openSUSE Security Update: Security update for SDL2 ______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2893-1 Rating: moderate References: #1062784 Cross-References: CVE-2017-2888 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________
An update that fixes one vulnerability is now available.
This update for SDL2 fixes the following issues:
- CVE-2017-2888: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. (bsc#1062784)
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2017-1217=1
To bring your system up-to-date, use "zypper patch".
- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):
SDL2-debugsource-2.0.5-7.1 libSDL2-2_0-0-2.0.5-7.1 libSDL2-2_0-0-debuginfo-2.0.5-7.1 libSDL2-devel-2.0.5-7.1