Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2022-354-02
HistoryDec 20, 2022 - 8:56 p.m.

[slackware-security] sdl

2022-12-2020:56:11
Slackware Linux Project
www.slackware.com
17
heap overflow fix
sdl security
slackware 14.2
slackware 15.0
slackware -current
code execution

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.5%

JSON

New sdl packages are available for Slackware 14.2, 15.0, and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/sdl-1.2.15-i586-13_slack15.0.txz: Rebuilt.
This update fixes a heap overflow problem in video/SDL_pixels.c in SDL.
By crafting a malicious .BMP file, an attacker can cause the application
using this library to crash, denial of service, or code execution.
Thanks to marav for the heads-up.
For more information, see:
https://vulners.com/cve/CVE-2021-33657
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/sdl-1.2.15-i586-6_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/sdl-1.2.15-x86_64-6_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/sdl-1.2.15-i586-13_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/sdl-1.2.15-x86_64-13_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/sdl-1.2.15-i586-14.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/sdl-1.2.15-x86_64-14.txz

MD5 signatures:

Slackware 14.2 package:
c2879e92bba81029d2fbd4a5b1ee7102 sdl-1.2.15-i586-6_slack14.2.txz

Slackware x86_64 14.2 package:
a88a11e3ec852402e093a7cc1ae92719 sdl-1.2.15-x86_64-6_slack14.2.txz

Slackware 15.0 package:
d422f8825bc15e81b7f6b14184a8a3e6 sdl-1.2.15-i586-13_slack15.0.txz

Slackware x86_64 15.0 package:
d439c28c0ba37e07f48988375c40a032 sdl-1.2.15-x86_64-13_slack15.0.txz

Slackware -current package:
3202a68fca92bee4add2862a995e4ca3 l/sdl-1.2.15-i586-14.txz

Slackware x86_64 -current package:
ba279a39c35797377cb6fe6ddf60f99b l/sdl-1.2.15-x86_64-14.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg sdl-1.2.15-i586-13_slack15.0.txz

Related

suse 2
nessus 10
cve 1
alpinelinux 1
openvas 12
debiancve 1
ubuntucve 1
prion 1
nvd 1
cvelist 1
ubuntu 1
mageia 2
osv 3
veracode 1
gentoo 2
debian 1
suse
suse
Security update for SDL2 (important)
2022-04-14 00:00:00
Security update for SDL (important)
2022-04-20 00:00:00
nessus
nessus
SUSE SLES15 Security Update : SDL2 (SUSE-SU-2022:1313-1)
2022-04-23 00:00:00
SUSE SLED15 / SLES15 Security Update : SDL2 (SUSE-SU-2022:1218-1)
2022-04-15 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS : Simple DirectMedia Layer vulnerability (USN-5398-1)
2022-04-29 00:00:00
cve
cve
CVE-2021-33657
2022-04-01 23:15:10
alpinelinux
alpinelinux
CVE-2021-33657
2022-04-01 23:15:10
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:1313-1)
2022-04-25 00:00:00
openSUSE: Security Advisory for SDL2 (SUSE-SU-2022:1218-1)
2022-05-17 00:00:00
Ubuntu: Security Advisory (USN-5398-1)
2022-04-29 00:00:00
debiancve
debiancve
CVE-2021-33657
2022-04-01 23:15:10
ubuntucve
ubuntucve
CVE-2021-33657
2022-04-01 00:00:00
prion
prion
Heap overflow
2022-04-01 23:15:00
nvd
nvd
CVE-2021-33657
2022-04-01 23:15:10
cvelist
cvelist
CVE-2021-33657
2022-04-01 00:00:00
ubuntu
ubuntu
Simple DirectMedia Layer vulnerability
2022-04-28 00:00:00
mageia
mageia
Updated sdl2 packages fix security vulnerability
2022-09-16 22:39:55
Updated SDL12 packages fix security vulnerability
2022-09-16 22:39:55
osv
osv
libsdl1.2, libsdl2 vulnerability
2022-04-28 19:57:27
SDL2-devel-2.28.5-2.1 on GA media
2024-06-15 00:00:00
libsdl2 - security update
2023-02-09 00:00:00
veracode
veracode
Out-of-bounds Write
2022-04-15 06:59:34
gentoo
gentoo
libsdl2: Multiple Vulnerabilities
2023-05-03 00:00:00
libsdl: Multiple Vulnerabilities
2023-05-03 00:00:00
debian
debian
[SECURITY] [DLA 3314-1] libsdl2 security update
2023-02-08 23:49:17

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.5%

JSON
Related for SSA-2022-354-02
suse2nessus10cve1alpinelinux1openvas12debiancve1ubuntucve1prion1nvd1cvelist1ubuntu1mageia2osv3veracode1gentoo2debian1