ID de Prueba:	1.3.6.1.4.1.25623.1.0.852692
Categoría:	SuSE Local Security Checks
Título:	openSUSE: Security Advisory for SDL_image (openSUSE-SU-2019:2071-1)
Resumen:	The remote host is missing an update for the 'SDL_image'; package(s) announced via the openSUSE-SU-2019:2071-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'SDL_image' package(s) announced via the openSUSE-SU-2019:2071-1 advisory. Vulnerability Insight: This update for SDL_image fixes the following issues: Update SDL_Image to new snapshot 1.2.12+hg695. Security issues fixed: * TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421) * TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763) * TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764) * TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling (boo#1143766) * TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768) * CVE-2019-7635: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (boo#1124827) * CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2071=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2071=1 Affected Software/OS: 'SDL_image' package(s) on openSUSE Leap 15.0. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-5052 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0821 https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html SuSE Security Announcement: openSUSE-SU-2019:2070 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html SuSE Security Announcement: openSUSE-SU-2019:2071 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html SuSE Security Announcement: openSUSE-SU-2019:2108 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html SuSE Security Announcement: openSUSE-SU-2019:2109 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html https://usn.ubuntu.com/4238-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-5057 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841 Common Vulnerability Exposure (CVE) ID: CVE-2019-5058 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842 Common Vulnerability Exposure (CVE) ID: CVE-2019-5059 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0843 Common Vulnerability Exposure (CVE) ID: CVE-2019-5060 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0844 Common Vulnerability Exposure (CVE) ID: CVE-2019-7635 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/ https://security.gentoo.org/glsa/201909-07 https://bugzilla.libsdl.org/show_bug.cgi?id=4498 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html SuSE Security Announcement: openSUSE-SU-2019:1213 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html SuSE Security Announcement: openSUSE-SU-2019:1223 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html SuSE Security Announcement: openSUSE-SU-2019:1261 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html https://usn.ubuntu.com/4143-1/ https://usn.ubuntu.com/4156-1/ https://usn.ubuntu.com/4156-2/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.