763 for CVE-2019-5057",
"url": "https://bugzilla.suse.com/1143763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5057"
},
{
"cve": "CVE-2019-5058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5058"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5058",
"url": "https://www.suse.com/security/cve/CVE-2019-5058"
},
{
"category": "external",
"summary": "SUSE Bug 1143764 for CVE-2019-5058",
"url": "https://bugzilla.suse.com/1143764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5058"
},
{
"cve": "CVE-2019-5059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5059"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5059",
"url": "https://www.suse.com/security/cve/CVE-2019-5059"
},
{
"category": "external",
"summary": "SUSE Bug 1143766 for CVE-2019-5059",
"url": "https://bugzilla.suse.com/1143766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5059"
},
{
"cve": "CVE-2019-5060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5060"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5060",
"url": "https://www.suse.com/security/cve/CVE-2019-5060"
},
{
"category": "external",
"summary": "SUSE Bug 1143768 for CVE-2019-5060",
"url": "https://bugzilla.suse.com/1143768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-2_0-0-32bit-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-2.0.5-1.14.x86_64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.aarch64",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.ppc64le",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.s390x",
"openSUSE Tumbleweed:libSDL2_image-devel-32bit-2.0.5-1.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-5060"
}
]
}
FKIE_CVE-2019-13616
Vulnerability from fkie_nvd - Published: 2019-07-16 17:15 - Updated: 2024-11-21 04:25
Severity ?
Summary
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3950 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3951 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2020:0293 | Third Party Advisory | |
| cve@mitre.org | https://bugzilla.libsdl.org/show_bug.cgi?id=4538 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/ | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202305-17 | ||
| cve@mitre.org | https://usn.ubuntu.com/4156-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4156-2/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4238-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3950 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3951 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0293 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.libsdl.org/show_bug.cgi?id=4538 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-17 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4156-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4156-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4238-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libsdl | simple_directmedia_layer | * | |
| libsdl | simple_directmedia_layer | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 7.7 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.7 | |
| redhat | enterprise_linux_server_tus | 7.7 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1987484C-BB76-4554-B040-1A8D2C90F0AA",
"versionEndIncluding": "1.2.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85C1FFE9-9495-4484-9D25-590ECE49482B",
"versionEndIncluding": "2.0.9",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c."
},
{
"lang": "es",
"value": "hasta 2.0.9, presenta una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c."
}
],
"id": "CVE-2019-13616",
"lastModified": "2024-11-21T04:25:22.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-16T17:15:12.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3950"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3951"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0293"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202305-17"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4156-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4238-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4156-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4238-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
RHSA-2020:0293
Vulnerability from csaf_redhat - Published: 2020-01-30 09:06 - Updated: 2025-11-21 18:12Summary
Red Hat Security Advisory: SDL security update
Severity
Important
Notes
Topic: An update for SDL is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.
Security Fix(es):
* SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2020:0293
Workaround
If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for SDL is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.\n\nSecurity Fix(es):\n\n* SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0293",
"url": "https://access.redhat.com/errata/RHSA-2020:0293"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1747237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747237"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0293.json"
}
],
"title": "Red Hat Security Advisory: SDL security update",
"tracking": {
"current_release_date": "2025-11-21T18:12:04+00:00",
"generator": {
"date": "2025-11-21T18:12:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:0293",
"initial_release_date": "2020-01-30T09:06:51+00:00",
"revision_history": [
{
"date": "2020-01-30T09:06:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-30T09:06:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:12:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-33.el8_0.i686",
"product": {
"name": "SDL-0:1.2.15-33.el8_0.i686",
"product_id": "SDL-0:1.2.15-33.el8_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-33.el8_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-33.el8_0.i686",
"product": {
"name": "SDL-devel-0:1.2.15-33.el8_0.i686",
"product_id": "SDL-devel-0:1.2.15-33.el8_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-33.el8_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-33.el8_0.i686",
"product": {
"name": "SDL-debugsource-0:1.2.15-33.el8_0.i686",
"product_id": "SDL-debugsource-0:1.2.15-33.el8_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-33.el8_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"product": {
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"product_id": "SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-33.el8_0?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-33.el8_0.x86_64",
"product": {
"name": "SDL-0:1.2.15-33.el8_0.x86_64",
"product_id": "SDL-0:1.2.15-33.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-33.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-33.el8_0.x86_64",
"product": {
"name": "SDL-devel-0:1.2.15-33.el8_0.x86_64",
"product_id": "SDL-devel-0:1.2.15-33.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-33.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"product": {
"name": "SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"product_id": "SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-33.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"product": {
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"product_id": "SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-33.el8_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-33.el8_0.ppc64le",
"product": {
"name": "SDL-0:1.2.15-33.el8_0.ppc64le",
"product_id": "SDL-0:1.2.15-33.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-33.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"product": {
"name": "SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"product_id": "SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-33.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"product": {
"name": "SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"product_id": "SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-33.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"product": {
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"product_id": "SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-33.el8_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-33.el8_0.src",
"product": {
"name": "SDL-0:1.2.15-33.el8_0.src",
"product_id": "SDL-0:1.2.15-33.el8_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-33.el8_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-33.el8_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.i686"
},
"product_reference": "SDL-0:1.2.15-33.el8_0.i686",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-33.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.ppc64le"
},
"product_reference": "SDL-0:1.2.15-33.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-33.el8_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.src"
},
"product_reference": "SDL-0:1.2.15-33.el8_0.src",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-33.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.x86_64"
},
"product_reference": "SDL-0:1.2.15-33.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-33.el8_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.i686"
},
"product_reference": "SDL-debugsource-0:1.2.15-33.el8_0.i686",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-33.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.ppc64le"
},
"product_reference": "SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-33.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.x86_64"
},
"product_reference": "SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-33.el8_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.i686"
},
"product_reference": "SDL-devel-0:1.2.15-33.el8_0.i686",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-33.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-33.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-33.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-08-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1747237"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.src",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "RHBZ#1747237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13616",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13616"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13616",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13616"
}
],
"release_date": "2019-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-30T09:06:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.src",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0293"
},
{
"category": "workaround",
"details": "If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.src",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.src",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c"
}
]
}
RHSA-2019_3950
Vulnerability from csaf_redhat - Published: 2019-11-25 13:17 - Updated: 2024-11-22 14:08Summary
Red Hat Security Advisory: SDL security update
Severity
Important
Notes
Topic: An update for SDL is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[Updated 3 December 2019]
The packages distributed via this erratum did not include the fix for CVE-2019-13616 as claimed. RHSA-2019:4024 was released on 2 December 2019 to address this issue.
Details: Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.
Security Fix(es):
* SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2019:3950
Workaround
If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for SDL is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 3 December 2019]\nThe packages distributed via this erratum did not include the fix for CVE-2019-13616 as claimed. RHSA-2019:4024 was released on 2 December 2019 to address this issue.",
"title": "Topic"
},
{
"category": "general",
"text": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.\n\nSecurity Fix(es):\n\n* SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3950",
"url": "https://access.redhat.com/errata/RHSA-2019:3950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1747237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747237"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3950.json"
}
],
"title": "Red Hat Security Advisory: SDL security update",
"tracking": {
"current_release_date": "2024-11-22T14:08:50+00:00",
"generator": {
"date": "2024-11-22T14:08:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:3950",
"initial_release_date": "2019-11-25T13:17:56+00:00",
"revision_history": [
{
"date": "2019-11-25T13:17:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-03T15:28:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:08:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.x86_64",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64",
"product_id": "SDL-0:1.2.15-14.el7_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"product_id": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.i686",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.i686",
"product_id": "SDL-0:1.2.15-14.el7_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.i686",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.i686",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686",
"product_id": "SDL-static-0:1.2.15-14.el7_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.src",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.src",
"product_id": "SDL-0:1.2.15-14.el7_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.s390x",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.s390x",
"product_id": "SDL-0:1.2.15-14.el7_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.s390x",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x",
"product_id": "SDL-static-0:1.2.15-14.el7_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.s390",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.s390",
"product_id": "SDL-0:1.2.15-14.el7_7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=s390"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.s390",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=s390"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=s390"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.s390",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390",
"product_id": "SDL-static-0:1.2.15-14.el7_7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.ppc64",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64",
"product_id": "SDL-0:1.2.15-14.el7_7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"product_id": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.ppc",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.ppc",
"product_id": "SDL-0:1.2.15-14.el7_7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.ppc",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc",
"product_id": "SDL-static-0:1.2.15-14.el7_7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.ppc64le",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le",
"product_id": "SDL-0:1.2.15-14.el7_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"product_id": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-08-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1747237"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "RHBZ#1747237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13616",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13616"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13616",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13616"
}
],
"release_date": "2019-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-25T13:17:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3950"
},
{
"category": "workaround",
"details": "If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.",
"product_ids": [
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c"
}
]
}
RHSA-2019_3951
Vulnerability from csaf_redhat - Published: 2019-11-25 13:27 - Updated: 2024-11-22 14:08Summary
Red Hat Security Advisory: SDL security update
Severity
Important
Notes
Topic: An update for SDL is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.
Security Fix(es):
* SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2019:3951
Workaround
If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.
References
| URL | Category | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for SDL is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.\n\nSecurity Fix(es):\n\n* SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3951",
"url": "https://access.redhat.com/errata/RHSA-2019:3951"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://hg.libsdl.org/SDL/rev/e7ba650a643a",
"url": "https://hg.libsdl.org/SDL/rev/e7ba650a643a"
},
{
"category": "external",
"summary": "1747237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747237"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3951.json"
}
],
"title": "Red Hat Security Advisory: SDL security update",
"tracking": {
"current_release_date": "2024-11-22T14:08:56+00:00",
"generator": {
"date": "2024-11-22T14:08:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:3951",
"initial_release_date": "2019-11-25T13:27:08+00:00",
"revision_history": [
{
"date": "2019-11-25T13:27:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-11-25T13:27:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:08:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-36.el8_1.i686",
"product": {
"name": "SDL-0:1.2.15-36.el8_1.i686",
"product_id": "SDL-0:1.2.15-36.el8_1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-36.el8_1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-36.el8_1.i686",
"product": {
"name": "SDL-devel-0:1.2.15-36.el8_1.i686",
"product_id": "SDL-devel-0:1.2.15-36.el8_1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-36.el8_1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-36.el8_1.i686",
"product": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.i686",
"product_id": "SDL-debugsource-0:1.2.15-36.el8_1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-36.el8_1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"product": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"product_id": "SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-36.el8_1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-36.el8_1.x86_64",
"product": {
"name": "SDL-0:1.2.15-36.el8_1.x86_64",
"product_id": "SDL-0:1.2.15-36.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-36.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-36.el8_1.x86_64",
"product": {
"name": "SDL-devel-0:1.2.15-36.el8_1.x86_64",
"product_id": "SDL-devel-0:1.2.15-36.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-36.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"product": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"product_id": "SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-36.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"product": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"product_id": "SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-36.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-36.el8_1.ppc64le",
"product": {
"name": "SDL-0:1.2.15-36.el8_1.ppc64le",
"product_id": "SDL-0:1.2.15-36.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-36.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"product": {
"name": "SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"product_id": "SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-36.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"product": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"product_id": "SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-36.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"product": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"product_id": "SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-36.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-36.el8_1.s390x",
"product": {
"name": "SDL-0:1.2.15-36.el8_1.s390x",
"product_id": "SDL-0:1.2.15-36.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-36.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-36.el8_1.s390x",
"product": {
"name": "SDL-devel-0:1.2.15-36.el8_1.s390x",
"product_id": "SDL-devel-0:1.2.15-36.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-36.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"product": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"product_id": "SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-36.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"product": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"product_id": "SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-36.el8_1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-36.el8_1.aarch64",
"product": {
"name": "SDL-0:1.2.15-36.el8_1.aarch64",
"product_id": "SDL-0:1.2.15-36.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-36.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-36.el8_1.aarch64",
"product": {
"name": "SDL-devel-0:1.2.15-36.el8_1.aarch64",
"product_id": "SDL-devel-0:1.2.15-36.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-36.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"product": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"product_id": "SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-36.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"product": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"product_id": "SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-36.el8_1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-36.el8_1.src",
"product": {
"name": "SDL-0:1.2.15-36.el8_1.src",
"product_id": "SDL-0:1.2.15-36.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-36.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-36.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.aarch64"
},
"product_reference": "SDL-0:1.2.15-36.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-36.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.i686"
},
"product_reference": "SDL-0:1.2.15-36.el8_1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-36.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.ppc64le"
},
"product_reference": "SDL-0:1.2.15-36.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-36.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.s390x"
},
"product_reference": "SDL-0:1.2.15-36.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-36.el8_1.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.src"
},
"product_reference": "SDL-0:1.2.15-36.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-36.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.x86_64"
},
"product_reference": "SDL-0:1.2.15-36.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.aarch64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.aarch64"
},
"product_reference": "SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.i686"
},
"product_reference": "SDL-debugsource-0:1.2.15-36.el8_1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.ppc64le"
},
"product_reference": "SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.s390x"
},
"product_reference": "SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.x86_64"
},
"product_reference": "SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-36.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.aarch64"
},
"product_reference": "SDL-devel-0:1.2.15-36.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-36.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.i686"
},
"product_reference": "SDL-devel-0:1.2.15-36.el8_1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-36.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-36.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-36.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-36.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-36.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-08-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1747237"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.src",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "RHBZ#1747237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13616",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13616"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13616",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13616"
}
],
"release_date": "2019-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-25T13:27:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.src",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3951"
},
{
"category": "workaround",
"details": "If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.",
"product_ids": [
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.src",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.src",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c"
}
]
}
RHSA-2019:3951
Vulnerability from csaf_redhat - Published: 2019-11-25 13:27 - Updated: 2025-11-21 18:11Summary
Red Hat Security Advisory: SDL security update
Severity
Important
Notes
Topic: An update for SDL is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.
Security Fix(es):
* SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2019:3951
Workaround
If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.
References
| URL | Category | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for SDL is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.\n\nSecurity Fix(es):\n\n* SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3951",
"url": "https://access.redhat.com/errata/RHSA-2019:3951"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://hg.libsdl.org/SDL/rev/e7ba650a643a",
"url": "https://hg.libsdl.org/SDL/rev/e7ba650a643a"
},
{
"category": "external",
"summary": "1747237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747237"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3951.json"
}
],
"title": "Red Hat Security Advisory: SDL security update",
"tracking": {
"current_release_date": "2025-11-21T18:11:23+00:00",
"generator": {
"date": "2025-11-21T18:11:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:3951",
"initial_release_date": "2019-11-25T13:27:08+00:00",
"revision_history": [
{
"date": "2019-11-25T13:27:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-11-25T13:27:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:11:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-36.el8_1.i686",
"product": {
"name": "SDL-0:1.2.15-36.el8_1.i686",
"product_id": "SDL-0:1.2.15-36.el8_1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-36.el8_1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-36.el8_1.i686",
"product": {
"name": "SDL-devel-0:1.2.15-36.el8_1.i686",
"product_id": "SDL-devel-0:1.2.15-36.el8_1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-36.el8_1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-36.el8_1.i686",
"product": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.i686",
"product_id": "SDL-debugsource-0:1.2.15-36.el8_1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-36.el8_1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"product": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"product_id": "SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-36.el8_1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-36.el8_1.x86_64",
"product": {
"name": "SDL-0:1.2.15-36.el8_1.x86_64",
"product_id": "SDL-0:1.2.15-36.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-36.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-36.el8_1.x86_64",
"product": {
"name": "SDL-devel-0:1.2.15-36.el8_1.x86_64",
"product_id": "SDL-devel-0:1.2.15-36.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-36.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"product": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"product_id": "SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-36.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"product": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"product_id": "SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-36.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-36.el8_1.ppc64le",
"product": {
"name": "SDL-0:1.2.15-36.el8_1.ppc64le",
"product_id": "SDL-0:1.2.15-36.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-36.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"product": {
"name": "SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"product_id": "SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-36.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"product": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"product_id": "SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-36.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"product": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"product_id": "SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-36.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-36.el8_1.s390x",
"product": {
"name": "SDL-0:1.2.15-36.el8_1.s390x",
"product_id": "SDL-0:1.2.15-36.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-36.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-36.el8_1.s390x",
"product": {
"name": "SDL-devel-0:1.2.15-36.el8_1.s390x",
"product_id": "SDL-devel-0:1.2.15-36.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-36.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"product": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"product_id": "SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-36.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"product": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"product_id": "SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-36.el8_1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-36.el8_1.aarch64",
"product": {
"name": "SDL-0:1.2.15-36.el8_1.aarch64",
"product_id": "SDL-0:1.2.15-36.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-36.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-36.el8_1.aarch64",
"product": {
"name": "SDL-devel-0:1.2.15-36.el8_1.aarch64",
"product_id": "SDL-devel-0:1.2.15-36.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-36.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"product": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"product_id": "SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-36.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"product": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"product_id": "SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-36.el8_1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-36.el8_1.src",
"product": {
"name": "SDL-0:1.2.15-36.el8_1.src",
"product_id": "SDL-0:1.2.15-36.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-36.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-36.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.aarch64"
},
"product_reference": "SDL-0:1.2.15-36.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-36.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.i686"
},
"product_reference": "SDL-0:1.2.15-36.el8_1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-36.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.ppc64le"
},
"product_reference": "SDL-0:1.2.15-36.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-36.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.s390x"
},
"product_reference": "SDL-0:1.2.15-36.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-36.el8_1.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.src"
},
"product_reference": "SDL-0:1.2.15-36.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-36.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.x86_64"
},
"product_reference": "SDL-0:1.2.15-36.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.aarch64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-36.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.aarch64"
},
"product_reference": "SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.i686"
},
"product_reference": "SDL-debugsource-0:1.2.15-36.el8_1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.ppc64le"
},
"product_reference": "SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.s390x"
},
"product_reference": "SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-36.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.x86_64"
},
"product_reference": "SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-36.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.aarch64"
},
"product_reference": "SDL-devel-0:1.2.15-36.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-36.el8_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.i686"
},
"product_reference": "SDL-devel-0:1.2.15-36.el8_1.i686",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-36.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-36.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-36.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-36.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-36.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-08-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1747237"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.src",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "RHBZ#1747237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13616",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13616"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13616",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13616"
}
],
"release_date": "2019-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-25T13:27:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.src",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3951"
},
{
"category": "workaround",
"details": "If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.",
"product_ids": [
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.src",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.src",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debuginfo-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-debugsource-0:1.2.15-36.el8_1.x86_64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.aarch64",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.i686",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.ppc64le",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.s390x",
"AppStream-8.1.0.Z.MAIN.EUS:SDL-devel-0:1.2.15-36.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c"
}
]
}
RHSA-2020_0293
Vulnerability from csaf_redhat - Published: 2020-01-30 09:06 - Updated: 2024-11-22 14:09Summary
Red Hat Security Advisory: SDL security update
Severity
Important
Notes
Topic: An update for SDL is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.
Security Fix(es):
* SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2020:0293
Workaround
If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for SDL is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.\n\nSecurity Fix(es):\n\n* SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0293",
"url": "https://access.redhat.com/errata/RHSA-2020:0293"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1747237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747237"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0293.json"
}
],
"title": "Red Hat Security Advisory: SDL security update",
"tracking": {
"current_release_date": "2024-11-22T14:09:02+00:00",
"generator": {
"date": "2024-11-22T14:09:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:0293",
"initial_release_date": "2020-01-30T09:06:51+00:00",
"revision_history": [
{
"date": "2020-01-30T09:06:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-30T09:06:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:09:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-33.el8_0.i686",
"product": {
"name": "SDL-0:1.2.15-33.el8_0.i686",
"product_id": "SDL-0:1.2.15-33.el8_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-33.el8_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-33.el8_0.i686",
"product": {
"name": "SDL-devel-0:1.2.15-33.el8_0.i686",
"product_id": "SDL-devel-0:1.2.15-33.el8_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-33.el8_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-33.el8_0.i686",
"product": {
"name": "SDL-debugsource-0:1.2.15-33.el8_0.i686",
"product_id": "SDL-debugsource-0:1.2.15-33.el8_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-33.el8_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"product": {
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"product_id": "SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-33.el8_0?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-33.el8_0.x86_64",
"product": {
"name": "SDL-0:1.2.15-33.el8_0.x86_64",
"product_id": "SDL-0:1.2.15-33.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-33.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-33.el8_0.x86_64",
"product": {
"name": "SDL-devel-0:1.2.15-33.el8_0.x86_64",
"product_id": "SDL-devel-0:1.2.15-33.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-33.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"product": {
"name": "SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"product_id": "SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-33.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"product": {
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"product_id": "SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-33.el8_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-33.el8_0.ppc64le",
"product": {
"name": "SDL-0:1.2.15-33.el8_0.ppc64le",
"product_id": "SDL-0:1.2.15-33.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-33.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"product": {
"name": "SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"product_id": "SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-33.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"product": {
"name": "SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"product_id": "SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debugsource@1.2.15-33.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"product": {
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"product_id": "SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-33.el8_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-33.el8_0.src",
"product": {
"name": "SDL-0:1.2.15-33.el8_0.src",
"product_id": "SDL-0:1.2.15-33.el8_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-33.el8_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-33.el8_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.i686"
},
"product_reference": "SDL-0:1.2.15-33.el8_0.i686",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-33.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.ppc64le"
},
"product_reference": "SDL-0:1.2.15-33.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-33.el8_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.src"
},
"product_reference": "SDL-0:1.2.15-33.el8_0.src",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-33.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.x86_64"
},
"product_reference": "SDL-0:1.2.15-33.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-33.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-33.el8_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.i686"
},
"product_reference": "SDL-debugsource-0:1.2.15-33.el8_0.i686",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-33.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.ppc64le"
},
"product_reference": "SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debugsource-0:1.2.15-33.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.x86_64"
},
"product_reference": "SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-33.el8_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.i686"
},
"product_reference": "SDL-devel-0:1.2.15-33.el8_0.i686",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-33.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-33.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-33.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-08-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1747237"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.src",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "RHBZ#1747237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13616",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13616"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13616",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13616"
}
],
"release_date": "2019-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-30T09:06:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.src",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0293"
},
{
"category": "workaround",
"details": "If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.src",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.src",
"AppStream-8.0.0.Z.E4S:SDL-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debuginfo-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-debugsource-0:1.2.15-33.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.i686",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:SDL-devel-0:1.2.15-33.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c"
}
]
}
RHSA-2019:3950
Vulnerability from csaf_redhat - Published: 2019-11-25 13:17 - Updated: 2025-11-21 18:11Summary
Red Hat Security Advisory: SDL security update
Severity
Important
Notes
Topic: An update for SDL is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[Updated 3 December 2019]
The packages distributed via this erratum did not include the fix for CVE-2019-13616 as claimed. RHSA-2019:4024 was released on 2 December 2019 to address this issue.
Details: Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.
Security Fix(es):
* SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2019:3950
Workaround
If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for SDL is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 3 December 2019]\nThe packages distributed via this erratum did not include the fix for CVE-2019-13616 as claimed. RHSA-2019:4024 was released on 2 December 2019 to address this issue.",
"title": "Topic"
},
{
"category": "general",
"text": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.\n\nSecurity Fix(es):\n\n* SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3950",
"url": "https://access.redhat.com/errata/RHSA-2019:3950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1747237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747237"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3950.json"
}
],
"title": "Red Hat Security Advisory: SDL security update",
"tracking": {
"current_release_date": "2025-11-21T18:11:26+00:00",
"generator": {
"date": "2025-11-21T18:11:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:3950",
"initial_release_date": "2019-11-25T13:17:56+00:00",
"revision_history": [
{
"date": "2019-11-25T13:17:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-03T15:28:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:11:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.x86_64",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64",
"product_id": "SDL-0:1.2.15-14.el7_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"product_id": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.i686",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.i686",
"product_id": "SDL-0:1.2.15-14.el7_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.i686",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=i686"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.i686",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686",
"product_id": "SDL-static-0:1.2.15-14.el7_7.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.src",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.src",
"product_id": "SDL-0:1.2.15-14.el7_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.s390x",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.s390x",
"product_id": "SDL-0:1.2.15-14.el7_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.s390x",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x",
"product_id": "SDL-static-0:1.2.15-14.el7_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.s390",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.s390",
"product_id": "SDL-0:1.2.15-14.el7_7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=s390"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.s390",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=s390"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=s390"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.s390",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390",
"product_id": "SDL-static-0:1.2.15-14.el7_7.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.ppc64",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64",
"product_id": "SDL-0:1.2.15-14.el7_7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"product_id": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.ppc",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.ppc",
"product_id": "SDL-0:1.2.15-14.el7_7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.ppc",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc",
"product_id": "SDL-static-0:1.2.15-14.el7_7.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "SDL-0:1.2.15-14.el7_7.ppc64le",
"product": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le",
"product_id": "SDL-0:1.2.15-14.el7_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL@1.2.15-14.el7_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"product": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"product_id": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-devel@1.2.15-14.el7_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"product": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"product_id": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-debuginfo@1.2.15-14.el7_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"product": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"product_id": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/SDL-static@1.2.15-14.el7_7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.src",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-devel-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-devel-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.i686",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.s390x",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SDL-static-0:1.2.15-14.el7_7.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
},
"product_reference": "SDL-static-0:1.2.15-14.el7_7.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-08-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1747237"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "RHBZ#1747237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13616",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13616"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13616",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13616"
}
],
"release_date": "2019-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-25T13:17:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3950"
},
{
"category": "workaround",
"details": "If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.",
"product_ids": [
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Client-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Client-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7ComputeNode-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7ComputeNode-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Server-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Server-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.src",
"7Workstation-optional-7.7.Z:SDL-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-debuginfo-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-devel-0:1.2.15-14.el7_7.x86_64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.i686",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.ppc64le",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.s390x",
"7Workstation-optional-7.7.Z:SDL-static-0:1.2.15-14.el7_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c"
}
]
}
CNVD-2019-23072
Vulnerability from cnvd - Published: 2019-07-18
VLAI Severity ?
Title
Simple DirectMedia Layer缓冲区溢出漏洞(CNVD-2019-23072)
Description
Simple DirectMedia Layer(SDL)是一个用于访问低级硬件和图形,并为游戏、软件和仿真器提供支持的多平台库。
SDL 1.2.15及之前版本和2.x版本至2.0.9版本中的video/SDL_blit_N.c文件的BlitNtoN存在缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
Severity
中
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:
https://www.libsdl.org/
Reference
https://bugzilla.libsdl.org/show_bug.cgi?id=4538
https://nvd.nist.gov/vuln/detail/CVE-2019-13616
Impacted products
| Name | ['Simple DirectMedia Layer Simple DirectMedia Layer <=1.2.15', 'Simple DirectMedia Layer Simple DirectMedia Layer >=2.*,<=2.0.9'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-13616"
}
},
"description": "Simple DirectMedia Layer\uff08SDL\uff09\u662f\u4e00\u4e2a\u7528\u4e8e\u8bbf\u95ee\u4f4e\u7ea7\u786c\u4ef6\u548c\u56fe\u5f62\uff0c\u5e76\u4e3a\u6e38\u620f\u3001\u8f6f\u4ef6\u548c\u4eff\u771f\u5668\u63d0\u4f9b\u652f\u6301\u7684\u591a\u5e73\u53f0\u5e93\u3002\n\nSDL 1.2.15\u53ca\u4e4b\u524d\u7248\u672c\u548c2.x\u7248\u672c\u81f32.0.9\u7248\u672c\u4e2d\u7684video/SDL_blit_N.c\u6587\u4ef6\u7684BlitNtoN\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002",
"discovererName": "zhangweiye",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\n\r\nhttps://www.libsdl.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-23072",
"openTime": "2019-07-18",
"products": {
"product": [
"Simple DirectMedia Layer Simple DirectMedia Layer \u003c=1.2.15",
"Simple DirectMedia Layer Simple DirectMedia Layer \u003e=2.*\uff0c\u003c=2.0.9"
]
},
"referenceLink": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13616",
"serverity": "\u4e2d",
"submitTime": "2019-07-17",
"title": "Simple DirectMedia Layer\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-23072\uff09"
}
GSD-2019-13616
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-13616",
"description": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"id": "GSD-2019-13616",
"references": [
"https://www.suse.com/security/cve/CVE-2019-13616.html",
"https://access.redhat.com/errata/RHSA-2020:0293",
"https://access.redhat.com/errata/RHSA-2019:3951",
"https://access.redhat.com/errata/RHSA-2019:3950",
"https://ubuntu.com/security/CVE-2019-13616",
"https://advisories.mageia.org/CVE-2019-13616.html",
"https://security.archlinux.org/CVE-2019-13616",
"https://linux.oracle.com/cve/CVE-2019-13616.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-13616"
],
"details": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"id": "GSD-2019-13616",
"modified": "2023-12-13T01:23:41.510872Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538",
"refsource": "MISC",
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538"
},
{
"name": "openSUSE-SU-2019:2070",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"name": "openSUSE-SU-2019:2071",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"name": "FEDORA-2019-e08f78d4a6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/"
},
{
"name": "FEDORA-2019-446ca9f695",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/"
},
{
"name": "openSUSE-SU-2019:2109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
},
{
"name": "openSUSE-SU-2019:2108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
},
{
"name": "openSUSE-SU-2019:2226",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html"
},
{
"name": "openSUSE-SU-2019:2224",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html"
},
{
"name": "FEDORA-2019-8ef33a69ca",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/"
},
{
"name": "USN-4156-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"name": "USN-4156-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4156-2/"
},
{
"name": "RHSA-2019:3951",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3951"
},
{
"name": "RHSA-2019:3950",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3950"
},
{
"name": "USN-4238-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4238-1/"
},
{
"name": "RHSA-2020:0293",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0293"
},
{
"name": "FEDORA-2020-ff2fe47ba4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/"
},
{
"name": "FEDORA-2020-24652fe41c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"name": "GLSA-202305-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202305-17"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.9",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13616"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538"
},
{
"name": "openSUSE-SU-2019:2071",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"name": "openSUSE-SU-2019:2070",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"name": "FEDORA-2019-e08f78d4a6",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/"
},
{
"name": "FEDORA-2019-446ca9f695",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/"
},
{
"name": "openSUSE-SU-2019:2108",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
},
{
"name": "openSUSE-SU-2019:2109",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
},
{
"name": "openSUSE-SU-2019:2226",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html"
},
{
"name": "openSUSE-SU-2019:2224",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html"
},
{
"name": "FEDORA-2019-8ef33a69ca",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/"
},
{
"name": "USN-4156-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4156-1/"
},
{
"name": "USN-4156-2",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4156-2/"
},
{
"name": "RHSA-2019:3951",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3951"
},
{
"name": "RHSA-2019:3950",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3950"
},
{
"name": "USN-4238-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4238-1/"
},
{
"name": "RHSA-2020:0293",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0293"
},
{
"name": "FEDORA-2020-ff2fe47ba4",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/"
},
{
"name": "FEDORA-2020-24652fe41c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
},
{
"name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"name": "GLSA-202305-17",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/202305-17"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2023-05-03T12:15Z",
"publishedDate": "2019-07-16T17:15Z"
}
}
}
SUSE-SU-2020:3261-1
Vulnerability from csaf_suse - Published: 2020-11-10 08:45 - Updated: 2020-11-10 08:45Summary
Security update for SDL
Severity
Moderate
Notes
Title of the patch: Security update for SDL
Description of the patch: This update for SDL fixes the following issues:
Security issue fixed:
- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844).
Patchnames: SUSE-2020-3261,SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3261,SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3261
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3261,SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3261,SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3261",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3261-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3261-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203261-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3261-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007740.html"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
}
],
"title": "Security update for SDL",
"tracking": {
"current_release_date": "2020-11-10T08:45:40Z",
"generator": {
"date": "2020-11-10T08:45:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3261-1",
"initial_release_date": "2020-11-10T08:45:40Z",
"revision_history": [
{
"date": "2020-11-10T08:45:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-3.12.73.aarch64",
"product": {
"name": "libSDL-1_2-0-1.2.15-3.12.73.aarch64",
"product_id": "libSDL-1_2-0-1.2.15-3.12.73.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-3.12.73.aarch64",
"product": {
"name": "libSDL-devel-1.2.15-3.12.73.aarch64",
"product_id": "libSDL-devel-1.2.15-3.12.73.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-64bit-1.2.15-3.12.73.aarch64_ilp32",
"product": {
"name": "libSDL-1_2-0-64bit-1.2.15-3.12.73.aarch64_ilp32",
"product_id": "libSDL-1_2-0-64bit-1.2.15-3.12.73.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libSDL-devel-64bit-1.2.15-3.12.73.aarch64_ilp32",
"product": {
"name": "libSDL-devel-64bit-1.2.15-3.12.73.aarch64_ilp32",
"product_id": "libSDL-devel-64bit-1.2.15-3.12.73.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-3.12.73.i586",
"product": {
"name": "libSDL-1_2-0-1.2.15-3.12.73.i586",
"product_id": "libSDL-1_2-0-1.2.15-3.12.73.i586"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-3.12.73.i586",
"product": {
"name": "libSDL-devel-1.2.15-3.12.73.i586",
"product_id": "libSDL-devel-1.2.15-3.12.73.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-3.12.73.ppc64le",
"product": {
"name": "libSDL-1_2-0-1.2.15-3.12.73.ppc64le",
"product_id": "libSDL-1_2-0-1.2.15-3.12.73.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-3.12.73.ppc64le",
"product": {
"name": "libSDL-devel-1.2.15-3.12.73.ppc64le",
"product_id": "libSDL-devel-1.2.15-3.12.73.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-3.12.73.s390x",
"product": {
"name": "libSDL-1_2-0-1.2.15-3.12.73.s390x",
"product_id": "libSDL-1_2-0-1.2.15-3.12.73.s390x"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-3.12.73.s390x",
"product": {
"name": "libSDL-devel-1.2.15-3.12.73.s390x",
"product_id": "libSDL-devel-1.2.15-3.12.73.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-3.12.73.x86_64",
"product": {
"name": "libSDL-1_2-0-1.2.15-3.12.73.x86_64",
"product_id": "libSDL-1_2-0-1.2.15-3.12.73.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-1_2-0-32bit-1.2.15-3.12.73.x86_64",
"product": {
"name": "libSDL-1_2-0-32bit-1.2.15-3.12.73.x86_64",
"product_id": "libSDL-1_2-0-32bit-1.2.15-3.12.73.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-3.12.73.x86_64",
"product": {
"name": "libSDL-devel-1.2.15-3.12.73.x86_64",
"product_id": "libSDL-devel-1.2.15-3.12.73.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-32bit-1.2.15-3.12.73.x86_64",
"product": {
"name": "libSDL-devel-32bit-1.2.15-3.12.73.x86_64",
"product_id": "libSDL-devel-32bit-1.2.15-3.12.73.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-3.12.73.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.aarch64"
},
"product_reference": "libSDL-1_2-0-1.2.15-3.12.73.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-3.12.73.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.ppc64le"
},
"product_reference": "libSDL-1_2-0-1.2.15-3.12.73.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-3.12.73.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.s390x"
},
"product_reference": "libSDL-1_2-0-1.2.15-3.12.73.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-3.12.73.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.x86_64"
},
"product_reference": "libSDL-1_2-0-1.2.15-3.12.73.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-3.12.73.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.aarch64"
},
"product_reference": "libSDL-devel-1.2.15-3.12.73.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-3.12.73.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.ppc64le"
},
"product_reference": "libSDL-devel-1.2.15-3.12.73.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-3.12.73.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.s390x"
},
"product_reference": "libSDL-devel-1.2.15-3.12.73.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-3.12.73.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.x86_64"
},
"product_reference": "libSDL-devel-1.2.15-3.12.73.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-3.12.73.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.aarch64"
},
"product_reference": "libSDL-1_2-0-1.2.15-3.12.73.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-3.12.73.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.ppc64le"
},
"product_reference": "libSDL-1_2-0-1.2.15-3.12.73.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-3.12.73.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.s390x"
},
"product_reference": "libSDL-1_2-0-1.2.15-3.12.73.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-3.12.73.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.x86_64"
},
"product_reference": "libSDL-1_2-0-1.2.15-3.12.73.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-3.12.73.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.aarch64"
},
"product_reference": "libSDL-devel-1.2.15-3.12.73.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-3.12.73.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.ppc64le"
},
"product_reference": "libSDL-devel-1.2.15-3.12.73.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-3.12.73.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.s390x"
},
"product_reference": "libSDL-devel-1.2.15-3.12.73.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-3.12.73.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.x86_64"
},
"product_reference": "libSDL-devel-1.2.15-3.12.73.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-1_2-0-1.2.15-3.12.73.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL-devel-1.2.15-3.12.73.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-1_2-0-1.2.15-3.12.73.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libSDL-devel-1.2.15-3.12.73.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-10T08:45:40Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
}
]
}
SUSE-SU-2019:2463-1
Vulnerability from csaf_suse - Published: 2019-09-25 14:43 - Updated: 2019-09-25 14:43Summary
Security update for SDL2
Severity
Moderate
Notes
Title of the patch: Security update for SDL2
Description of the patch: This update for SDL2 fixes the following issues:
Security issues fixed:
- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c (bsc#1141844).
- CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (bsc#1142031).
Patchnames: SUSE-2019-2463,SUSE-SLE-Module-Desktop-Applications-15-2019-2463,SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2463,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2463
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c (bsc#1141844).\n- CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (bsc#1142031).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2463,SUSE-SLE-Module-Desktop-Applications-15-2019-2463,SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2463,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2463",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2463-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2463-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192463-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2463-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-September/005965.html"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE Bug 1142031",
"url": "https://bugzilla.suse.com/1142031"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13626 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13626/"
}
],
"title": "Security update for SDL2",
"tracking": {
"current_release_date": "2019-09-25T14:43:22Z",
"generator": {
"date": "2019-09-25T14:43:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2463-1",
"initial_release_date": "2019-09-25T14:43:22Z",
"revision_history": [
{
"date": "2019-09-25T14:43:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"product": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"product_id": "libSDL2-2_0-0-2.0.8-3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-3.15.1.aarch64",
"product": {
"name": "libSDL2-devel-2.0.8-3.15.1.aarch64",
"product_id": "libSDL2-devel-2.0.8-3.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-64bit-2.0.8-3.15.1.aarch64_ilp32",
"product": {
"name": "libSDL2-2_0-0-64bit-2.0.8-3.15.1.aarch64_ilp32",
"product_id": "libSDL2-2_0-0-64bit-2.0.8-3.15.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-64bit-2.0.8-3.15.1.aarch64_ilp32",
"product": {
"name": "libSDL2-devel-64bit-2.0.8-3.15.1.aarch64_ilp32",
"product_id": "libSDL2-devel-64bit-2.0.8-3.15.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-3.15.1.i586",
"product": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.i586",
"product_id": "libSDL2-2_0-0-2.0.8-3.15.1.i586"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-3.15.1.i586",
"product": {
"name": "libSDL2-devel-2.0.8-3.15.1.i586",
"product_id": "libSDL2-devel-2.0.8-3.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"product": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"product_id": "libSDL2-2_0-0-2.0.8-3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-3.15.1.ppc64le",
"product": {
"name": "libSDL2-devel-2.0.8-3.15.1.ppc64le",
"product_id": "libSDL2-devel-2.0.8-3.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"product": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"product_id": "libSDL2-2_0-0-2.0.8-3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-3.15.1.s390x",
"product": {
"name": "libSDL2-devel-2.0.8-3.15.1.s390x",
"product_id": "libSDL2-devel-2.0.8-3.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"product": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"product_id": "libSDL2-2_0-0-2.0.8-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64",
"product": {
"name": "libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64",
"product_id": "libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-3.15.1.x86_64",
"product": {
"name": "libSDL2-devel-2.0.8-3.15.1.x86_64",
"product_id": "libSDL2-devel-2.0.8-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-32bit-2.0.8-3.15.1.x86_64",
"product": {
"name": "libSDL2-devel-32bit-2.0.8-3.15.1.x86_64",
"product_id": "libSDL2-devel-32bit-2.0.8-3.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.aarch64"
},
"product_reference": "libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le"
},
"product_reference": "libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.s390x"
},
"product_reference": "libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.x86_64"
},
"product_reference": "libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.aarch64"
},
"product_reference": "libSDL2-devel-2.0.8-3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-3.15.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.ppc64le"
},
"product_reference": "libSDL2-devel-2.0.8-3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-3.15.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.s390x"
},
"product_reference": "libSDL2-devel-2.0.8-3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.x86_64"
},
"product_reference": "libSDL2-devel-2.0.8-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.aarch64"
},
"product_reference": "libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le"
},
"product_reference": "libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.s390x"
},
"product_reference": "libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.x86_64"
},
"product_reference": "libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.aarch64"
},
"product_reference": "libSDL2-devel-2.0.8-3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-3.15.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.ppc64le"
},
"product_reference": "libSDL2-devel-2.0.8-3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-3.15.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.s390x"
},
"product_reference": "libSDL2-devel-2.0.8-3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-devel-2.0.8-3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.x86_64"
},
"product_reference": "libSDL2-devel-2.0.8-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-25T14:43:22Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-13626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13626"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13626",
"url": "https://www.suse.com/security/cve/CVE-2019-13626"
},
{
"category": "external",
"summary": "SUSE Bug 1142031 for CVE-2019-13626",
"url": "https://bugzilla.suse.com/1142031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libSDL2-devel-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:libSDL2-devel-2.0.8-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-25T14:43:22Z",
"details": "moderate"
}
],
"title": "CVE-2019-13626"
}
]
}
SUSE-SU-2020:3030-1
Vulnerability from csaf_suse - Published: 2020-10-26 08:24 - Updated: 2020-10-26 08:24Summary
Security update for SDL
Severity
Moderate
Notes
Title of the patch: Security update for SDL
Description of the patch: This update for SDL fixes the following issues:
Secuirty issue fixed:
- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844).
Patchnames: SUSE-2020-3030,SUSE-SLE-SDK-12-SP5-2020-3030,SUSE-SLE-SERVER-12-SP5-2020-3030
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL fixes the following issues:\n\nSecuirty issue fixed:\n\n- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3030,SUSE-SLE-SDK-12-SP5-2020-3030,SUSE-SLE-SERVER-12-SP5-2020-3030",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3030-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3030-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203030-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3030-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-October/007624.html"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
}
],
"title": "Security update for SDL",
"tracking": {
"current_release_date": "2020-10-26T08:24:35Z",
"generator": {
"date": "2020-10-26T08:24:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3030-1",
"initial_release_date": "2020-10-26T08:24:35Z",
"revision_history": [
{
"date": "2020-10-26T08:24:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-15.14.2.aarch64",
"product": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.aarch64",
"product_id": "libSDL-1_2-0-1.2.15-15.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-15.14.2.aarch64",
"product": {
"name": "libSDL-devel-1.2.15-15.14.2.aarch64",
"product_id": "libSDL-devel-1.2.15-15.14.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-64bit-1.2.15-15.14.2.aarch64_ilp32",
"product": {
"name": "libSDL-1_2-0-64bit-1.2.15-15.14.2.aarch64_ilp32",
"product_id": "libSDL-1_2-0-64bit-1.2.15-15.14.2.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libSDL-devel-64bit-1.2.15-15.14.2.aarch64_ilp32",
"product": {
"name": "libSDL-devel-64bit-1.2.15-15.14.2.aarch64_ilp32",
"product_id": "libSDL-devel-64bit-1.2.15-15.14.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-15.14.2.i586",
"product": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.i586",
"product_id": "libSDL-1_2-0-1.2.15-15.14.2.i586"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-15.14.2.i586",
"product": {
"name": "libSDL-devel-1.2.15-15.14.2.i586",
"product_id": "libSDL-devel-1.2.15-15.14.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-15.14.2.ppc64le",
"product": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.ppc64le",
"product_id": "libSDL-1_2-0-1.2.15-15.14.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-15.14.2.ppc64le",
"product": {
"name": "libSDL-devel-1.2.15-15.14.2.ppc64le",
"product_id": "libSDL-devel-1.2.15-15.14.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-15.14.2.s390",
"product": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.s390",
"product_id": "libSDL-1_2-0-1.2.15-15.14.2.s390"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-15.14.2.s390",
"product": {
"name": "libSDL-devel-1.2.15-15.14.2.s390",
"product_id": "libSDL-devel-1.2.15-15.14.2.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-15.14.2.s390x",
"product": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.s390x",
"product_id": "libSDL-1_2-0-1.2.15-15.14.2.s390x"
}
},
{
"category": "product_version",
"name": "libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x",
"product": {
"name": "libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x",
"product_id": "libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-15.14.2.s390x",
"product": {
"name": "libSDL-devel-1.2.15-15.14.2.s390x",
"product_id": "libSDL-devel-1.2.15-15.14.2.s390x"
}
},
{
"category": "product_version",
"name": "libSDL-devel-32bit-1.2.15-15.14.2.s390x",
"product": {
"name": "libSDL-devel-32bit-1.2.15-15.14.2.s390x",
"product_id": "libSDL-devel-32bit-1.2.15-15.14.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL-1_2-0-1.2.15-15.14.2.x86_64",
"product": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.x86_64",
"product_id": "libSDL-1_2-0-1.2.15-15.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64",
"product": {
"name": "libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64",
"product_id": "libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-1.2.15-15.14.2.x86_64",
"product": {
"name": "libSDL-devel-1.2.15-15.14.2.x86_64",
"product_id": "libSDL-devel-1.2.15-15.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL-devel-32bit-1.2.15-15.14.2.x86_64",
"product": {
"name": "libSDL-devel-32bit-1.2.15-15.14.2.x86_64",
"product_id": "libSDL-devel-32bit-1.2.15-15.14.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-15.14.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.aarch64"
},
"product_reference": "libSDL-devel-1.2.15-15.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-15.14.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.ppc64le"
},
"product_reference": "libSDL-devel-1.2.15-15.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-15.14.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.s390x"
},
"product_reference": "libSDL-devel-1.2.15-15.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-devel-1.2.15-15.14.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.x86_64"
},
"product_reference": "libSDL-devel-1.2.15-15.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.aarch64"
},
"product_reference": "libSDL-1_2-0-1.2.15-15.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.ppc64le"
},
"product_reference": "libSDL-1_2-0-1.2.15-15.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.s390x"
},
"product_reference": "libSDL-1_2-0-1.2.15-15.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.x86_64"
},
"product_reference": "libSDL-1_2-0-1.2.15-15.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x"
},
"product_reference": "libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64"
},
"product_reference": "libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.aarch64"
},
"product_reference": "libSDL-1_2-0-1.2.15-15.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.ppc64le"
},
"product_reference": "libSDL-1_2-0-1.2.15-15.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.s390x"
},
"product_reference": "libSDL-1_2-0-1.2.15-15.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-1.2.15-15.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.x86_64"
},
"product_reference": "libSDL-1_2-0-1.2.15-15.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x"
},
"product_reference": "libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64"
},
"product_reference": "libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-1.2.15-15.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libSDL-1_2-0-32bit-1.2.15-15.14.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libSDL-devel-1.2.15-15.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-26T08:24:35Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
}
]
}
SUSE-SU-2019:2463-2
Vulnerability from csaf_suse - Published: 2020-07-07 11:42 - Updated: 2020-07-07 11:42Summary
Security update for SDL2
Severity
Moderate
Notes
Title of the patch: Security update for SDL2
Description of the patch: This update for SDL2 fixes the following issues:
Security issues fixed:
- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c (bsc#1141844).
- CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (bsc#1142031).
Patchnames: SUSE-2019-2463,SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1866
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SDL2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SDL2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c (bsc#1141844).\n- CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (bsc#1142031).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2463,SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1866",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2463-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2463-2",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192463-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2463-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-July/007086.html"
},
{
"category": "self",
"summary": "SUSE Bug 1141844",
"url": "https://bugzilla.suse.com/1141844"
},
{
"category": "self",
"summary": "SUSE Bug 1142031",
"url": "https://bugzilla.suse.com/1142031"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13616 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13626 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13626/"
}
],
"title": "Security update for SDL2",
"tracking": {
"current_release_date": "2020-07-07T11:42:50Z",
"generator": {
"date": "2020-07-07T11:42:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2463-2",
"initial_release_date": "2020-07-07T11:42:50Z",
"revision_history": [
{
"date": "2020-07-07T11:42:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"product": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.aarch64",
"product_id": "libSDL2-2_0-0-2.0.8-3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-3.15.1.aarch64",
"product": {
"name": "libSDL2-devel-2.0.8-3.15.1.aarch64",
"product_id": "libSDL2-devel-2.0.8-3.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-64bit-2.0.8-3.15.1.aarch64_ilp32",
"product": {
"name": "libSDL2-2_0-0-64bit-2.0.8-3.15.1.aarch64_ilp32",
"product_id": "libSDL2-2_0-0-64bit-2.0.8-3.15.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-64bit-2.0.8-3.15.1.aarch64_ilp32",
"product": {
"name": "libSDL2-devel-64bit-2.0.8-3.15.1.aarch64_ilp32",
"product_id": "libSDL2-devel-64bit-2.0.8-3.15.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-3.15.1.i586",
"product": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.i586",
"product_id": "libSDL2-2_0-0-2.0.8-3.15.1.i586"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-3.15.1.i586",
"product": {
"name": "libSDL2-devel-2.0.8-3.15.1.i586",
"product_id": "libSDL2-devel-2.0.8-3.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"product": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.ppc64le",
"product_id": "libSDL2-2_0-0-2.0.8-3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-3.15.1.ppc64le",
"product": {
"name": "libSDL2-devel-2.0.8-3.15.1.ppc64le",
"product_id": "libSDL2-devel-2.0.8-3.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"product": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.s390x",
"product_id": "libSDL2-2_0-0-2.0.8-3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-3.15.1.s390x",
"product": {
"name": "libSDL2-devel-2.0.8-3.15.1.s390x",
"product_id": "libSDL2-devel-2.0.8-3.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"product": {
"name": "libSDL2-2_0-0-2.0.8-3.15.1.x86_64",
"product_id": "libSDL2-2_0-0-2.0.8-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64",
"product": {
"name": "libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64",
"product_id": "libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-2.0.8-3.15.1.x86_64",
"product": {
"name": "libSDL2-devel-2.0.8-3.15.1.x86_64",
"product_id": "libSDL2-devel-2.0.8-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libSDL2-devel-32bit-2.0.8-3.15.1.x86_64",
"product": {
"name": "libSDL2-devel-32bit-2.0.8-3.15.1.x86_64",
"product_id": "libSDL2-devel-32bit-2.0.8-3.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP1:libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64"
},
"product_reference": "libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13616"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP1:libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13616",
"url": "https://www.suse.com/security/cve/CVE-2019-13616"
},
{
"category": "external",
"summary": "SUSE Bug 1141844 for CVE-2019-13616",
"url": "https://bugzilla.suse.com/1141844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP1:libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP1:libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-07T11:42:50Z",
"details": "moderate"
}
],
"title": "CVE-2019-13616"
},
{
"cve": "CVE-2019-13626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13626"
}
],
"notes": [
{
"category": "general",
"text": "SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP1:libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13626",
"url": "https://www.suse.com/security/cve/CVE-2019-13626"
},
{
"category": "external",
"summary": "SUSE Bug 1142031 for CVE-2019-13626",
"url": "https://bugzilla.suse.com/1142031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP1:libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP1:libSDL2-2_0-0-32bit-2.0.8-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-07T11:42:50Z",
"details": "moderate"
}
],
"title": "CVE-2019-13626"
}
]
}
BDU:2021-03748
Vulnerability from fstec - Published: 22.09.2019
VLAI Severity ?
Title
Уязвимость функция BlitNtoN (video/SDL_blit_N.c) мультимедийной библиотеки Simple DirectMedia Layer, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Description
Уязвимость функция BlitNtoN (video/SDL_blit_N.c) мультимедийной библиотеки Simple DirectMedia Layer связана с чтением за допустимыми границами буфера данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Simple DirectMedia Layer, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 2.12 «Орёл» (Astra Linux Common Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), до 1.2.15 включительно (Simple DirectMedia Layer), от 2.0.0 до 2.0.9 включительно (Simple DirectMedia Layer), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.1 (ОСОН ОСнова Оnyx), до 2.5 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Для Simple DirectMedia Layer:
Использование рекомендаций производителя: https://bugzilla.libsdl.org/show_bug.cgi?id=4538
Для Debian:
Использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2019-13616
Для Astra Linux:
Использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
Для ОСОН Основа:
Обновление программного обеспечения libsdl1.2 до версии 1.2.15+dfsg2-6.osnova1
Для ОСОН Основа:
Обновление программного обеспечения libsdl2 до версии 2.0.14+dfsg2-3
Для ОС ОН «Стрелец»:
Обновление программного обеспечения libsdl2 до версии 2.0.5+dfsg1-2+deb9u2
Обновление программного обеспечения libsdl1.2 до версии 1.2.15+dfsg2-6.osnova1
Для ОС Astra Linux:
- обновить пакет libsdl2 до 2.0.9+dfsg1-1+deb10u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
- обновить пакет sdl-image1.2 до 1.2.12-10+deb10u1+ci202312181141+astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
- обновить пакет libsdl1.2 до 1.2.15+dfsg2-6~deb10u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
Для Astra Linux Special Edition 4.7 для архитектуры ARM:
- обновить пакет libsdl2 до 2.0.9+dfsg1-1+deb10u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
- обновить пакет sdl-image1.2 до 1.2.12-10+deb10u1+ci202312181141+astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
- обновить пакет libsdl1.2 до 1.2.15+dfsg2-6~deb10u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
Reference
https://bugzilla.libsdl.org/show_bug.cgi?id=4538
https://nvd.nist.gov/vuln/detail/CVE-2019-13616
https://security-tracker.debian.org/tracker/CVE-2019-13616
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u0434\u043e 1.2.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Simple DirectMedia Layer), \u043e\u0442 2.0.0 \u0434\u043e 2.0.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Simple DirectMedia Layer), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Simple DirectMedia Layer:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://bugzilla.libsdl.org/show_bug.cgi?id=4538\n\n\u0414\u043b\u044f Debian:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2019-13616\n\n\u0414\u043b\u044f Astra Linux:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl1.2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.2.15+dfsg2-6.osnova1\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.14+dfsg2-3\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.5+dfsg1-2+deb9u2\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl1.2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.2.15+dfsg2-6.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libsdl2 \u0434\u043e 2.0.9+dfsg1-1+deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 sdl-image1.2 \u0434\u043e 1.2.12-10+deb10u1+ci202312181141+astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libsdl1.2 \u0434\u043e 1.2.15+dfsg2-6~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libsdl2 \u0434\u043e 2.0.9+dfsg1-1+deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 sdl-image1.2 \u0434\u043e 1.2.12-10+deb10u1+ci202312181141+astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libsdl1.2 \u0434\u043e 1.2.15+dfsg2-6~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.09.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.11.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.07.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03748",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-13616",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Simple DirectMedia Layer, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044f BlitNtoN (video/SDL_blit_N.c) \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044f BlitNtoN (video/SDL_blit_N.c) \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13616\nhttps://security-tracker.debian.org/tracker/CVE-2019-13616\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}
GHSA-V89F-GRVW-GPV8
Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2023-02-09 03:30
VLAI?
Details
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
Severity ?
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2019-13616"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-16T17:15:00Z",
"severity": "HIGH"
},
"details": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
"id": "GHSA-v89f-grvw-gpv8",
"modified": "2023-02-09T03:30:18Z",
"published": "2022-05-24T16:50:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13616"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4238-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4156-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4156-1"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-17"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
},
{
"type": "WEB",
"url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4538"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0293"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3951"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3950"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…