Security update for SDL2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:0104-1 Final 1 1 2022-01-18T08:37:08Z current 2022-01-18T08:37:08Z 2022-01-18T08:37:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for SDL2 This update for SDL2 fixes the following issues: - CVE-2020-14409: Fixed Integer Overflow resulting in heap corruption in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP (bsc#1181202). - CVE-2020-14410: Fixed heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP (bsc#1181201). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-104,openSUSE-SLE-15.3-2022-104 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GCAJV7QU7NXYUTY7OMBOV6LAES2X326R/ E-Mail link for openSUSE-SU-2022:0104-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1181201 SUSE Bug 1181201 https://bugzilla.suse.com/1181202 SUSE Bug 1181202 https://www.suse.com/security/cve/CVE-2020-14409/ SUSE CVE CVE-2020-14409 page https://www.suse.com/security/cve/CVE-2020-14410/ SUSE CVE CVE-2020-14410 page SUSE Package Hub 15 SP3 openSUSE Leap 15.3 pdns-4.3.1-bp153.2.3.1 pdns-backend-geoip-4.3.1-bp153.2.3.1 pdns-backend-godbc-4.3.1-bp153.2.3.1 pdns-backend-ldap-4.3.1-bp153.2.3.1 pdns-backend-lua-4.3.1-bp153.2.3.1 pdns-backend-mysql-4.3.1-bp153.2.3.1 pdns-backend-postgresql-4.3.1-bp153.2.3.1 pdns-backend-remote-4.3.1-bp153.2.3.1 pdns-backend-sqlite3-4.3.1-bp153.2.3.1 libSDL2-2_0-0-2.0.8-11.3.1 libSDL2-2_0-0-32bit-2.0.8-11.3.1 libSDL2-devel-2.0.8-11.3.1 libSDL2-devel-32bit-2.0.8-11.3.1 pdns-4.3.1-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 pdns-backend-geoip-4.3.1-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 pdns-backend-godbc-4.3.1-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 pdns-backend-ldap-4.3.1-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 pdns-backend-lua-4.3.1-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 pdns-backend-mysql-4.3.1-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 pdns-backend-postgresql-4.3.1-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 pdns-backend-remote-4.3.1-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 pdns-backend-sqlite3-4.3.1-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 pdns-4.3.1-bp153.2.3.1 as a component of openSUSE Leap 15.3 pdns-backend-geoip-4.3.1-bp153.2.3.1 as a component of openSUSE Leap 15.3 pdns-backend-godbc-4.3.1-bp153.2.3.1 as a component of openSUSE Leap 15.3 pdns-backend-ldap-4.3.1-bp153.2.3.1 as a component of openSUSE Leap 15.3 pdns-backend-lua-4.3.1-bp153.2.3.1 as a component of openSUSE Leap 15.3 pdns-backend-mysql-4.3.1-bp153.2.3.1 as a component of openSUSE Leap 15.3 pdns-backend-postgresql-4.3.1-bp153.2.3.1 as a component of openSUSE Leap 15.3 pdns-backend-remote-4.3.1-bp153.2.3.1 as a component of openSUSE Leap 15.3 pdns-backend-sqlite3-4.3.1-bp153.2.3.1 as a component of openSUSE Leap 15.3 libSDL2-2_0-0-2.0.8-11.3.1 as a component of openSUSE Leap 15.3 libSDL2-2_0-0-32bit-2.0.8-11.3.1 as a component of openSUSE Leap 15.3 libSDL2-devel-2.0.8-11.3.1 as a component of openSUSE Leap 15.3 libSDL2-devel-32bit-2.0.8-11.3.1 as a component of openSUSE Leap 15.3 SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. CVE-2020-14409 SUSE Package Hub 15 SP3:pdns-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-geoip-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-godbc-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-ldap-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-lua-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-mysql-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-postgresql-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-remote-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-sqlite3-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:libSDL2-2_0-0-2.0.8-11.3.1 openSUSE Leap 15.3:libSDL2-2_0-0-32bit-2.0.8-11.3.1 openSUSE Leap 15.3:libSDL2-devel-2.0.8-11.3.1 openSUSE Leap 15.3:libSDL2-devel-32bit-2.0.8-11.3.1 openSUSE Leap 15.3:pdns-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-geoip-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-godbc-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-ldap-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-lua-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-mysql-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-postgresql-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-remote-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-sqlite3-4.3.1-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GCAJV7QU7NXYUTY7OMBOV6LAES2X326R/ https://www.suse.com/security/cve/CVE-2020-14409.html CVE-2020-14409 https://bugzilla.suse.com/1181202 SUSE Bug 1181202 https://bugzilla.suse.com/1200204 SUSE Bug 1200204 SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. CVE-2020-14410 SUSE Package Hub 15 SP3:pdns-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-geoip-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-godbc-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-ldap-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-lua-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-mysql-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-postgresql-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-remote-4.3.1-bp153.2.3.1 SUSE Package Hub 15 SP3:pdns-backend-sqlite3-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:libSDL2-2_0-0-2.0.8-11.3.1 openSUSE Leap 15.3:libSDL2-2_0-0-32bit-2.0.8-11.3.1 openSUSE Leap 15.3:libSDL2-devel-2.0.8-11.3.1 openSUSE Leap 15.3:libSDL2-devel-32bit-2.0.8-11.3.1 openSUSE Leap 15.3:pdns-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-geoip-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-godbc-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-ldap-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-lua-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-mysql-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-postgresql-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-remote-4.3.1-bp153.2.3.1 openSUSE Leap 15.3:pdns-backend-sqlite3-4.3.1-bp153.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GCAJV7QU7NXYUTY7OMBOV6LAES2X326R/ https://www.suse.com/security/cve/CVE-2020-14410.html CVE-2020-14410 https://bugzilla.suse.com/1181201 SUSE Bug 1181201 https://bugzilla.suse.com/1200204 SUSE Bug 1200204