openSUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2893-1 Rating: moderate References: #1062784 Cross-References: CVE-2017-2888 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for SDL2 fixes the following issues: - CVE-2017-2888: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. (bsc#1062784) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2017-1217=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.5-7.1 libSDL2-2_0-0-2.0.5-7.1 libSDL2-2_0-0-debuginfo-2.0.5-7.1 libSDL2-devel-2.0.5-7.1 References: https://www.suse.com/security/cve/CVE-2017-2888.html https://bugzilla.suse.com/1062784