{"openvas": [{"lastseen": "2020-01-31T16:30:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for SDL2 (openSUSE-SU-2019:1633-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7637"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852867", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852867", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852867\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-7637\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:38:44 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for SDL2 (openSUSE-SU-2019:1633-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1633-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00071.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'SDL2'\n package(s) announced via the openSUSE-SU-2019:1633-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for SDL2 fixes the following issues:\n\n - Remove the fix for CVE-2019-7637, the modification of function\n SDL_CalculatePitch is only suited for SDL not SDL2, and breaks SDL2\n software. (bsc#1134135)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1633=1\");\n\n script_tag(name:\"affected\", value:\"'SDL2' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL2-debugsource\", rpm:\"SDL2-debugsource~2.0.8~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-2_0-0\", rpm:\"libSDL2-2_0-0~2.0.8~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-2_0-0-debuginfo\", rpm:\"libSDL2-2_0-0-debuginfo~2.0.8~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-devel\", rpm:\"libSDL2-devel~2.0.8~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-2_0-0-32bit\", rpm:\"libSDL2-2_0-0-32bit~2.0.8~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-2_0-0-32bit-debuginfo\", rpm:\"libSDL2-2_0-0-32bit-debuginfo~2.0.8~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-devel-32bit\", rpm:\"libSDL2-devel-32bit~2.0.8~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:54:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-28T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for SDL2 (openSUSE-SU-2019:1632-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7637"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852587", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852587", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852587\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-7637\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-28 02:00:45 +0000 (Fri, 28 Jun 2019)\");\n script_name(\"openSUSE: Security Advisory for SDL2 (openSUSE-SU-2019:1632-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1632-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00081.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'SDL2'\n package(s) announced via the openSUSE-SU-2019:1632-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for SDL2 fixes the following issues:\n\n - Remove the fix for CVE-2019-7637, the modification of function\n SDL_CalculatePitch is only suited for SDL not SDL2, and breaks SDL2\n software. (bsc#1134135)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1632=1\");\n\n script_tag(name:\"affected\", value:\"'SDL2' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL2-debugsource\", rpm:\"SDL2-debugsource~2.0.8~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-2_0-0\", rpm:\"libSDL2-2_0-0~2.0.8~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-2_0-0-debuginfo\", rpm:\"libSDL2-2_0-0-debuginfo~2.0.8~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-devel\", rpm:\"libSDL2-devel~2.0.8~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-2_0-0-32bit\", rpm:\"libSDL2-2_0-0-32bit~2.0.8~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-2_0-0-32bit-debuginfo\", rpm:\"libSDL2-2_0-0-32bit-debuginfo~2.0.8~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-devel-32bit\", rpm:\"libSDL2-devel-32bit~2.0.8~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-10T14:48:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-09T00:00:00", "type": "openvas", "title": "Fedora Update for SDL FEDORA-2019-446ca9f695", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7637", "CVE-2019-13616"], "modified": "2019-09-10T00:00:00", "id": "OPENVAS:1361412562310876774", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876774", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876774\");\n script_version(\"2019-09-10T08:05:24+0000\");\n script_cve_id(\"CVE-2019-13616\", \"CVE-2019-7637\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-10 08:05:24 +0000 (Tue, 10 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-09 02:22:51 +0000 (Mon, 09 Sep 2019)\");\n script_name(\"Fedora Update for SDL FEDORA-2019-446ca9f695\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-446ca9f695\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'SDL'\n package(s) announced via the FEDORA-2019-446ca9f695 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed\nto provide fast access to the graphics frame buffer and audio device.\");\n\n script_tag(name:\"affected\", value:\"'SDL' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL\", rpm:\"SDL~1.2.15~41.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-02T14:42:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for libsdl2 USN-4143-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2017-2888"], "modified": "2019-10-01T00:00:00", "id": "OPENVAS:1361412562310844189", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844189", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844189\");\n script_version(\"2019-10-01T10:38:58+0000\");\n script_cve_id(\"CVE-2017-2888\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-01 10:38:58 +0000 (Tue, 01 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-01 02:00:55 +0000 (Tue, 01 Oct 2019)\");\n script_name(\"Ubuntu Update for libsdl2 USN-4143-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4143-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005136.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsdl2'\n package(s) announced via the USN-4143-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that SDL 2.0 mishandled crafted image files resulting in an\ninteger overflow. If a user were tricked into opening a malicious file, SDL\n2.0 could be caused to crash or potentially run arbitrary code.\n(CVE-2017-2888)\n\nIt was discovered that SDL 2.0 mishandled crafted image files. If a user were\ntricked into opening a malicious file, SDL 2.0 could be caused to crash or\npotentially run arbitrary code.\n(CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638)\");\n\n script_tag(name:\"affected\", value:\"'libsdl2' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libsdl2-2.0-0\", ver:\"2.0.8+dfsg1-1ubuntu1.18.04.4\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libsdl2-2.0-0\", ver:\"2.0.9+dfsg1-1ubuntu1.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libsdl2-2.0-0\", ver:\"2.0.4+dfsg1-2ubuntu2.16.04.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:40", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for SDL (EulerOS-SA-2019-1151)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191151", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191151", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1151\");\n script_version(\"2020-01-23T11:32:58+0000\");\n script_cve_id(\"CVE-2019-7573\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:32:58 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:32:58 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for SDL (EulerOS-SA-2019-1151)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1151\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1151\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'SDL' package(s) announced via the EulerOS-SA-2019-1151 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).(CVE-2019-7576)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.(CVE-2019-7577)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.(CVE-2019-7578)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.(CVE-2019-7635)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.(CVE-2019-7636)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.(CVE-2019-7637)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.(CVE-2019-7638)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).(CVE-2019-7573)\");\n\n script_tag(name:\"affected\", value:\"'SDL' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL\", rpm:\"SDL~1.2.15~14.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL-devel\", rpm:\"SDL-devel~1.2.15~14.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:03", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for SDL (EulerOS-SA-2019-1343)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191343", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1343\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2019-7573\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:39:58 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for SDL (EulerOS-SA-2019-1343)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1343\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1343\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'SDL' package(s) announced via the EulerOS-SA-2019-1343 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).(CVE-2019-7573)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).(CVE-2019-7576)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.(CVE-2019-7577)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.(CVE-2019-7578)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.(CVE-2019-7635)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.(CVE-2019-7636)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.(CVE-2019-7637)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.(CVE-2019-7638)\");\n\n script_tag(name:\"affected\", value:\"'SDL' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL\", rpm:\"SDL~1.2.15~14.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL-devel\", rpm:\"SDL-devel~1.2.15~14.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:40", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for SDL (EulerOS-SA-2019-1126)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191126", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191126", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1126\");\n script_version(\"2020-01-23T11:32:10+0000\");\n script_cve_id(\"CVE-2019-7573\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:32:10 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:32:10 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for SDL (EulerOS-SA-2019-1126)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1126\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1126\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'SDL' package(s) announced via the EulerOS-SA-2019-1126 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).(CVE-2019-7576)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.(CVE-2019-7577)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.(CVE-2019-7578)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.(CVE-2019-7635)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.(CVE-2019-7636)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.(CVE-2019-7637)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.(CVE-2019-7638)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).(CVE-2019-7573)\");\n\n script_tag(name:\"affected\", value:\"'SDL' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL\", rpm:\"SDL~1.2.15~14.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL-devel\", rpm:\"SDL-devel~1.2.15~14.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:28", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for SDL (EulerOS-SA-2019-1469)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191469", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191469", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1469\");\n script_version(\"2020-01-23T11:48:18+0000\");\n script_cve_id(\"CVE-2019-7573\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:48:18 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:48:18 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for SDL (EulerOS-SA-2019-1469)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1469\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1469\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'SDL' package(s) announced via the EulerOS-SA-2019-1469 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).(CVE-2019-7573)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).(CVE-2019-7576)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.(CVE-2019-7577)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.(CVE-2019-7578)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.(CVE-2019-7635)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.(CVE-2019-7638)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.(CVE-2019-7636)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.(CVE-2019-7637)\");\n\n script_tag(name:\"affected\", value:\"'SDL' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL\", rpm:\"SDL~1.2.15~14.h1\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-03-21T00:00:00", "type": "openvas", "title": "Fedora Update for SDL FEDORA-2019-918aad6bd5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2019-03-27T00:00:00", "id": "OPENVAS:1361412562310875515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875515", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875515\");\n script_version(\"2019-03-27T07:32:46+0000\");\n script_cve_id(\"CVE-2019-7577\", \"CVE-2019-7575\", \"CVE-2019-7574\", \"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7576\", \"CVE-2019-7578\", \"CVE-2019-7638\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7635\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-03-27 07:32:46 +0000 (Wed, 27 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-03-21 09:58:31 +0100 (Thu, 21 Mar 2019)\");\n script_name(\"Fedora Update for SDL FEDORA-2019-918aad6bd5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-918aad6bd5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'SDL'\n package(s) announced via the FEDORA-2019-918aad6bd5 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed\nto provide fast access to the graphics frame buffer and audio device.\");\n\n script_tag(name:\"affected\", value:\"SDL on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if((res = isrpmvuln(pkg:\"SDL\", rpm:\"SDL~1.2.15~32.fc28\", rls:\"FC28\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n if(__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:29:24", "description": "Multiple buffer overflow security issues have been found in libsdl2,\na library that allows low level access to a video frame buffer, audio\noutput, mouse, and keyboard.", "cvss3": {}, "published": "2019-03-14T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for libsdl2 (DLA-1714-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891714", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891714", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891714\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\",\n \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\",\n \"CVE-2019-7638\");\n script_name(\"Debian LTS: Security Advisory for libsdl2 (DLA-1714-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-14 00:00:00 +0100 (Thu, 14 Mar 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"libsdl2 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n2.0.2+dfsg1-6+deb8u1.\n\nWe recommend that you upgrade your libsdl2 packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple buffer overflow security issues have been found in libsdl2,\na library that allows low level access to a video frame buffer, audio\noutput, mouse, and keyboard.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libsdl2-2.0-0\", ver:\"2.0.2+dfsg1-6+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsdl2-dbg\", ver:\"2.0.2+dfsg1-6+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsdl2-dev\", ver:\"2.0.2+dfsg1-6+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:29:07", "description": "Multiple buffer overflow security issues have been found in libsdl1.2,\na library that allows low level access to a video frame buffer, audio\noutput, mouse, and keyboard.", "cvss3": {}, "published": "2019-03-14T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for libsdl1.2 (DLA-1713-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891713", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891713\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\",\n \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\",\n \"CVE-2019-7638\");\n script_name(\"Debian LTS: Security Advisory for libsdl1.2 (DLA-1713-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-14 00:00:00 +0100 (Thu, 14 Mar 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"libsdl1.2 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1.2.15-10+deb8u1.\n\nWe recommend that you upgrade your libsdl1.2 packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple buffer overflow security issues have been found in libsdl1.2,\na library that allows low level access to a video frame buffer, audio\noutput, mouse, and keyboard.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libsdl1.2-dbg\", ver:\"1.2.15-10+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsdl1.2-dev\", ver:\"1.2.15-10+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsdl1.2debian\", ver:\"1.2.15-10+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for SDL FEDORA-2019-7a554204c1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876158", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876158", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876158\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-7577\", \"CVE-2019-7575\", \"CVE-2019-7574\", \"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7576\", \"CVE-2019-7578\", \"CVE-2019-7638\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7635\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:37:03 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for SDL FEDORA-2019-7a554204c1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-7a554204c1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHEXXGCOKNICFBDMNVYYDTSDLQ42K5G5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'SDL'\n package(s) announced via the FEDORA-2019-7a554204c1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed\nto provide fast access to the graphics frame buffer and audio device.\");\n\n script_tag(name:\"affected\", value:\"'SDL' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL\", rpm:\"SDL~1.2.15~36.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:48:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-04-18T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for SDL (openSUSE-SU-2019:1223-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852435", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852435\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\",\n \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\",\n \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-18 02:00:58 +0000 (Thu, 18 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for SDL (openSUSE-SU-2019:1223-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1223-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'SDL'\n package(s) announced via the openSUSE-SU-2019:1223-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for SDL fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in\n audio/SDL_wave.c.(bsc#1124806).\n\n - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in\n audio/SDL_wave.c (bsc#1125099).\n\n - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (bsc#1124799).\n\n - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (bsc#1124805).\n\n - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in\n video/SDL_blit_1.c. (bsc#1124827).\n\n - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in\n video/SDL_pixels.c (bsc#1124826).\n\n - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in\n video/SDL_pixels.c (bsc#1124824).\n\n - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode\n in audio/SDL_wave.c (bsc#1124803).\n\n - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in\n audio/SDL_wave.c (bsc#1124802).\n\n - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect\n function in SDL_surface.c (bsc#1124825).\n\n - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in\n audio/SDL_wave.c (bsc#1124800).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1223=1\");\n\n script_tag(name:\"affected\", value:\"'SDL' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL-debugsource\", rpm:\"SDL-debugsource~1.2.15~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL-1_2-0\", rpm:\"libSDL-1_2-0~1.2.15~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL-1_2-0-debuginfo\", rpm:\"libSDL-1_2-0-debuginfo~1.2.15~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL-devel\", rpm:\"libSDL-devel~1.2.15~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL-1_2-0-32bit\", rpm:\"libSDL-1_2-0-32bit~1.2.15~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL-1_2-0-32bit-debuginfo\", rpm:\"libSDL-1_2-0-32bit-debuginfo~1.2.15~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL-devel-32bit\", rpm:\"libSDL-devel-32bit~1.2.15~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:47:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-04-24T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for SDL2 (openSUSE-SU-2019:1261-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852443", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852443", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852443\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\",\n \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\",\n \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-24 02:01:07 +0000 (Wed, 24 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for SDL2 (openSUSE-SU-2019:1261-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1261-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'SDL2'\n package(s) announced via the openSUSE-SU-2019:1261-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for SDL2 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in\n audio/SDL_wave.c.(bsc#1124806).\n\n - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in\n audio/SDL_wave.c (bsc#1125099).\n\n - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (bsc#1124799).\n\n - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (bsc#1124805).\n\n - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in\n video/SDL_blit_1.c. (bsc#1124827).\n\n - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in\n video/SDL_pixels.c (bsc#1124826).\n\n - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in\n video/SDL_pixels.c (bsc#1124824).\n\n - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode\n in audio/SDL_wave.c (bsc#1124803).\n\n - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in\n audio/SDL_wave.c (bsc#1124802).\n\n - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect\n function in SDL_surface.c (bsc#1124825).\n\n - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in\n audio/SDL_wave.c (bsc#1124800).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1261=1\");\n\n script_tag(name:\"affected\", value:\"'SDL2' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL2-debugsource\", rpm:\"SDL2-debugsource~2.0.8~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-2_0-0\", rpm:\"libSDL2-2_0-0~2.0.8~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-2_0-0-debuginfo\", rpm:\"libSDL2-2_0-0-debuginfo~2.0.8~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-devel\", rpm:\"libSDL2-devel~2.0.8~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-2_0-0-32bit\", rpm:\"libSDL2-2_0-0-32bit~2.0.8~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-2_0-0-32bit-debuginfo\", rpm:\"libSDL2-2_0-0-32bit-debuginfo~2.0.8~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL2-devel-32bit\", rpm:\"libSDL2-devel-32bit~2.0.8~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-26T20:43:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-02-23T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for mingw-SDL (FEDORA-2020-24652fe41c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-13616", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2020-02-26T00:00:00", "id": "OPENVAS:1361412562310877504", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877504", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877504\");\n script_version(\"2020-02-26T06:23:50+0000\");\n script_cve_id(\"CVE-2019-13616\", \"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7576\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7637\", \"CVE-2019-7638\", \"CVE-2019-7636\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-26 06:23:50 +0000 (Wed, 26 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-23 04:03:52 +0000 (Sun, 23 Feb 2020)\");\n script_name(\"Fedora: Security Advisory for mingw-SDL (FEDORA-2020-24652fe41c)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-24652fe41c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-SDL'\n package(s) announced via the FEDORA-2020-24652fe41c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Simple DirectMedia Layer (SDL) is a cross-platform multimedia library\ndesigned to provide fast access to the graphics frame buffer and audio\ndevice.\");\n\n script_tag(name:\"affected\", value:\"'mingw-SDL' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mingw-SDL\", rpm:\"mingw-SDL~1.2.15~14.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for SDL FEDORA-2019-bf531902c8", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875696", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875696", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875696\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-7577\", \"CVE-2019-7575\", \"CVE-2019-7574\", \"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7576\", \"CVE-2019-7578\", \"CVE-2019-7638\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7635\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:16:46 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for SDL FEDORA-2019-bf531902c8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-bf531902c8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'SDL'\n package(s) announced via the FEDORA-2019-bf531902c8 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed\nto provide fast access to the graphics frame buffer and audio device.\");\n\n script_tag(name:\"affected\", value:\"'SDL' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL\", rpm:\"SDL~1.2.15~37.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:48:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-04-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for SDL (openSUSE-SU-2019:1213-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852428", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852428", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852428\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\",\n \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\",\n \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-17 02:01:10 +0000 (Wed, 17 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for SDL (openSUSE-SU-2019:1213-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1213-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'SDL'\n package(s) announced via the openSUSE-SU-2019:1213-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for SDL fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in\n audio/SDL_wave.c.(bsc#1124806).\n\n - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in\n audio/SDL_wave.c (bsc#1125099).\n\n - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (bsc#1124799).\n\n - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (bsc#1124805).\n\n - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in\n video/SDL_blit_1.c. (bsc#1124827).\n\n - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in\n video/SDL_pixels.c (bsc#1124826).\n\n - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in\n video/SDL_pixels.c (bsc#1124824).\n\n - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode\n in audio/SDL_wave.c (bsc#1124803).\n\n - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in\n audio/SDL_wave.c (bsc#1124802).\n\n - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect\n function in SDL_surface.c (bsc#1124825).\n\n - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in\n audio/SDL_wave.c (bsc#1124800).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1213=1\");\n\n script_tag(name:\"affected\", value:\"'SDL' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL-debugsource\", rpm:\"SDL-debugsource~1.2.15~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL-1_2-0\", rpm:\"libSDL-1_2-0~1.2.15~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL-1_2-0-debuginfo\", rpm:\"libSDL-1_2-0-debuginfo~1.2.15~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL-devel\", rpm:\"libSDL-devel~1.2.15~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL-1_2-0-32bit\", rpm:\"libSDL-1_2-0-32bit~1.2.15~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL-1_2-0-debuginfo-32bit\", rpm:\"libSDL-1_2-0-debuginfo-32bit~1.2.15~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libSDL-devel-32bit\", rpm:\"libSDL-devel-32bit~1.2.15~20.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-03-02T00:00:00", "type": "openvas", "title": "Fedora Update for SDL FEDORA-2019-6092f8c0dc", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875488", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875488\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2019-7577\", \"CVE-2019-7575\", \"CVE-2019-7574\", \"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7576\", \"CVE-2019-7578\", \"CVE-2019-7638\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7635\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-03-02 04:15:15 +0100 (Sat, 02 Mar 2019)\");\n script_name(\"Fedora Update for SDL FEDORA-2019-6092f8c0dc\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-6092f8c0dc\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCZFITTVE3ZPXN25ADFRGNJ5X5ASCPTY\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'SDL'\n package(s) announced via the FEDORA-2019-6092f8c0dc advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"SDL on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"SDL\", rpm:\"SDL~1.2.15~31.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-10T14:48:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-09T00:00:00", "type": "openvas", "title": "Fedora Update for SDL FEDORA-2019-e08f78d4a6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-13616", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2019-09-10T00:00:00", "id": "OPENVAS:1361412562310876779", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876779", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876779\");\n script_version(\"2019-09-10T08:05:24+0000\");\n script_cve_id(\"CVE-2019-13616\", \"CVE-2019-7637\", \"CVE-2019-7577\", \"CVE-2019-7575\", \"CVE-2019-7574\", \"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7576\", \"CVE-2019-7578\", \"CVE-2019-7638\", \"CVE-2019-7636\", \"CVE-2019-7635\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-10 08:05:24 +0000 (Tue, 10 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-09 02:22:58 +0000 (Mon, 09 Sep 2019)\");\n script_name(\"Fedora Update for SDL FEDORA-2019-e08f78d4a6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-e08f78d4a6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'SDL'\n package(s) announced via the FEDORA-2019-e08f78d4a6 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed\nto provide fast access to the graphics frame buffer and audio device.\");\n\n script_tag(name:\"affected\", value:\"'SDL' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"SDL\", rpm:\"SDL~1.2.15~40.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-25T14:25:48", "description": "This update for SDL2 fixes the following issues :\n\n - Remove the fix for CVE-2019-7637, the modification of function SDL_CalculatePitch is only suited for SDL not SDL2, and breaks SDL2 software. (bsc#1134135)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-06-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : SDL2 (openSUSE-2019-1632)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7637"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:sdl2-debugsource", "p-cpe:/a:novell:opensuse:libsdl2-2_0-0", "p-cpe:/a:novell:opensuse:libsdl2-2_0-0-32bit", "p-cpe:/a:novell:opensuse:libsdl2-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsdl2-2_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libsdl2-devel", "p-cpe:/a:novell:opensuse:libsdl2-devel-32bit", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1632.NASL", "href": "https://www.tenable.com/plugins/nessus/126324", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1632.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126324);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-7637\");\n\n script_name(english:\"openSUSE Security Update : SDL2 (openSUSE-2019-1632)\");\n script_summary(english:\"Check for the openSUSE-2019-1632 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for SDL2 fixes the following issues :\n\n - Remove the fix for CVE-2019-7637, the modification of\n function SDL_CalculatePitch is only suited for SDL not\n SDL2, and breaks SDL2 software. (bsc#1134135)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134135\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected SDL2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:SDL2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"SDL2-debugsource-2.0.8-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libSDL2-2_0-0-2.0.8-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libSDL2-2_0-0-debuginfo-2.0.8-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libSDL2-devel-2.0.8-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libSDL2-2_0-0-32bit-2.0.8-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libSDL2-2_0-0-32bit-debuginfo-2.0.8-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libSDL2-devel-32bit-2.0.8-lp150.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL2-debugsource / libSDL2-2_0-0 / libSDL2-2_0-0-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:11", "description": "This update for SDL2 fixes the following issues :\n\n - Remove the fix for CVE-2019-7637, the modification of function SDL_CalculatePitch is only suited for SDL not SDL2, and breaks SDL2 software. (bsc#1134135)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-06-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : SDL2 (openSUSE-2019-1633)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7637"], "modified": "2020-01-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:sdl2-debugsource", "p-cpe:/a:novell:opensuse:libsdl2-2_0-0", "p-cpe:/a:novell:opensuse:libsdl2-2_0-0-32bit", "p-cpe:/a:novell:opensuse:libsdl2-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsdl2-2_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libsdl2-devel", "p-cpe:/a:novell:opensuse:libsdl2-devel-32bit", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-1633.NASL", "href": "https://www.tenable.com/plugins/nessus/126325", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1633.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126325);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/09\");\n\n script_cve_id(\"CVE-2019-7637\");\n\n script_name(english:\"openSUSE Security Update : SDL2 (openSUSE-2019-1633)\");\n script_summary(english:\"Check for the openSUSE-2019-1633 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for SDL2 fixes the following issues :\n\n - Remove the fix for CVE-2019-7637, the modification of\n function SDL_CalculatePitch is only suited for SDL not\n SDL2, and breaks SDL2 software. (bsc#1134135)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134135\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected SDL2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:SDL2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"SDL2-debugsource-2.0.8-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libSDL2-2_0-0-2.0.8-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libSDL2-2_0-0-debuginfo-2.0.8-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libSDL2-devel-2.0.8-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libSDL2-2_0-0-32bit-2.0.8-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libSDL2-2_0-0-32bit-debuginfo-2.0.8-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libSDL2-devel-32bit-2.0.8-lp151.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL2-debugsource / libSDL2-2_0-0 / libSDL2-2_0-0-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:12", "description": "This update for SDL2 fixes the following issues :\n\nRemove the fix for CVE-2019-7637, the modification of function SDL_CalculatePitch is only suited for SDL not SDL2, and breaks SDL2 software. (bsc#1134135)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-24T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : SDL2 (SUSE-SU-2019:1605-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7637"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:sdl2-debugsource", "p-cpe:/a:novell:suse_linux:libsdl2-2_0", "p-cpe:/a:novell:suse_linux:libsdl2-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libsdl2-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1605-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126159", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1605-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126159);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-7637\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : SDL2 (SUSE-SU-2019:1605-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for SDL2 fixes the following issues :\n\nRemove the fix for CVE-2019-7637, the modification of function\nSDL_CalculatePitch is only suited for SDL not SDL2, and breaks SDL2\nsoftware. (bsc#1134135)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7637/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191605-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22c556c3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1605=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1605=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-1605=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:SDL2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libSDL2-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libSDL2-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libSDL2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"SDL2-debugsource-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libSDL2-2_0-0-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libSDL2-2_0-0-debuginfo-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libSDL2-devel-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"SDL2-debugsource-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libSDL2-2_0-0-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libSDL2-2_0-0-debuginfo-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libSDL2-devel-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"SDL2-debugsource-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libSDL2-2_0-0-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libSDL2-2_0-0-debuginfo-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libSDL2-devel-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"SDL2-debugsource-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libSDL2-2_0-0-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libSDL2-2_0-0-debuginfo-2.0.8-3.12.5\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libSDL2-devel-2.0.8-3.12.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:43:59", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2803 advisory.\n\n - An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. (CVE-2017-2888)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-31T00:00:00", "type": "nessus", "title": "Debian DLA-2803-1 : libsdl2 - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2888", "CVE-2019-7637"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libsdl2-2.0-0", "p-cpe:/a:debian:debian_linux:libsdl2-dev", "p-cpe:/a:debian:debian_linux:libsdl2-doc", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2803.NASL", "href": "https://www.tenable.com/plugins/nessus/154751", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2803. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154751);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\"CVE-2017-2888\", \"CVE-2019-7637\");\n\n script_name(english:\"Debian DLA-2803-1 : libsdl2 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2803 advisory.\n\n - An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A\n specially crafted file can cause an integer overflow resulting in too little memory being allocated which\n can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted\n image file to trigger this vulnerability. (CVE-2017-2888)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/libsdl2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2017-2888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-7637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/libsdl2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the libsdl2 packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 2.0.5+dfsg1-2+deb9u2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7637\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsdl2-2.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsdl2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsdl2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'libsdl2-2.0-0', 'reference': '2.0.5+dfsg1-2+deb9u2'},\n {'release': '9.0', 'prefix': 'libsdl2-dev', 'reference': '2.0.5+dfsg1-2+deb9u2'},\n {'release': '9.0', 'prefix': 'libsdl2-doc', 'reference': '2.0.5+dfsg1-2+deb9u2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsdl2-2.0-0 / libsdl2-dev / libsdl2-doc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T15:03:38", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14943-1 advisory.\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)\n\n - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)\n\n - There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. (CVE-2021-33657)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-23T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : SDL (SUSE-SU-2022:14943-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7637", "CVE-2020-14409", "CVE-2020-14410", "CVE-2021-33657"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:sdl", "p-cpe:/a:novell:suse_linux:sdl-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2022-14943-1.NASL", "href": "https://www.tenable.com/plugins/nessus/160097", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:14943-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160097);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2019-7637\",\n \"CVE-2020-14409\",\n \"CVE-2020-14410\",\n \"CVE-2021-33657\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:14943-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : SDL (SUSE-SU-2022:14943-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:14943-1 advisory.\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap\n corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. (CVE-2020-14409)\n\n - SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in\n Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. (CVE-2020-14410)\n\n - There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18\n versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to\n crash, denial of service or Code execution. (CVE-2021-33657)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1124825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14409\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33657\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-April/010802.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?afd8288d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected SDL and / or SDL-32bit packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33657\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:SDL-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'SDL-1.2.13-106.21.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']},\n {'reference':'SDL-32bit-1.2.13-106.21.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']},\n {'reference':'SDL-32bit-1.2.13-106.21.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SDL / SDL-32bit');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:48:48", "description": "It was discovered that SDL 2.0 mishandled crafted image files resulting in an integer overflow. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. (CVE-2017-2888)\n\nIt was discovered that SDL 2.0 mishandled crafted image files. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. (CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-10-01T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : SDL 2.0 vulnerabilities (USN-4143-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2888", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2023-10-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libsdl2-2.0-0", "p-cpe:/a:canonical:ubuntu_linux:libsdl2-dev", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4143-1.NASL", "href": "https://www.tenable.com/plugins/nessus/129489", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4143-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129489);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2017-2888\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n script_xref(name:\"USN\", value:\"4143-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : SDL 2.0 vulnerabilities (USN-4143-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that SDL 2.0 mishandled crafted image files\nresulting in an integer overflow. If a user were tricked into opening\na malicious file, SDL 2.0 could be caused to crash or potentially run\narbitrary code. (CVE-2017-2888)\n\nIt was discovered that SDL 2.0 mishandled crafted image files. If a\nuser were tricked into opening a malicious file, SDL 2.0 could be\ncaused to crash or potentially run arbitrary code. (CVE-2019-7635,\nCVE-2019-7636, CVE-2019-7637, CVE-2019-7638).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4143-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libsdl2-2.0-0 and / or libsdl2-dev packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsdl2-2.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsdl2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libsdl2-2.0-0', 'pkgver': '2.0.4+dfsg1-2ubuntu2.16.04.2'},\n {'osver': '16.04', 'pkgname': 'libsdl2-dev', 'pkgver': '2.0.4+dfsg1-2ubuntu2.16.04.2'},\n {'osver': '18.04', 'pkgname': 'libsdl2-2.0-0', 'pkgver': '2.0.8+dfsg1-1ubuntu1.18.04.4'},\n {'osver': '18.04', 'pkgname': 'libsdl2-dev', 'pkgver': '2.0.8+dfsg1-1ubuntu1.18.04.4'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsdl2-2.0-0 / libsdl2-dev');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:07:50", "description": "According to the versions of the SDL packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).(CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.(CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.(CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.(CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.(CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.(CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.(CVE-2019-7638)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).(CVE-2019-7573)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : SDL (EulerOS-SA-2019-1126)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7573", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sdl", "p-cpe:/a:huawei:euleros:sdl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1126.NASL", "href": "https://www.tenable.com/plugins/nessus/123600", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123600);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-7573\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : SDL (EulerOS-SA-2019-1126)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the SDL packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef\n loop).(CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW\n in audio/SDL_wave.c.(CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c.(CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c.(CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c.(CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer overflow in\n SDL_FillRect in video/SDL_surface.c.(CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c.(CVE-2019-7638)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef\n loop).(CVE-2019-7573)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1126\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5684e8a6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected SDL packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:SDL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"SDL-1.2.15-14.h1\",\n \"SDL-devel-1.2.15-14.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:27:07", "description": "According to the versions of the SDL packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).(CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).(CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.(CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.(CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.(CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.(CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.(CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.(CVE-2019-7638)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : SDL (EulerOS-SA-2019-1343)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7573", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:SDL", "p-cpe:/a:huawei:euleros:SDL-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1343.NASL", "href": "https://www.tenable.com/plugins/nessus/124629", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124629);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-7573\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : SDL (EulerOS-SA-2019-1343)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the SDL packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef\n loop).(CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef\n loop).(CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW\n in audio/SDL_wave.c.(CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c.(CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c.(CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c.(CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer overflow in\n SDL_FillRect in video/SDL_surface.c.(CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c.(CVE-2019-7638)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1343\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a027c454\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected SDL packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:SDL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"SDL-1.2.15-14.h1\",\n \"SDL-devel-1.2.15-14.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:32:15", "description": "According to the versions of the SDL package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).(CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).(CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.(CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.(CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.(CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.(CVE-2019-7638)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.(CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.(CVE-2019-7637)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : SDL (EulerOS-SA-2019-1469)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7573", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:SDL", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1469.NASL", "href": "https://www.tenable.com/plugins/nessus/124793", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124793);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-7573\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : SDL (EulerOS-SA-2019-1469)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the SDL package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef\n loop).(CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef\n loop).(CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW\n in audio/SDL_wave.c.(CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c.(CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c.(CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c.(CVE-2019-7638)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c.(CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer overflow in\n SDL_FillRect in video/SDL_surface.c.(CVE-2019-7637)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1469\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0943461\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected SDL packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"SDL-1.2.15-14.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-01T15:08:25", "description": "According to the versions of the SDL packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).(CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.(CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.(CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.(CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.(CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.(CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.(CVE-2019-7638)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).(CVE-2019-7573)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : SDL (EulerOS-SA-2019-1151)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7573", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sdl", "p-cpe:/a:huawei:euleros:sdl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1151.NASL", "href": "https://www.tenable.com/plugins/nessus/123625", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123625);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-7573\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : SDL (EulerOS-SA-2019-1151)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the SDL packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef\n loop).(CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW\n in audio/SDL_wave.c.(CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c.(CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c.(CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c.(CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer overflow in\n SDL_FillRect in video/SDL_surface.c.(CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c.(CVE-2019-7638)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x\n through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef\n loop).(CVE-2019-7573)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1151\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ddef3c2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected SDL packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:SDL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"SDL-1.2.15-14.h1.eulerosv2r7\",\n \"SDL-devel-1.2.15-14.h1.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:06:32", "description": "This update for SDL2 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n\n - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n\n - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n\n - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n\n - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n\n - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n\n - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n\n - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n\n - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n\n - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n\n - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-04-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : SDL2 (openSUSE-2019-1261)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:sdl2-debugsource", "p-cpe:/a:novell:opensuse:libsdl2-2_0-0", "p-cpe:/a:novell:opensuse:libsdl2-2_0-0-32bit", "p-cpe:/a:novell:opensuse:libsdl2-2_0-0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsdl2-2_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libsdl2-devel", "p-cpe:/a:novell:opensuse:libsdl2-devel-32bit", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1261.NASL", "href": "https://www.tenable.com/plugins/nessus/124267", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1261.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124267);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n\n script_name(english:\"openSUSE Security Update : SDL2 (openSUSE-2019-1261)\");\n script_summary(english:\"Check for the openSUSE-2019-1261 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for SDL2 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-7572: Fixed a buffer over-read in\n IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n\n - CVE-2019-7578: Fixed a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n\n - CVE-2019-7576: Fixed heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n\n - CVE-2019-7573: Fixed a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n\n - CVE-2019-7635: Fixed a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n\n - CVE-2019-7636: Fixed a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n\n - CVE-2019-7638: Fixed a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c (bsc#1124824).\n\n - CVE-2019-7574: Fixed a heap-based buffer over-read in\n IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n\n - CVE-2019-7575: Fixed a heap-based buffer overflow in\n MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n\n - CVE-2019-7637: Fixed a heap-based buffer overflow in\n SDL_FillRect function in SDL_surface.c (bsc#1124825).\n\n - CVE-2019-7577: Fixed a buffer over read in\n SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125099\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected SDL2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:SDL2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"SDL2-debugsource-2.0.8-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libSDL2-2_0-0-2.0.8-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libSDL2-2_0-0-debuginfo-2.0.8-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libSDL2-devel-2.0.8-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libSDL2-2_0-0-32bit-debuginfo-2.0.8-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libSDL2-devel-32bit-2.0.8-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL2-debugsource / libSDL2-2_0-0 / libSDL2-2_0-0-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:08:15", "description": "This update for SDL fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n\nCVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n\nCVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n\nCVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n\nCVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n\nCVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n\nCVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n\nCVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n\nCVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n\nCVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n\nCVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-10T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : SDL (SUSE-SU-2019:0917-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-01-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:sdl-debugsource", "p-cpe:/a:novell:suse_linux:libsdl-1_2", "p-cpe:/a:novell:suse_linux:libsdl-1_2-0-debuginfo", "p-cpe:/a:novell:suse_linux:libsdl-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0917-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123968", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0917-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123968);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : SDL (SUSE-SU-2019:0917-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for SDL fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in\naudio/SDL_wave.c.(bsc#1124806).\n\nCVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in\naudio/SDL_wave.c (bsc#1125099).\n\nCVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in\naudio/SDL_wave.c (bsc#1124799).\n\nCVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in\naudio/SDL_wave.c (bsc#1124805).\n\nCVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in\nvideo/SDL_blit_1.c. (bsc#1124827).\n\nCVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in\nvideo/SDL_pixels.c (bsc#1124826).\n\nCVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in\nvideo/SDL_pixels.c (bsc#1124824).\n\nCVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode\nin audio/SDL_wave.c (bsc#1124803).\n\nCVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode\nin audio/SDL_wave.c (bsc#1124802).\n\nCVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect\nfunction in SDL_surface.c (bsc#1124825).\n\nCVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in\naudio/SDL_wave.c (bsc#1124800).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7572/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7573/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7574/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7575/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7635/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7638/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190917-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f437effd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-917=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:SDL-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libSDL-1_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libSDL-1_2-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libSDL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"SDL-debugsource-1.2.15-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libSDL-1_2-0-1.2.15-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libSDL-1_2-0-debuginfo-1.2.15-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libSDL-devel-1.2.15-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"SDL-debugsource-1.2.15-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libSDL-1_2-0-1.2.15-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libSDL-1_2-0-debuginfo-1.2.15-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libSDL-devel-1.2.15-3.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:02:10", "description": "This update for SDL fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n\nCVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n\nCVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n\nCVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n\nCVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n\nCVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n\nCVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n\nCVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n\nCVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n\nCVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n\nCVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-01T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : SDL (SUSE-SU-2019:13998-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:sdl", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-13998-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123553", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:13998-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123553);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n\n script_name(english:\"SUSE SLES11 Security Update : SDL (SUSE-SU-2019:13998-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for SDL fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in\naudio/SDL_wave.c.(bsc#1124806).\n\nCVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in\naudio/SDL_wave.c (bsc#1125099).\n\nCVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in\naudio/SDL_wave.c (bsc#1124799).\n\nCVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in\naudio/SDL_wave.c (bsc#1124805).\n\nCVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in\nvideo/SDL_blit_1.c. (bsc#1124827).\n\nCVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in\nvideo/SDL_pixels.c (bsc#1124826).\n\nCVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in\nvideo/SDL_pixels.c (bsc#1124824).\n\nCVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode\nin audio/SDL_wave.c (bsc#1124803).\n\nCVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode\nin audio/SDL_wave.c (bsc#1124802).\n\nCVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect\nfunction in SDL_surface.c (bsc#1124825).\n\nCVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in\naudio/SDL_wave.c (bsc#1124800).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7572/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7573/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7574/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7575/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7635/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7638/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-201913998-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b4bfb8ca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-SDL-13998=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-SDL-13998=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-SDL-13998=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-SDL-13998=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"SDL-32bit-1.2.13-106.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"SDL-32bit-1.2.13-106.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"SDL-1.2.13-106.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:18:31", "description": "Security Fix(es) :\n\n - SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)\n\n - SDL: heap-based buffer overflow in function MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n - SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)\n\n - SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)\n\n - SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)\n\n - SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573)\n\n - SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)\n\n - SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7576)\n\n - SDL: buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)\n\n - SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)\n\n - SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)", "cvss3": {}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : SDL on SL7.x x86_64 (20201001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:sdl", "p-cpe:/a:fermilab:scientific_linux:sdl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:sdl-devel", "p-cpe:/a:fermilab:scientific_linux:sdl-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20201001_SDL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/141691", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141691);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n\n script_name(english:\"Scientific Linux Security Update : SDL on SL7.x x86_64 (20201001)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - SDL: buffer over-read in IMA_ADPCM_nibble in\n audio/SDL_wave.c (CVE-2019-7572)\n\n - SDL: heap-based buffer overflow in function\n MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n - SDL: heap-based buffer over-read in SDL_GetRGB in\n video/SDL_pixels.c (CVE-2019-7636)\n\n - SDL: heap-based buffer overflow in SDL_FillRect in\n video/SDL_surface.c (CVE-2019-7637)\n\n - SDL: heap-based buffer over-read in Map1toN in\n video/SDL_pixels.c (CVE-2019-7638)\n\n - SDL: heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (CVE-2019-7573)\n\n - SDL: heap-based buffer over-read in IMA_ADPCM_decode in\n audio/SDL_wave.c (CVE-2019-7574)\n\n - SDL: heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (CVE-2019-7576)\n\n - SDL: buffer over-read in function SDL_LoadWAV_RW in\n audio/SDL_wave.c (CVE-2019-7577)\n\n - SDL: heap-based buffer over-read in InitIMA_ADPCM in\n audio/SDL_wave.c (CVE-2019-7578)\n\n - SDL: heap-based buffer over-read in Blit1to4 in\n video/SDL_blit_1.c (CVE-2019-7635)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2010&L=SCIENTIFIC-LINUX-ERRATA&P=21957\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?565d3119\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:SDL-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:SDL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:SDL-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"SDL-1.2.15-17.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"SDL-debuginfo-1.2.15-17.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"SDL-devel-1.2.15-17.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"SDL-static-1.2.15-17.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL / SDL-debuginfo / SDL-devel / SDL-static\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:13:32", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1500 advisory.\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : SDL (ALAS-2020-1500)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-10-28T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:sdl", "p-cpe:/a:amazon:linux:sdl-debuginfo", "p-cpe:/a:amazon:linux:sdl-devel", "p-cpe:/a:amazon:linux:sdl-static", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1500.NASL", "href": "https://www.tenable.com/plugins/nessus/141985", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1500.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141985);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/28\");\n\n script_cve_id(\n \"CVE-2019-7572\",\n \"CVE-2019-7573\",\n \"CVE-2019-7574\",\n \"CVE-2019-7575\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n script_xref(name:\"ALAS\", value:\"2020-1500\");\n\n script_name(english:\"Amazon Linux 2 : SDL (ALAS-2020-1500)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1500 advisory.\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1500.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7638\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update SDL' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:SDL-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:SDL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:SDL-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'SDL-1.2.15-17.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'SDL-1.2.15-17.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'SDL-1.2.15-17.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'SDL-debuginfo-1.2.15-17.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'SDL-debuginfo-1.2.15-17.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'SDL-debuginfo-1.2.15-17.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'SDL-devel-1.2.15-17.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'SDL-devel-1.2.15-17.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'SDL-devel-1.2.15-17.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'SDL-static-1.2.15-17.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'SDL-static-1.2.15-17.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'SDL-static-1.2.15-17.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL / SDL-debuginfo / SDL-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:08:25", "description": "This update for SDL fixes the following issues: 	 Security issues fixed:	 \n\n - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n\n - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n\n - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n\n - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n\n - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n\n - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n\n - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n\n - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n\n - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n\n - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n\n - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). \n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : SDL (openSUSE-2019-1213)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:sdl-debugsource", "p-cpe:/a:novell:opensuse:libsdl-1_2-0", "p-cpe:/a:novell:opensuse:libsdl-1_2-0-32bit", "p-cpe:/a:novell:opensuse:libsdl-1_2-0-debuginfo", "p-cpe:/a:novell:opensuse:libsdl-1_2-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsdl-devel", "p-cpe:/a:novell:opensuse:libsdl-devel-32bit", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-1213.NASL", "href": "https://www.tenable.com/plugins/nessus/124106", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1213.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124106);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n\n script_name(english:\"openSUSE Security Update : SDL (openSUSE-2019-1213)\");\n script_summary(english:\"Check for the openSUSE-2019-1213 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for SDL fixes the following issues: 	 Security issues\nfixed:	 \n\n - CVE-2019-7572: Fixed a buffer over-read in\n IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n\n - CVE-2019-7578: Fixed a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n\n - CVE-2019-7576: Fixed heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n\n - CVE-2019-7573: Fixed a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n\n - CVE-2019-7635: Fixed a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n\n - CVE-2019-7636: Fixed a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n\n - CVE-2019-7638: Fixed a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c (bsc#1124824).\n\n - CVE-2019-7574: Fixed a heap-based buffer over-read in\n IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n\n - CVE-2019-7575: Fixed a heap-based buffer overflow in\n MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n\n - CVE-2019-7637: Fixed a heap-based buffer overflow in\n SDL_FillRect function in SDL_surface.c (bsc#1124825).\n\n - CVE-2019-7577: Fixed a buffer over read in\n SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). \n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125099\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected SDL packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:SDL-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL-1_2-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL-1_2-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL-1_2-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL-1_2-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"SDL-debugsource-1.2.15-20.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libSDL-1_2-0-1.2.15-20.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libSDL-1_2-0-debuginfo-1.2.15-20.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libSDL-devel-1.2.15-20.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libSDL-1_2-0-32bit-1.2.15-20.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libSDL-1_2-0-debuginfo-32bit-1.2.15-20.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libSDL-devel-32bit-1.2.15-20.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL-debugsource / libSDL-1_2-0 / libSDL-1_2-0-32bit / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:06:16", "description": "This update for SDL fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n\nCVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n\nCVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n\nCVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n\nCVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n\nCVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n\nCVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n\nCVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n\nCVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n\nCVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n\nCVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : SDL (SUSE-SU-2019:0899-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:sdl-debugsource", "p-cpe:/a:novell:suse_linux:libsdl-1_2", "p-cpe:/a:novell:suse_linux:libsdl-1_2-0", "p-cpe:/a:novell:suse_linux:libsdl-1_2-0-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0899-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123925", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0899-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123925);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : SDL (SUSE-SU-2019:0899-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for SDL fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in\naudio/SDL_wave.c.(bsc#1124806).\n\nCVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in\naudio/SDL_wave.c (bsc#1125099).\n\nCVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in\naudio/SDL_wave.c (bsc#1124799).\n\nCVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in\naudio/SDL_wave.c (bsc#1124805).\n\nCVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in\nvideo/SDL_blit_1.c. (bsc#1124827).\n\nCVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in\nvideo/SDL_pixels.c (bsc#1124826).\n\nCVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in\nvideo/SDL_pixels.c (bsc#1124824).\n\nCVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode\nin audio/SDL_wave.c (bsc#1124803).\n\nCVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode\nin audio/SDL_wave.c (bsc#1124802).\n\nCVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect\nfunction in SDL_surface.c (bsc#1124825).\n\nCVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in\naudio/SDL_wave.c (bsc#1124800).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7572/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7573/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7574/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7575/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7635/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7638/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190899-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82eb6f48\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-899=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-899=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-899=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-899=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-899=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-899=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:SDL-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libSDL-1_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libSDL-1_2-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libSDL-1_2-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"SDL-debugsource-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libSDL-1_2-0-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libSDL-1_2-0-32bit-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libSDL-1_2-0-debuginfo-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libSDL-1_2-0-debuginfo-32bit-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"SDL-debugsource-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libSDL-1_2-0-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libSDL-1_2-0-32bit-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libSDL-1_2-0-debuginfo-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libSDL-1_2-0-debuginfo-32bit-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"SDL-debugsource-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libSDL-1_2-0-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libSDL-1_2-0-debuginfo-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"SDL-debugsource-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libSDL-1_2-0-1.2.15-15.11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libSDL-1_2-0-debuginfo-1.2.15-15.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:00:37", "description": "The update of libsdl2 released as DLA 1714-1 led to several regressions, as reported by Avital Ostromich. These regressions are caused by libsdl1.2 patches for CVE-2019-7637, CVE-2019-7635, CVE-2019-7638 and CVE-2019-7636 being applied to libsdl2 without adaptations.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 2.0.2+dfsg1-6+deb8u2.\n\nWe recommend that you upgrade your libsdl2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-03-14T00:00:00", "type": "nessus", "title": "Debian DLA-1714-2 : libsdl2 regression update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libsdl2-2.0-0", "p-cpe:/a:debian:debian_linux:libsdl2-dbg", "p-cpe:/a:debian:debian_linux:libsdl2-dev", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1714.NASL", "href": "https://www.tenable.com/plugins/nessus/122829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1714-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122829);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n\n script_name(english:\"Debian DLA-1714-2 : libsdl2 regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The update of libsdl2 released as DLA 1714-1 led to several\nregressions, as reported by Avital Ostromich. These regressions are\ncaused by libsdl1.2 patches for CVE-2019-7637, CVE-2019-7635,\nCVE-2019-7638 and CVE-2019-7636 being applied to libsdl2 without\nadaptations.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n2.0.2+dfsg1-6+deb8u2.\n\nWe recommend that you upgrade your libsdl2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libsdl2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsdl2-2.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsdl2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsdl2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libsdl2-2.0-0\", reference:\"2.0.2+dfsg1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsdl2-dbg\", reference:\"2.0.2+dfsg1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsdl2-dev\", reference:\"2.0.2+dfsg1-6+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:24:20", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4627 advisory.\n\n - SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)\n\n - SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573, CVE-2019-7576)\n\n - SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)\n\n - SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n - SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)\n\n - SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)\n\n - SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)\n\n - SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)\n\n - SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)\n\n - SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 8 : SDL (RHSA-2020:4627)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:sdl", "p-cpe:/a:redhat:enterprise_linux:sdl-devel"], "id": "REDHAT-RHSA-2020-4627.NASL", "href": "https://www.tenable.com/plugins/nessus/142387", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4627. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142387);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2019-7572\",\n \"CVE-2019-7573\",\n \"CVE-2019-7574\",\n \"CVE-2019-7575\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4627\");\n\n script_name(english:\"RHEL 8 : SDL (RHSA-2020:4627)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4627 advisory.\n\n - SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)\n\n - SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573, CVE-2019-7576)\n\n - SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)\n\n - SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n - SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)\n\n - SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)\n\n - SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)\n\n - SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)\n\n - SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)\n\n - SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1677143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1677151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1677156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1677158\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected SDL and / or SDL-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(120, 122, 125);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SDL-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'SDL-1.2.15-38.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'SDL-devel-1.2.15-38.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'SDL-1.2.15-38.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'SDL-devel-1.2.15-38.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'SDL-1.2.15-38.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'SDL-devel-1.2.15-38.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SDL / SDL-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:29:07", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4627 advisory.\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : SDL (ELSA-2020-4627)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-11-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:sdl", "p-cpe:/a:oracle:linux:sdl-devel"], "id": "ORACLELINUX_ELSA-2020-4627.NASL", "href": "https://www.tenable.com/plugins/nessus/142805", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4627.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142805);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\n \"CVE-2019-7572\",\n \"CVE-2019-7573\",\n \"CVE-2019-7574\",\n \"CVE-2019-7575\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n\n script_name(english:\"Oracle Linux 8 : SDL (ELSA-2020-4627)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4627 advisory.\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4627.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected SDL and / or SDL-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:SDL-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'SDL-1.2.15-38.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'SDL-1.2.15-38.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'SDL-1.2.15-38.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'SDL-devel-1.2.15-38.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'SDL-devel-1.2.15-38.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'SDL-devel-1.2.15-38.el8', 'cpu':'x86_64', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SDL / SDL-devel');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T14:52:05", "description": "This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-02-26T00:00:00", "type": "nessus", "title": "Fedora 29 : SDL (2019-7a554204c1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-02-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:sdl", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-7A554204C1.NASL", "href": "https://www.tenable.com/plugins/nessus/122439", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-7a554204c1.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122439);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/07\");\n\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n script_xref(name:\"FEDORA\", value:\"2019-7a554204c1\");\n\n script_name(english:\"Fedora 29 : SDL (2019-7a554204c1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release fixes various buffer overflows when parsing or processing\ndamaged Waveform audio and BMP image files.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-7a554204c1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected SDL package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"SDL-1.2.15-36.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T19:36:42", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has SDL packages installed that are affected by multiple vulnerabilities:\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : SDL Multiple Vulnerabilities (NS-SA-2021-0168)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:sdl", "p-cpe:/a:zte:cgsl_core:sdl-devel", "p-cpe:/a:zte:cgsl_core:sdl-static", "p-cpe:/a:zte:cgsl_main:sdl", "p-cpe:/a:zte:cgsl_main:sdl-devel", "p-cpe:/a:zte:cgsl_main:sdl-static", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0168_SDL.NASL", "href": "https://www.tenable.com/plugins/nessus/154584", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0168. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154584);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2019-7572\",\n \"CVE-2019-7573\",\n \"CVE-2019-7574\",\n \"CVE-2019-7575\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : SDL Multiple Vulnerabilities (NS-SA-2021-0168)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has SDL packages installed that are affected by\nmultiple vulnerabilities:\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0168\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-7572\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-7573\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-7574\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-7575\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-7576\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-7577\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-7578\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-7635\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-7636\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-7637\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-7638\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL SDL packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:SDL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:SDL-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:SDL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:SDL-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'SDL-1.2.15-17.el7',\n 'SDL-devel-1.2.15-17.el7',\n 'SDL-static-1.2.15-17.el7'\n ],\n 'CGSL MAIN 5.05': [\n 'SDL-1.2.15-17.el7',\n 'SDL-devel-1.2.15-17.el7',\n 'SDL-static-1.2.15-17.el7'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SDL');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:03:54", "description": "The update of libsdl1.2 released as DLA 1713-1 led to a regression, caused by an incomplete fix for CVE-2019-7637. This issue was known upstream and resulted, among others, in windows versions from libsdl1.2 failing to set video mode.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 1.2.15-10+deb8u2.\n\nWe recommend that you upgrade your libsdl1.2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-03-14T00:00:00", "type": "nessus", "title": "Debian DLA-1713-2 : libsdl1.2 regression update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libsdl1.2-dbg", "p-cpe:/a:debian:debian_linux:libsdl1.2-dev", "p-cpe:/a:debian:debian_linux:libsdl1.2debian", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1713.NASL", "href": "https://www.tenable.com/plugins/nessus/122828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1713-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122828);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n\n script_name(english:\"Debian DLA-1713-2 : libsdl1.2 regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The update of libsdl1.2 released as DLA 1713-1 led to a regression,\ncaused by an incomplete fix for CVE-2019-7637. This issue was known\nupstream and resulted, among others, in windows versions from\nlibsdl1.2 failing to set video mode.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1.2.15-10+deb8u2.\n\nWe recommend that you upgrade your libsdl1.2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libsdl1.2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsdl1.2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsdl1.2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsdl1.2debian\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libsdl1.2-dbg\", reference:\"1.2.15-10+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsdl1.2-dev\", reference:\"1.2.15-10+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsdl1.2debian\", reference:\"1.2.15-10+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:25:36", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3868 advisory.\n\n - SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)\n\n - SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573, CVE-2019-7576)\n\n - SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)\n\n - SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n - SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)\n\n - SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)\n\n - SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)\n\n - SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)\n\n - SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)\n\n - SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-19T00:00:00", "type": "nessus", "title": "RHEL 7 : SDL (RHSA-2020:3868)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:sdl", "p-cpe:/a:redhat:enterprise_linux:sdl-devel", "p-cpe:/a:redhat:enterprise_linux:sdl-static"], "id": "REDHAT-RHSA-2020-3868.NASL", "href": "https://www.tenable.com/plugins/nessus/143077", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3868. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143077);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2019-7572\",\n \"CVE-2019-7573\",\n \"CVE-2019-7574\",\n \"CVE-2019-7575\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3868\");\n\n script_name(english:\"RHEL 7 : SDL (RHSA-2020:3868)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3868 advisory.\n\n - SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)\n\n - SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573, CVE-2019-7576)\n\n - SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)\n\n - SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n - SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)\n\n - SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)\n\n - SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)\n\n - SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)\n\n - SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)\n\n - SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1676781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1677143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1677151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1677156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1677158\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected SDL, SDL-devel and / or SDL-static packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(120, 122, 125);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SDL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:SDL-static\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'SDL-1.2.15-17.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'SDL-devel-1.2.15-17.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'SDL-static-1.2.15-17.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SDL / SDL-devel / SDL-static');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:10:29", "description": "This update for SDL2 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n\nCVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n\nCVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n\nCVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n\nCVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n\nCVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n\nCVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n\nCVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n\nCVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n\nCVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n\nCVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-16T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : SDL2 (SUSE-SU-2019:0950-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-01-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:sdl2-debugsource", "p-cpe:/a:novell:suse_linux:libsdl2-2_0", "p-cpe:/a:novell:suse_linux:libsdl2-2_0-0-debuginfo", "p-cpe:/a:novell:suse_linux:libsdl2-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0950-1.NASL", "href": "https://www.tenable.com/plugins/nessus/124083", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0950-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124083);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : SDL2 (SUSE-SU-2019:0950-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for SDL2 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in\naudio/SDL_wave.c.(bsc#1124806).\n\nCVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in\naudio/SDL_wave.c (bsc#1125099).\n\nCVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in\naudio/SDL_wave.c (bsc#1124799).\n\nCVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in\naudio/SDL_wave.c (bsc#1124805).\n\nCVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in\nvideo/SDL_blit_1.c. (bsc#1124827).\n\nCVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in\nvideo/SDL_pixels.c (bsc#1124826).\n\nCVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in\nvideo/SDL_pixels.c (bsc#1124824).\n\nCVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode\nin audio/SDL_wave.c (bsc#1124803).\n\nCVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode\nin audio/SDL_wave.c (bsc#1124802).\n\nCVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect\nfunction in SDL_surface.c (bsc#1124825).\n\nCVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in\naudio/SDL_wave.c (bsc#1124800).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7572/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7573/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7574/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7575/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7635/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7638/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190950-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2148cf91\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-950=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:SDL2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libSDL2-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libSDL2-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libSDL2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"SDL2-debugsource-2.0.8-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libSDL2-2_0-0-2.0.8-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libSDL2-2_0-0-debuginfo-2.0.8-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libSDL2-devel-2.0.8-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"SDL2-debugsource-2.0.8-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libSDL2-2_0-0-2.0.8-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libSDL2-2_0-0-debuginfo-2.0.8-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libSDL2-devel-2.0.8-3.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:13:37", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4627 advisory.\n\n - SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)\n\n - SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573, CVE-2019-7576)\n\n - SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)\n\n - SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n - SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)\n\n - SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)\n\n - SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)\n\n - SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)\n\n - SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)\n\n - SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : SDL (CESA-2020:4627)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:sdl", "p-cpe:/a:centos:centos:sdl-devel"], "id": "CENTOS8_RHSA-2020-4627.NASL", "href": "https://www.tenable.com/plugins/nessus/146035", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4627. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146035);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2019-7572\",\n \"CVE-2019-7573\",\n \"CVE-2019-7574\",\n \"CVE-2019-7575\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4627\");\n\n script_name(english:\"CentOS 8 : SDL (CESA-2020:4627)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4627 advisory.\n\n - SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)\n\n - SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573, CVE-2019-7576)\n\n - SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)\n\n - SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n - SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)\n\n - SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)\n\n - SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)\n\n - SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)\n\n - SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)\n\n - SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4627\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected SDL and / or SDL-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:SDL-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'SDL-1.2.15-38.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'SDL-1.2.15-38.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'SDL-devel-1.2.15-38.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'SDL-devel-1.2.15-38.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SDL / SDL-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T14:53:37", "description": "Security fix for CVE-2019-13616, CVE-2019-7572, CVE-2019-7572, CVE-2019-7573 CVE-2019-7576, CVE-2019-7574, CVE-2019-7575, CVE-2019-7577, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7637, CVE-2019-7638, CVE-2019-7636\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-02-24T00:00:00", "type": "nessus", "title": "Fedora 31 : mingw-SDL (2020-24652fe41c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13616", "CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-02-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-sdl", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-24652FE41C.NASL", "href": "https://www.tenable.com/plugins/nessus/133882", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-24652fe41c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133882);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/26\");\n\n script_cve_id(\"CVE-2019-13616\", \"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n script_xref(name:\"FEDORA\", value:\"2020-24652fe41c\");\n\n script_name(english:\"Fedora 31 : mingw-SDL (2020-24652fe41c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-13616, CVE-2019-7572, CVE-2019-7572,\nCVE-2019-7573 CVE-2019-7576, CVE-2019-7574, CVE-2019-7575,\nCVE-2019-7577, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635,\nCVE-2019-7637, CVE-2019-7638, CVE-2019-7636\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-24652fe41c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-SDL package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"mingw-SDL-1.2.15-14.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-SDL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:29:35", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has SDL packages installed that are affected by multiple vulnerabilities:\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : SDL Multiple Vulnerabilities (NS-SA-2021-0077)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-03-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0077_SDL.NASL", "href": "https://www.tenable.com/plugins/nessus/147263", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0077. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147263);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\n \"CVE-2019-7572\",\n \"CVE-2019-7573\",\n \"CVE-2019-7574\",\n \"CVE-2019-7575\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : SDL Multiple Vulnerabilities (NS-SA-2021-0077)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has SDL packages installed that are affected by multiple\nvulnerabilities:\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0077\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL SDL packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 6.02': [\n 'SDL-1.2.15-38.el8',\n 'SDL-debuginfo-1.2.15-38.el8',\n 'SDL-debugsource-1.2.15-38.el8',\n 'SDL-devel-1.2.15-38.el8',\n 'SDL-static-1.2.15-38.el8'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SDL');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:12:57", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3868 advisory.\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : SDL (ELSA-2020-3868)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:sdl", "p-cpe:/a:oracle:linux:sdl-devel", "p-cpe:/a:oracle:linux:sdl-static"], "id": "ORACLELINUX_ELSA-2020-3868.NASL", "href": "https://www.tenable.com/plugins/nessus/141228", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-3868.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141228);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\n \"CVE-2019-7572\",\n \"CVE-2019-7573\",\n \"CVE-2019-7574\",\n \"CVE-2019-7575\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n\n script_name(english:\"Oracle Linux 7 : SDL (ELSA-2020-3868)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-3868 advisory.\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://linux.oracle.com/errata/ELSA-2020-3868.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected SDL, SDL-devel and / or SDL-static packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:SDL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:SDL-static\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'SDL-1.2.15-17.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'SDL-1.2.15-17.el7', 'cpu':'i686', 'release':'7'},\n {'reference':'SDL-1.2.15-17.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'SDL-devel-1.2.15-17.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'SDL-devel-1.2.15-17.el7', 'cpu':'i686', 'release':'7'},\n {'reference':'SDL-devel-1.2.15-17.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'SDL-static-1.2.15-17.el7', 'cpu':'aarch64', 'release':'7'},\n {'reference':'SDL-static-1.2.15-17.el7', 'cpu':'i686', 'release':'7'},\n {'reference':'SDL-static-1.2.15-17.el7', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SDL / SDL-devel / SDL-static');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-03T14:35:02", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has SDL packages installed that are affected by multiple vulnerabilities:\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : SDL Multiple Vulnerabilities (NS-SA-2021-0042)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-03-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0042_SDL.NASL", "href": "https://www.tenable.com/plugins/nessus/147259", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0042. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147259);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\n \"CVE-2019-7572\",\n \"CVE-2019-7573\",\n \"CVE-2019-7574\",\n \"CVE-2019-7575\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : SDL Multiple Vulnerabilities (NS-SA-2021-0042)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has SDL packages installed that are affected by\nmultiple vulnerabilities:\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0042\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL SDL packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'SDL-1.2.15-17.el7',\n 'SDL-devel-1.2.15-17.el7',\n 'SDL-static-1.2.15-17.el7'\n ],\n 'CGSL MAIN 5.04': [\n 'SDL-1.2.15-17.el7',\n 'SDL-devel-1.2.15-17.el7',\n 'SDL-static-1.2.15-17.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SDL');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:10:54", "description": "This update for SDL fixes the following issues :\n\nSecurity issues fixed:	 \n\n - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n\n - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n\n - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n\n - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n\n - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n\n - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n\n - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n\n - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n\n - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n\n - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n\n - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-04-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : SDL (openSUSE-2019-1223)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:sdl-debugsource", "p-cpe:/a:novell:opensuse:libsdl-1_2-0", "p-cpe:/a:novell:opensuse:libsdl-1_2-0-32bit", "p-cpe:/a:novell:opensuse:libsdl-1_2-0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsdl-1_2-0-debuginfo", "p-cpe:/a:novell:opensuse:libsdl-devel", "p-cpe:/a:novell:opensuse:libsdl-devel-32bit", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1223.NASL", "href": "https://www.tenable.com/plugins/nessus/124144", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1223.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124144);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n\n script_name(english:\"openSUSE Security Update : SDL (openSUSE-2019-1223)\");\n script_summary(english:\"Check for the openSUSE-2019-1223 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for SDL fixes the following issues :\n\nSecurity issues fixed:	 \n\n - CVE-2019-7572: Fixed a buffer over-read in\n IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n\n - CVE-2019-7578: Fixed a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n\n - CVE-2019-7576: Fixed heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n\n - CVE-2019-7573: Fixed a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n\n - CVE-2019-7635: Fixed a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n\n - CVE-2019-7636: Fixed a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n\n - CVE-2019-7638: Fixed a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c (bsc#1124824).\n\n - CVE-2019-7574: Fixed a heap-based buffer over-read in\n IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n\n - CVE-2019-7575: Fixed a heap-based buffer overflow in\n MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n\n - CVE-2019-7637: Fixed a heap-based buffer overflow in\n SDL_FillRect function in SDL_surface.c (bsc#1124825).\n\n - CVE-2019-7577: Fixed a buffer over read in\n SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125099\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected SDL packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:SDL-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL-1_2-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL-1_2-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL-1_2-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL-1_2-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libSDL-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"SDL-debugsource-1.2.15-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libSDL-1_2-0-1.2.15-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libSDL-1_2-0-debuginfo-1.2.15-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libSDL-devel-1.2.15-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libSDL-1_2-0-32bit-debuginfo-1.2.15-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libSDL-devel-32bit-1.2.15-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL-debugsource / libSDL-1_2-0 / libSDL-1_2-0-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:22:03", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3868 advisory.\n\n - SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)\n\n - SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573, CVE-2019-7576)\n\n - SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)\n\n - SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n - SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)\n\n - SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)\n\n - SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)\n\n - SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)\n\n - SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)\n\n - SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "CentOS 7 : SDL (CESA-2020:3868)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:sdl", "p-cpe:/a:centos:centos:sdl-devel", "p-cpe:/a:centos:centos:sdl-static", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-3868.NASL", "href": "https://www.tenable.com/plugins/nessus/141585", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3868 and\n# CentOS Errata and Security Advisory 2020:3868 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141585);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\n \"CVE-2019-7572\",\n \"CVE-2019-7573\",\n \"CVE-2019-7574\",\n \"CVE-2019-7575\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3868\");\n\n script_name(english:\"CentOS 7 : SDL (CESA-2020:3868)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:3868 advisory.\n\n - SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)\n\n - SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573, CVE-2019-7576)\n\n - SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)\n\n - SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n - SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)\n\n - SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)\n\n - SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)\n\n - SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)\n\n - SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)\n\n - SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-October/012834.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2c78ed54\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected SDL, SDL-devel and / or SDL-static packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(120, 122, 125);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:SDL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:SDL-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'SDL-1.2.15-17.el7', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'SDL-1.2.15-17.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'SDL-devel-1.2.15-17.el7', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'SDL-devel-1.2.15-17.el7', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'SDL-static-1.2.15-17.el7', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'SDL-static-1.2.15-17.el7', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'SDL / SDL-devel / SDL-static');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T15:01:25", "description": "This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-03-04T00:00:00", "type": "nessus", "title": "Fedora 28 : SDL (2019-6092f8c0dc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-02-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:sdl", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-6092F8C0DC.NASL", "href": "https://www.tenable.com/plugins/nessus/122561", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-6092f8c0dc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122561);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/07\");\n\n script_cve_id(\"CVE-2019-7572\", \"CVE-2019-7573\", \"CVE-2019-7574\", \"CVE-2019-7575\", \"CVE-2019-7576\", \"CVE-2019-7577\", \"CVE-2019-7578\", \"CVE-2019-7635\", \"CVE-2019-7636\", \"CVE-2019-7637\", \"CVE-2019-7638\");\n script_xref(name:\"FEDORA\", value:\"2019-6092f8c0dc\");\n\n script_name(english:\"Fedora 28 : SDL (2019-6092f8c0dc)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release fixes various buffer overflows when parsing or processing\ndamaged Waveform audio and BMP image files.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-6092f8c0dc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected SDL package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:SDL\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"SDL-1.2.15-31.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SDL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:51:05", "description": "It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-10-16T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : SDL vulnerabilities (USN-4156-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13616", "CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libsdl1.2debian", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libsdl1.2-dev"], "id": "UBUNTU_USN-4156-1.NASL", "href": "https://www.tenable.com/plugins/nessus/129968", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4156-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129968);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2019-13616\",\n \"CVE-2019-7572\",\n \"CVE-2019-7573\",\n \"CVE-2019-7574\",\n \"CVE-2019-7575\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\"\n );\n script_xref(name:\"USN\", value:\"4156-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : SDL vulnerabilities (USN-4156-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that SDL incorrectly handled certain images. If a\nuser were tricked into opening a crafted image file, a remote attacker\ncould use this issue to cause SDL to crash, resulting in a denial of\nservice, or possibly execute arbitary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4156-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libsdl1.2-dev and / or libsdl1.2debian packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsdl1.2debian\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsdl1.2-dev\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libsdl1.2-dev', 'pkgver': '1.2.15+dfsg1-3ubuntu0.1'},\n {'osver': '16.04', 'pkgname': 'libsdl1.2debian', 'pkgver': '1.2.15+dfsg1-3ubuntu0.1'},\n {'osver': '18.04', 'pkgname': 'libsdl1.2-dev', 'pkgver': '1.2.15+dfsg2-0.1ubuntu0.1'},\n {'osver': '18.04', 'pkgname': 'libsdl1.2debian', 'pkgver': '1.2.15+dfsg2-0.1ubuntu0.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsdl1.2-dev / libsdl1.2debian');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T19:37:42", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2804 advisory.\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. (CVE-2019-13616)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-31T00:00:00", "type": "nessus", "title": "Debian DLA-2804-1 : libsdl1.2 - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13616", "CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libsdl1.2-dev", "p-cpe:/a:debian:debian_linux:libsdl1.2debian", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2804.NASL", "href": "https://www.tenable.com/plugins/nessus/154753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2804. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154753);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2019-7572\",\n \"CVE-2019-7573\",\n \"CVE-2019-7574\",\n \"CVE-2019-7575\",\n \"CVE-2019-7576\",\n \"CVE-2019-7577\",\n \"CVE-2019-7578\",\n \"CVE-2019-7635\",\n \"CVE-2019-7636\",\n \"CVE-2019-7637\",\n \"CVE-2019-7638\",\n \"CVE-2019-13616\"\n );\n\n script_name(english:\"Debian DLA-2804-1 : libsdl1.2 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2804 advisory.\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. (CVE-2019-13616)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in\n SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in\n SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\n - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in\n Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/libsdl1.2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-13616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-7572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-7573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-7574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-7575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-7576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-7577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-7578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-7635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-7636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-7637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-7638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/libsdl1.2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the libsdl1.2 packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 1.2.15+dfsg1-4+deb9u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsdl1.2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsdl1.2debian\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'libsdl1.2-dev', 'reference': '1.2.15+dfsg1-4+deb9u1'},\n {'release': '9.0', 'prefix': 'libsdl1.2debian', 'reference': '1.2.15+dfsg1-4+deb9u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsdl1.2-dev / libsdl1.2debian');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2022-07-26T16:26:23", "description": "Simple DirectMedia Layer (SDL) is vulnerable to heap-based buffer overflow. It is possible due to a flaw in SDL_FillRect in `video/SDL_surface.c`.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-01T03:53:24", "type": "veracode", "title": "Heap-based Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7637"], "modified": "2021-11-30T22:11:22", "id": "VERACODE:27462", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-27462/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-04-18T12:41:57", "description": "An update that solves one vulnerability and has one errata\n is now available.\n\nDescription:\n\n This update for SDL2 fixes the following issues:\n\n - Remove the fix for CVE-2019-7637, the modification of function\n SDL_CalculatePitch is only suited for SDL not SDL2, and breaks SDL2\n software. (bsc#1134135)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1632=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-27T00:00:00", "type": "suse", "title": "Security update for SDL2 (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7637"], "modified": "2019-06-27T00:00:00", "id": "OPENSUSE-SU-2019:1632-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7YJX5NSXBCENKYURQGKRNPLWFUNAJE2P/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:41:57", "description": "An update that solves one vulnerability and has one errata\n is now available.\n\nDescription:\n\n This update for SDL2 fixes the following issues:\n\n - Remove the fix for CVE-2019-7637, the modification of function\n SDL_CalculatePitch is only suited for SDL not SDL2, and breaks SDL2\n software. (bsc#1134135)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1633=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-27T00:00:00", "type": "suse", "title": "Security update for SDL2 (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7637"], "modified": "2019-06-27T00:00:00", "id": "OPENSUSE-SU-2019:1633-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HWWGNEISNASSWP5NTBQLM6YLUKJPUBIS/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T10:41:13", "description": "An update that fixes 11 vulnerabilities is now available.\n\nDescription:\n\n This update for SDL fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in\n audio/SDL_wave.c.(bsc#1124806).\n - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in\n audio/SDL_wave.c (bsc#1125099).\n - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (bsc#1124799).\n - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (bsc#1124805).\n - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in\n video/SDL_blit_1.c. (bsc#1124827).\n - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in\n video/SDL_pixels.c (bsc#1124826).\n - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in\n video/SDL_pixels.c (bsc#1124824).\n - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode\n in audio/SDL_wave.c (bsc#1124803).\n - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in\n audio/SDL_wave.c (bsc#1124802).\n - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect\n function in SDL_surface.c (bsc#1124825).\n - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in\n audio/SDL_wave.c (bsc#1124800).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1223=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-17T00:00:00", "type": "suse", "title": "Security update for SDL (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-04-17T00:00:00", "id": "OPENSUSE-SU-2019:1223-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T10:41:13", "description": "An update that fixes 11 vulnerabilities is now available.\n\nDescription:\n\n This update for SDL2 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in\n audio/SDL_wave.c.(bsc#1124806).\n - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in\n audio/SDL_wave.c (bsc#1125099).\n - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (bsc#1124799).\n - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (bsc#1124805).\n - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in\n video/SDL_blit_1.c. (bsc#1124827).\n - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in\n video/SDL_pixels.c (bsc#1124826).\n - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in\n video/SDL_pixels.c (bsc#1124824).\n - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode\n in audio/SDL_wave.c (bsc#1124803).\n - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in\n audio/SDL_wave.c (bsc#1124802).\n - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect\n function in SDL_surface.c (bsc#1124825).\n - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in\n audio/SDL_wave.c (bsc#1124800).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1261=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-23T00:00:00", "type": "suse", "title": "Security update for SDL2 (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-04-23T00:00:00", "id": "OPENSUSE-SU-2019:1261-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:42:07", "description": "An update that fixes 11 vulnerabilities is now available.\n\nDescription:\n\n This update for SDL fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in\n audio/SDL_wave.c.(bsc#1124806).\n - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in\n audio/SDL_wave.c (bsc#1125099).\n - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (bsc#1124799).\n - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in\n audio/SDL_wave.c (bsc#1124805).\n - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in\n video/SDL_blit_1.c. (bsc#1124827).\n - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in\n video/SDL_pixels.c (bsc#1124826).\n - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in\n video/SDL_pixels.c (bsc#1124824).\n - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode\n in audio/SDL_wave.c (bsc#1124803).\n - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in\n audio/SDL_wave.c (bsc#1124802).\n - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect\n function in SDL_surface.c (bsc#1124825).\n - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in\n audio/SDL_wave.c (bsc#1124800).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1213=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-16T00:00:00", "type": "suse", "title": "Security update for SDL (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-04-16T00:00:00", "id": "OPENSUSE-SU-2019:1213-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZRCDLQ2YIEJ6ULD3V4IHTBE3ZLPAYH62/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-12-03T18:27:36", "description": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-02-08T11:29:00", "type": "debiancve", "title": "CVE-2019-7637", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7637"], "modified": "2019-02-08T11:29:00", "id": "DEBIANCVE:CVE-2019-7637", "href": "https://security-tracker.debian.org/tracker/CVE-2019-7637", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-11-22T02:19:33", "description": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2019-02-08T11:29:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7637"], "modified": "2021-11-30T19:53:00", "id": "PRION:CVE-2019-7637", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-7637", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-12-02T11:55:24", "description": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-02-14T07:50:06", "type": "redhatcve", "title": "CVE-2019-7637", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7637"], "modified": "2023-04-06T06:39:10", "id": "RH:CVE-2019-7637", "href": "https://access.redhat.com/security/cve/cve-2019-7637", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-03T14:20:30", "description": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a\nheap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.\n\n#### Bugs\n\n * <https://bugzilla.libsdl.org/show_bug.cgi?id=4497>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924609>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924610>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[emitorino](<https://launchpad.net/~emitorino>) | Patch causes regressions for some applications/games: https://bugzilla.novell.com/show_bug.cgi?id=1124825\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-02-08T00:00:00", "type": "ubuntucve", "title": "CVE-2019-7637", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7637"], "modified": "2019-02-08T00:00:00", "id": "UB:CVE-2019-7637", "href": "https://ubuntu.com/security/CVE-2019-7637", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T13:57:28", "description": "SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and\nresultant SDL_memcpy heap corruption) in SDL_BlitCopy in\nvideo/SDL_blit_copy.c via a crafted .BMP file.\n\n#### Bugs\n\n * <https://bugzilla.libsdl.org/show_bug.cgi?id=5200>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | for libsdl1.2, this was fixed by CVE-2019-7637\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-19T00:00:00", "type": "ubuntucve", "title": "CVE-2020-14409", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7637", "CVE-2020-14409"], "modified": "2021-01-19T00:00:00", "id": "UB:CVE-2020-14409", "href": "https://ubuntu.com/security/CVE-2020-14409", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T13:57:28", "description": "SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer\nover-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a\ncrafted .BMP file.\n\n#### Bugs\n\n * <https://bugzilla.libsdl.org/show_bug.cgi?id=5200>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | same commit as CVE-2020-14409 for libsdl1.2, this was fixed by CVE-2019-7637\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2021-01-19T00:00:00", "type": "ubuntucve", "title": "CVE-2020-14410", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7637", "CVE-2020-14409", "CVE-2020-14410"], "modified": "2021-01-19T00:00:00", "id": "UB:CVE-2020-14410", "href": "https://ubuntu.com/security/CVE-2020-14410", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "alpinelinux": [{"lastseen": "2023-12-03T16:03:16", "description": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-02-08T11:29:00", "type": "alpinelinux", "title": "CVE-2019-7637", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7637"], "modified": "2023-11-07T03:13:00", "id": "ALPINE:CVE-2019-7637", "href": "https://security.alpinelinux.org/vuln/CVE-2019-7637", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-12-03T16:23:19", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2803-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Adrian Bunk\nOctober 31, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : libsdl2\nVersion : 2.0.5+dfsg1-2+deb9u2\nCVE ID : CVE-2017-2888 CVE-2019-7637\nDebian Bug : 878264\n\nA vulnerability has been fixed in libsdl2, the newer version of the \nSimple DirectMedia Layer library that provides low level access to \naudio, keyboard, mouse, joystick, and graphics hardware.\n\nCVE-2017-2888\nCVE-2019-7637\n\n Potential overflow in surface allocation was fixed.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.0.5+dfsg1-2+deb9u2.\n\nWe recommend that you upgrade your libsdl2 packages.\n\nFor the detailed security status of libsdl2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libsdl2\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-31T09:06:17", "type": "debian", "title": "[SECURITY] [DLA 2803-1] libsdl2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2888", "CVE-2019-7637"], "modified": "2021-10-31T09:06:17", "id": "DEBIAN:DLA-2803-1:76EAE", "href": "https://lists.debian.org/debian-lts-announce/2021/10/msg00031.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:19:11", "description": "Package : libsdl1.2\nVersion : 1.2.15-10+deb8u2\nCVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575\n CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635\n CVE-2019-7636 CVE-2019-7637 CVE-2019-7638\n\nThe update of libsdl1.2 released as DLA 1713-1 led to a regression, caused\nby an incomplete fix for CVE-2019-7637. This issue was known upstream and\nresulted, among others, in windows versions from libsdl1.2 failing to set\nvideo mode.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n1.2.15-10+deb8u2.\n\nWe recommend that you upgrade your libsdl1.2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-10-17T09:45:37", "type": "debian", "title": "[SECURITY] [DLA 1713-2] libsdl1.2 regression update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-10-17T09:45:37", "id": "DEBIAN:DLA-1713-2:CAA4F", "href": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-05T16:59:41", "description": "Package : libsdl1.2\nVersion : 1.2.15-10+deb8u1\nCVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575\n CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635\n CVE-2019-7636 CVE-2019-7637 CVE-2019-7638\n\nMultiple buffer overflow security issues have been found in libsdl1.2,\na library that allows low level access to a video frame buffer, audio\noutput, mouse, and keyboard.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.2.15-10+deb8u1.\n\nWe recommend that you upgrade your libsdl1.2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-03-13T16:52:59", "type": "debian", "title": "[SECURITY] [DLA 1713-1] libsdl1.2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-03-13T16:52:59", "id": "DEBIAN:DLA-1713-1:A0327", "href": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-05T16:59:34", "description": "Package : libsdl2\nVersion : 2.0.2+dfsg1-6+deb8u1\nCVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575\n CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635\n CVE-2019-7636 CVE-2019-7637 CVE-2019-7638\n\n\nMultiple buffer overflow security issues have been found in libsdl2,\na library that allows low level access to a video frame buffer, audio\noutput, mouse, and keyboard.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n2.0.2+dfsg1-6+deb8u1.\n\nWe recommend that you upgrade your libsdl2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-03-13T16:55:49", "type": "debian", "title": "[SECURITY] [DLA 1714-1] libsdl2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-03-13T16:55:49", "id": "DEBIAN:DLA-1714-1:3A085", "href": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T16:37:46", "description": "Package : libsdl2\nVersion : 2.0.2+dfsg1-6+deb8u1\nCVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575\n CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635\n CVE-2019-7636 CVE-2019-7637 CVE-2019-7638\n\n\nMultiple buffer overflow security issues have been found in libsdl2,\na library that allows low level access to a video frame buffer, audio\noutput, mouse, and keyboard.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n2.0.2+dfsg1-6+deb8u1.\n\nWe recommend that you upgrade your libsdl2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-03-13T16:55:49", "type": "debian", "title": "[SECURITY] [DLA 1714-1] libsdl2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-03-13T16:55:49", "id": "DEBIAN:DLA-1714-1:580CA", "href": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T16:37:39", "description": "Package : libsdl1.2\nVersion : 1.2.15-10+deb8u1\nCVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575\n CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635\n CVE-2019-7636 CVE-2019-7637 CVE-2019-7638\n\nMultiple buffer overflow security issues have been found in libsdl1.2,\na library that allows low level access to a video frame buffer, audio\noutput, mouse, and keyboard.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.2.15-10+deb8u1.\n\nWe recommend that you upgrade your libsdl1.2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-03-13T16:52:59", "type": "debian", "title": "[SECURITY] [DLA 1713-1] libsdl1.2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-03-13T16:52:59", "id": "DEBIAN:DLA-1713-1:F4DFB", "href": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:19:11", "description": "Package : libsdl2\nVersion : 2.0.2+dfsg1-6+deb8u2\nCVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575\n CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635\n CVE-2019-7636 CVE-2019-7637 CVE-2019-7638\n\nThe update of libsdl2 released as DLA 1714-1 led to several regressions, as\nreported by Avital Ostromich. These regressions are caused by libsdl1.2\npatches for CVE-2019-7637, CVE-2019-7635, CVE-2019-7638 and CVE-2019-7636 being\napplied to libsdl2 without adaptations.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n2.0.2+dfsg1-6+deb8u2.\n\nWe recommend that you upgrade your libsdl2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-10-17T09:46:09", "type": "debian", "title": "[SECURITY] [DLA 1714-2] libsdl2 regression update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-10-17T09:46:09", "id": "DEBIAN:DLA-1714-2:98CFC", "href": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T16:22:58", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2804-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Adrian Bunk\nOctober 31, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : libsdl1.2\nVersion : 1.2.15+dfsg1-4+deb9u1\nCVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 \n CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 \n CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2019-13616\nDebian Bug : 924609 \n\nSeveral vulnerability have been fixed in libsdl2, the older version of \nthe Simple DirectMedia Layer library that provides low level access to \naudio, keyboard, mouse, joystick, and graphics hardware.\n\nCVE-2019-7572\n\n Buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c\n\nCVE-2019-7573\n\n Heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c\n\nCVE-2019-7574\n\n Heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c\n\nCVE-2019-7575\n\n Heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c\n\nCVE-2019-7576\n\n Heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c\n\nCVE-2019-7577\n\n Buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c\n\nCVE-2019-7578\n\n Heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c\n\nCVE-2019-7635\n\n Heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c\n\nCVE-2019-7636\n\n Heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c\n\nCVE-2019-7637\n\n Heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c\n\nCVE-2019-7638\n\n Heap-based buffer over-read in Map1toN in video/SDL_pixels.c\n\nCVE-2019-13616\n\n Heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.2.15+dfsg1-4+deb9u1.\n\nWe recommend that you upgrade your libsdl1.2 packages.\n\nFor the detailed security status of libsdl1.2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libsdl1.2\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-31T16:40:43", "type": "debian", "title": "[SECURITY] [DLA 2804-1] libsdl1.2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13616", "CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-10-31T16:40:43", "id": "DEBIAN:DLA-2804-1:8FC5C", "href": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-12-01T10:46:43", "description": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library desig ned to provide fast access to the graphics frame buffer and audio device. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-09-08T02:59:49", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: SDL-1.2.15-41.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13616", "CVE-2019-7637"], "modified": "2019-09-08T02:59:49", "id": "FEDORA:550BF6062C8C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UITVW4WTOOCECLLWPQCV7VWMU66DN255/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-01T10:46:43", "description": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library desig ned to provide fast access to the graphics frame buffer and audio device. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-03-20T21:18:35", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: SDL-1.2.15-32.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-03-20T21:18:35", "id": "FEDORA:BAC2A603B290", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MD6EIV2CS6QNDU3UN2RVXPQOFQNHXCP7/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-01T10:46:43", "description": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library desig ned to provide fast access to the graphics frame buffer and audio device. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-02-26T03:08:51", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: SDL-1.2.15-36.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-02-26T03:08:51", "id": "FEDORA:EC037608A21F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OHEXXGCOKNICFBDMNVYYDTSDLQ42K5G5/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-01T10:46:43", "description": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library desig ned to provide fast access to the graphics frame buffer and audio device. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-03-19T05:16:59", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: SDL-1.2.15-37.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-03-19T05:16:59", "id": "FEDORA:19A176082DBB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UFYUCO6D5APPM7IOZ5WOCYVY4DKSXFKD/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-01T10:46:43", "description": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library desig ned to provide fast access to the graphics frame buffer and audio device. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-03-02T01:21:33", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: SDL-1.2.15-31.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-03-02T01:21:33", "id": "FEDORA:226326071258", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VCZFITTVE3ZPXN25ADFRGNJ5X5ASCPTY/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-01T10:46:43", "description": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-23T01:23:25", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: mingw-SDL-1.2.15-14.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13616", "CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-02-23T01:23:25", "id": "FEDORA:83AED60603E6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-01T10:46:43", "description": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library desig ned to provide fast access to the graphics frame buffer and audio device. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-09-08T03:09:31", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: SDL-1.2.15-40.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13616", "CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-09-08T03:09:31", "id": "FEDORA:6490D6085907", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-05T05:19:14", "description": "\nA vulnerability has been fixed in libsdl2, the newer version of the \nSimple DirectMedia Layer library that provides low level access to\naudio, keyboard, mouse, joystick, and graphics hardware.\n\n\n* [CVE-2017-2888](https://security-tracker.debian.org/tracker/CVE-2017-2888)\n[CVE-2019-7637](https://security-tracker.debian.org/tracker/CVE-2019-7637)\nPotential overflow in surface allocation was fixed.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.0.5+dfsg1-2+deb9u2.\n\n\nWe recommend that you upgrade your libsdl2 packages.\n\n\nFor the detailed security status of libsdl2 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/libsdl2>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-31T00:00:00", "type": "osv", "title": "libsdl2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7637", "CVE-2017-2888"], "modified": "2022-08-05T05:19:13", "id": "OSV:DLA-2803-1", "href": "https://osv.dev/vulnerability/DLA-2803-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:18:52", "description": "\nMultiple buffer overflow security issues have been found in libsdl1.2,\na library that allows low level access to a video frame buffer, audio\noutput, mouse, and keyboard.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n1.2.15-10+deb8u1.\n\n\nWe recommend that you upgrade your libsdl1.2 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-03-13T00:00:00", "type": "osv", "title": "libsdl1.2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2022-07-21T05:52:33", "id": "OSV:DLA-1713-1", "href": "https://osv.dev/vulnerability/DLA-1713-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:18:48", "description": "\nMultiple buffer overflow security issues have been found in libsdl2,\na library that allows low level access to a video frame buffer, audio\noutput, mouse, and keyboard.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n2.0.2+dfsg1-6+deb8u1.\n\n\nWe recommend that you upgrade your libsdl2 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-03-13T00:00:00", "type": "osv", "title": "libsdl2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2022-07-21T05:52:33", "id": "OSV:DLA-1714-1", "href": "https://osv.dev/vulnerability/DLA-1714-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:14:57", "description": "\nSeveral vulnerability have been fixed in libsdl2, the older version of\nthe Simple DirectMedia Layer library that provides low level access to\naudio, keyboard, mouse, joystick, and graphics hardware.\n\n\n* [CVE-2019-7572](https://security-tracker.debian.org/tracker/CVE-2019-7572)\nBuffer over-read in IMA\\_ADPCM\\_nibble in audio/SDL\\_wave.c\n* [CVE-2019-7573](https://security-tracker.debian.org/tracker/CVE-2019-7573)\nHeap-based buffer over-read in InitMS\\_ADPCM in audio/SDL\\_wave.c\n* [CVE-2019-7574](https://security-tracker.debian.org/tracker/CVE-2019-7574)\nHeap-based buffer over-read in IMA\\_ADPCM\\_decode in audio/SDL\\_wave.c\n* [CVE-2019-7575](https://security-tracker.debian.org/tracker/CVE-2019-7575)\nHeap-based buffer overflow in MS\\_ADPCM\\_decode in audio/SDL\\_wave.c\n* [CVE-2019-7576](https://security-tracker.debian.org/tracker/CVE-2019-7576)\nHeap-based buffer over-read in InitMS\\_ADPCM in audio/SDL\\_wave.c\n* [CVE-2019-7577](https://security-tracker.debian.org/tracker/CVE-2019-7577)\nBuffer over-read in SDL\\_LoadWAV\\_RW in audio/SDL\\_wave.c\n* [CVE-2019-7578](https://security-tracker.debian.org/tracker/CVE-2019-7578)\nHeap-based buffer over-read in InitIMA\\_ADPCM in audio/SDL\\_wave.c\n* [CVE-2019-7635](https://security-tracker.debian.org/tracker/CVE-2019-7635)\nHeap-based buffer over-read in Blit1to4 in video/SDL\\_blit\\_1.c\n* [CVE-2019-7636](https://security-tracker.debian.org/tracker/CVE-2019-7636)\nHeap-based buffer over-read in SDL\\_GetRGB in video/SDL\\_pixels.c\n* [CVE-2019-7637](https://security-tracker.debian.org/tracker/CVE-2019-7637)\nHeap-based buffer overflow in SDL\\_FillRect in video/SDL\\_surface.c\n* [CVE-2019-7638](https://security-tracker.debian.org/tracker/CVE-2019-7638)\nHeap-based buffer over-read in Map1toN in video/SDL\\_pixels.c\n* [CVE-2019-13616](https://security-tracker.debian.org/tracker/CVE-2019-13616)\nHeap-based buffer over-read in BlitNtoN in video/SDL\\_blit\\_N.c\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.2.15+dfsg1-4+deb9u1.\n\n\nWe recommend that you upgrade your libsdl1.2 packages.\n\n\nFor the detailed security status of libsdl1.2 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/libsdl1.2>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-31T00:00:00", "type": "osv", "title": "libsdl1.2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7636", "CVE-2019-7574", "CVE-2019-7572", "CVE-2019-7575", "CVE-2019-7578", "CVE-2019-7573", "CVE-2019-7635", "CVE-2019-7637", "CVE-2019-7638", "CVE-2019-13616", "CVE-2019-7576", "CVE-2019-7577"], "modified": "2022-07-21T05:53:55", "id": "OSV:DLA-2804-1", "href": "https://osv.dev/vulnerability/DLA-2804-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-12-03T21:33:34", "description": "## Releases\n\n * Ubuntu 19.04 \n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * libsdl2 \\- Simple DirectMedia Layer: cross-platform development library providing access to low level media interfaces\n\nIt was discovered that SDL 2.0 mishandled crafted image files resulting in an \ninteger overflow. If a user were tricked into opening a malicious file, SDL \n2.0 could be caused to crash or potentially run arbitrary code. \n(CVE-2017-2888)\n\nIt was discovered that SDL 2.0 mishandled crafted image files. If a user were \ntricked into opening a malicious file, SDL 2.0 could be caused to crash or \npotentially run arbitrary code. \n(CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-30T00:00:00", "type": "ubuntu", "title": "SDL 2.0 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2888", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-09-30T00:00:00", "id": "USN-4143-1", "href": "https://ubuntu.com/security/notices/USN-4143-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-20T17:41:22", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n\n## Packages\n\n * libsdl1.2 \\- Simple DirectMedia Layer debug files\n\nUSN-4156-1 fixed several vulnerabilities in SDL. This update provides \nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that SDL incorrectly handled certain images. If a user \nwere tricked into opening a crafted image file, a remote attacker could \nuse this issue to cause SDL to crash, resulting in a denial of service, or \npossibly execute arbitary code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-10-16T00:00:00", "type": "ubuntu", "title": "SDL vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13616", "CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637"], "modified": "2019-10-16T00:00:00", "id": "USN-4156-2", "href": "https://ubuntu.com/security/notices/USN-4156-2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T21:31:42", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * libsdl1.2 \\- Simple DirectMedia Layer\n\nIt was discovered that SDL incorrectly handled certain images. If a user \nwere tricked into opening a crafted image file, a remote attacker could \nuse this issue to cause SDL to crash, resulting in a denial of service, or \npossibly execute arbitrary code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-10-15T00:00:00", "type": "ubuntu", "title": "SDL vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13616", "CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-10-15T00:00:00", "id": "USN-4156-1", "href": "https://ubuntu.com/security/notices/USN-4156-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2021-08-11T15:48:35", "description": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.\n\nSecurity Fix(es):\n\n* SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)\n\n* SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n* SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)\n\n* SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)\n\n* SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)\n\n* SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573)\n\n* SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)\n\n* SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7576)\n\n* SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)\n\n* SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)\n\n* SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-11-03T12:21:34", "type": "almalinux", "title": "Moderate: SDL security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2021-08-11T13:42:14", "id": "ALSA-2020:4627", "href": "https://errata.almalinux.org/8/ALSA-2020-4627.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2023-12-02T22:41:23", "description": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.\n\nSecurity Fix(es):\n\n* SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)\n\n* SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n* SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)\n\n* SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)\n\n* SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)\n\n* SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573)\n\n* SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)\n\n* SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7576)\n\n* SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)\n\n* SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)\n\n* SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-03T12:21:34", "type": "redhat", "title": "(RHSA-2020:4627) Moderate: SDL security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-11-04T00:02:34", "id": "RHSA-2020:4627", "href": "https://access.redhat.com/errata/RHSA-2020:4627", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T22:41:23", "description": "Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.\n\nSecurity Fix(es):\n\n* SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)\n\n* SDL: heap-based buffer overflow in function MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n* SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)\n\n* SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)\n\n* SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)\n\n* SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573)\n\n* SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)\n\n* SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7576)\n\n* SDL: buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)\n\n* SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)\n\n* SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-29T07:39:03", "type": "redhat", "title": "(RHSA-2020:3868) Moderate: SDL security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-09-29T09:42:03", "id": "RHSA-2020:3868", "href": "https://access.redhat.com/errata/RHSA-2020:3868", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-12-01T10:28:13", "description": "[1.2.15-17]\n- Fix Some CVEs: CVE-2019-7572, CVE-2019-7573, CVE-2019-7574,\n CVE-2019-7575, CVE-2019-7576, CVE-2019-7577, CVE-2019-7578,\n CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638\n- Resolves: rhbz#1716201, rhbz#1716202, rhbz#1716206,\n- Resolves: rhbz#1716207, rhbz#1716208", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-06T00:00:00", "type": "oraclelinux", "title": "SDL security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-10-06T00:00:00", "id": "ELSA-2020-3868", "href": "http://linux.oracle.com/errata/ELSA-2020-3868.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-01T10:28:26", "description": "[1.2.15-38]\n- fix CVEs\n- Resolves: rhbz#1716209, rhbz#1716210, rhbz#1716211, rhbz#1716212,\n rhbz#1716213, rhbz#1716214, rhbz#1716215, rhbz#1716216,\n\t rhbz#1716217, rhbz#1716218, rhbz#1716219", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "oraclelinux", "title": "SDL security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-11-10T00:00:00", "id": "ELSA-2020-4627", "href": "http://linux.oracle.com/errata/ELSA-2020-4627.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-12-03T19:56:09", "description": "**CentOS Errata and Security Advisory** CESA-2020:3868\n\n\nSimple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.\n\nSecurity Fix(es):\n\n* SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)\n\n* SDL: heap-based buffer overflow in function MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)\n\n* SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)\n\n* SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)\n\n* SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)\n\n* SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573)\n\n* SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)\n\n* SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7576)\n\n* SDL: buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)\n\n* SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)\n\n* SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2020-October/032904.html\n\n**Affected packages:**\nSDL\nSDL-devel\nSDL-static\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2020:3868", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-20T18:56:35", "type": "centos", "title": "SDL security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-10-20T18:56:35", "id": "CESA-2020:3868", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2020-October/032904.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2023-12-03T16:46:11", "description": "Arch Linux Security Advisory ASA-201910-8\n=========================================\n\nSeverity: High\nDate : 2019-10-11\nCVE-ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575\nCVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635\nCVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2019-13616\nPackage : sdl\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-890\n\nSummary\n=======\n\nThe package sdl before version 1.2.15-13 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 1.2.15-13.\n\n# pacman -Syu \"sdl>=1.2.15-13\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2019-7572 (arbitrary code execution)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has\na buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.\n\n- CVE-2019-7573 (arbitrary code execution)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has\na heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c\n(inside the wNumCoef loop).\n\n- CVE-2019-7574 (arbitrary code execution)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has\na heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.\n\n- CVE-2019-7575 (arbitrary code execution)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has\na heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.\n\n- CVE-2019-7576 (arbitrary code execution)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has\na heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c\n(outside the wNumCoef loop).\n\n- CVE-2019-7577 (arbitrary code execution)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has\na buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.\n\n- CVE-2019-7578 (arbitrary code execution)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has\na heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.\n\n- CVE-2019-7635 (arbitrary code execution)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has\na heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.\n\n- CVE-2019-7636 (arbitrary code execution)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has\na heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.\n\n- CVE-2019-7637 (arbitrary code execution)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has\na heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.\n\n- CVE-2019-7638 (arbitrary code execution)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has\na heap-based buffer over-read in Map1toN in video/SDL_pixels.c.\n\n- CVE-2019-13616 (arbitrary code execution)\n\nA heap-based buffer overflow was discovered in SDL in the\nSDL_BlitCopy() function, that was called while copying an existing\nsurface into a new optimized one, due to lack of validation while\nloading a BMP image in the SDL_LoadBMP_RW() function. An application\nthat uses SDL to parse untrusted input files may be vulnerable to this\nflaw, which could allow an attacker to make the application crash or\npossibly execute code.\n\nImpact\n======\n\nAn attacker can execute arbitrary code on the affected host via a\ncrafted audio, image or video file.\n\nReferences\n==========\n\nhttps://bugzilla.libsdl.org/show_bug.cgi?id=4495\nhttps://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720\nhttps://hg.libsdl.org/SDL/rev/e52413f52586\nhttps://hg.libsdl.org/SDL/rev/a8afedbcaea0\nhttps://bugzilla.libsdl.org/show_bug.cgi?id=4491\nhttps://hg.libsdl.org/SDL/rev/388987dff7bf\nhttps://hg.libsdl.org/SDL/rev/f9a9d6c76b21\nhttps://bugzilla.libsdl.org/show_bug.cgi?id=4496\nhttps://hg.libsdl.org/SDL/rev/a6e3d2f5183e\nhttps://bugzilla.libsdl.org/show_bug.cgi?id=4493\nhttps://hg.libsdl.org/SDL/rev/a936f9bd3e38\nhttps://bugzilla.libsdl.org/show_bug.cgi?id=4490\nhttps://bugzilla.libsdl.org/show_bug.cgi?id=4492\nhttps://hg.libsdl.org/SDL/rev/faf9bbcfb5f\nhttps://hg.libsdl.org/SDL/rev/416136310b88\nhttps://bugzilla.libsdl.org/show_bug.cgi?id=4494\nhttps://bugzilla.libsdl.org/show_bug.cgi?id=4498\nhttps://hg.libsdl.org/SDL/rev/7c643f1c1887\nhttps://hg.libsdl.org/SDL/rev/f1f5878be5db\nhttps://bugzilla.libsdl.org/show_bug.cgi?id=4499\nhttps://hg.libsdl.org/SDL/rev/19d8c3b9c251\nhttps://hg.libsdl.org/SDL/rev/07c39cbbeacf\nhttps://bugzilla.libsdl.org/show_bug.cgi?id=4497\nhttps://hg.libsdl.org/SDL/rev/9b0e5c555c0f\nhttps://bugzilla.libsdl.org/show_bug.cgi?id=4500\nhttps://bugzilla.libsdl.org/show_bug.cgi?id=4538\nhttps://hg.libsdl.org/SDL/rev/ad1bbfbca760\nhttps://security.archlinux.org/CVE-2019-7572\nhttps://security.archlinux.org/CVE-2019-7573\nhttps://security.archlinux.org/CVE-2019-7574\nhttps://security.archlinux.org/CVE-2019-7575\nhttps://security.archlinux.org/CVE-2019-7576\nhttps://security.archlinux.org/CVE-2019-7577\nhttps://security.archlinux.org/CVE-2019-7578\nhttps://security.archlinux.org/CVE-2019-7635\nhttps://security.archlinux.org/CVE-2019-7636\nhttps://security.archlinux.org/CVE-2019-7637\nhttps://security.archlinux.org/CVE-2019-7638\nhttps://security.archlinux.org/CVE-2019-13616a", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-10-11T00:00:00", "type": "archlinux", "title": "[ASA-201910-8] sdl: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13616", "CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-10-11T00:00:00", "id": "ASA-201910-8", "href": "https://security.archlinux.org/ASA-201910-8", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-12-03T17:33:22", "description": "This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files. \\- Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (rhbz#1676510) \\- Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (rhbz#1676744) \\- Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (rhbz#1676750) \\- Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (rhbz#1676754) \\- Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (rhbz#1676754) \\- Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM) (rhbz#1676752, rhbz#1676756) \\- Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (rhbz#1676782) \\- Fix CVE-2019-7638, CVE-2019-7636 (buffer overflows when processing BMP images with too high number of colors) (rhbz#1677144, rhbz#1677157) \\- Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch) (rhbz#1677152) \\- Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel colors out the palette) (rhbz#1677159) \\- Reject 2, 3, 5, 6, 7-bpp BMP images (rhbz#1677159) \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-05T21:12:59", "type": "mageia", "title": "Updated SDL12 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-04-05T21:12:59", "id": "MGASA-2019-0127", "href": "https://advisories.mageia.org/MGASA-2019-0127.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:33:22", "description": "Updated sdl2 packages fix security vulnerabilities This release fixes various buffer overflows when parsing or processing damaged Waveform audio and BMP image files. \\- Fix CVE-2019-7572 (a buffer overread in IMA_ADPCM_nibble) (rhbz#1676754) \\- Fix CVE-2019-7572 (a buffer overwrite in IMA_ADPCM_nibble) (rhbz#1676754) \\- Fix CVE-2019-7573, CVE-2019-7576 (buffer overreads in InitMS_ADPCM) (rhbz#1676752, rhbz#1676756) \\- Fix CVE-2019-7574 (a buffer overread in IMA_ADPCM_decode) (rhbz#1676750) \\- Fix CVE-2019-7575 (a buffer overwrite in MS_ADPCM_decode) (rhbz#1676744) \\- Fix CVE-2019-7577 (a buffer overread in MS_ADPCM_decode) (rhbz#1676510) \\- Fix CVE-2019-7578 (a buffer overread in InitIMA_ADPCM) (rhbz#1676782) \\- Fix CVE-2019-7635 (a buffer overread when blitting a BMP image with pixel colors out the palette) (rhbz#1677159) \\- Fix CVE-2019-7636, CVE-2019-7638 (buffer overflows when processing BMP images with too high number of colors) (rhbz#1677144, rhbz#1677157) \\- Fix CVE-2019-7637 (an integer overflow in SDL_CalculatePitch) (rhbz#1677152) \\- Reject 2, 3, 5, 6, 7-bpp BMP images (rhbz#1677159) \\- Fix CVE-2010-13616 (heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c) The 2.0.10 release also provides various features and bug fixes. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-07T00:09:08", "type": "mageia", "title": "Updated sdl2 packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-13616", "CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2019-08-31T18:49:48", "id": "MGASA-2019-0239", "href": "https://advisories.mageia.org/MGASA-2019-0239.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-12-03T19:14:25", "description": "**Issue Overview:**\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. (CVE-2019-7572)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). (CVE-2019-7573)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7574)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. (CVE-2019-7575)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). (CVE-2019-7576)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. (CVE-2019-7577)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. (CVE-2019-7578)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (CVE-2019-7635)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. (CVE-2019-7636)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. (CVE-2019-7637)\n\nSDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. (CVE-2019-7638)\n\n \n**Affected Packages:** \n\n\nSDL\n\n \n**Note:**\n\nThis advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this [FAQ section](<../../faqs.html#clarify-al2-advisories>) for the difference between AL2 Core and AL2 Extras advisories. \n\n \n**Issue Correction:** \nRun _yum update SDL_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 SDL-1.2.15-17.amzn2.aarch64 \n \u00a0\u00a0\u00a0 SDL-devel-1.2.15-17.amzn2.aarch64 \n \u00a0\u00a0\u00a0 SDL-static-1.2.15-17.amzn2.aarch64 \n \u00a0\u00a0\u00a0 SDL-debuginfo-1.2.15-17.amzn2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 SDL-1.2.15-17.amzn2.i686 \n \u00a0\u00a0\u00a0 SDL-devel-1.2.15-17.amzn2.i686 \n \u00a0\u00a0\u00a0 SDL-static-1.2.15-17.amzn2.i686 \n \u00a0\u00a0\u00a0 SDL-debuginfo-1.2.15-17.amzn2.i686 \n \n src: \n \u00a0\u00a0\u00a0 SDL-1.2.15-17.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 SDL-1.2.15-17.amzn2.x86_64 \n \u00a0\u00a0\u00a0 SDL-devel-1.2.15-17.amzn2.x86_64 \n \u00a0\u00a0\u00a0 SDL-static-1.2.15-17.amzn2.x86_64 \n \u00a0\u00a0\u00a0 SDL-debuginfo-1.2.15-17.amzn2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2019-7572](<https://access.redhat.com/security/cve/CVE-2019-7572>), [CVE-2019-7573](<https://access.redhat.com/security/cve/CVE-2019-7573>), [CVE-2019-7574](<https://access.redhat.com/security/cve/CVE-2019-7574>), [CVE-2019-7575](<https://access.redhat.com/security/cve/CVE-2019-7575>), [CVE-2019-7576](<https://access.redhat.com/security/cve/CVE-2019-7576>), [CVE-2019-7577](<https://access.redhat.com/security/cve/CVE-2019-7577>), [CVE-2019-7578](<https://access.redhat.com/security/cve/CVE-2019-7578>), [CVE-2019-7635](<https://access.redhat.com/security/cve/CVE-2019-7635>), [CVE-2019-7636](<https://access.redhat.com/security/cve/CVE-2019-7636>), [CVE-2019-7637](<https://access.redhat.com/security/cve/CVE-2019-7637>), [CVE-2019-7638](<https://access.redhat.com/security/cve/CVE-2019-7638>)\n\nMitre: [CVE-2019-7572](<https://vulners.com/cve/CVE-2019-7572>), [CVE-2019-7573](<https://vulners.com/cve/CVE-2019-7573>), [CVE-2019-7574](<https://vulners.com/cve/CVE-2019-7574>), [CVE-2019-7575](<https://vulners.com/cve/CVE-2019-7575>), [CVE-2019-7576](<https://vulners.com/cve/CVE-2019-7576>), [CVE-2019-7577](<https://vulners.com/cve/CVE-2019-7577>), [CVE-2019-7578](<https://vulners.com/cve/CVE-2019-7578>), [CVE-2019-7635](<https://vulners.com/cve/CVE-2019-7635>), [CVE-2019-7636](<https://vulners.com/cve/CVE-2019-7636>), [CVE-2019-7637](<https://vulners.com/cve/CVE-2019-7637>), [CVE-2019-7638](<https://vulners.com/cve/CVE-2019-7638>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-22T17:17:00", "type": "amazon", "title": "Medium: SDL", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7572", "CVE-2019-7573", "CVE-2019-7574", "CVE-2019-7575", "CVE-2019-7576", "CVE-2019-7577", "CVE-2019-7578", "CVE-2019-7635", "CVE-2019-7636", "CVE-2019-7637", "CVE-2019-7638"], "modified": "2020-10-22T22:43:00", "id": "ALAS2-2020-1500", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1500.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
CVE-2019-7637
