ALT-BU-2024-12634-1
Branch c10f2 update bulletin.
Closed vulnerabilities
BDU:2021-03729
Уязвимость компонента video/SDL_blit_copy.c мультимедийной библиотеки Simple DirectMedia Layer, связанная с целочисленным переполнением, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2021-03749
Уязвимость функции Blit_3or4_to_3or4__inversed_rgb (video/SDL_blit_N.c) мультимедийной библиотеки Simple DirectMedia Layer, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
BDU:2023-00292
Уязвимость функции GLES_CreateTexture() в файле render/opengles/SDL_render_gles.c мультимедийной библиотеки Simple DirectMedia Layer (SDL), позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)
BDU:2024-01494
Уязвимость компонента src/video/SDL_pixels.c библиотеки Simple DirectMedia Layer, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-14409
SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.
- https://bugzilla.libsdl.org/show_bug.cgi?id=5200
- https://bugzilla.libsdl.org/show_bug.cgi?id=5200
- https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
- https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
- [debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update
- [debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update
- FEDORA-2021-9d65b22041
- FEDORA-2021-9d65b22041
- GLSA-202107-55
- GLSA-202107-55
- https://www.starwindsoftware.com/security/sw-20210325-0001/
- https://www.starwindsoftware.com/security/sw-20210325-0001/
Modified: 2025-03-20
CVE-2020-14410
SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.
- https://bugzilla.libsdl.org/show_bug.cgi?id=5200
- https://bugzilla.libsdl.org/show_bug.cgi?id=5200
- https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
- https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
- [debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update
- [debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update
- FEDORA-2021-9d65b22041
- FEDORA-2021-9d65b22041
- GLSA-202107-55
- GLSA-202107-55
Modified: 2024-11-21
CVE-2021-33657
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.
- https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
- https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update
- GLSA-202305-17
- GLSA-202305-17
- GLSA-202305-18
- GLSA-202305-18
Modified: 2025-04-08
CVE-2022-4743
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.
- https://access.redhat.com/security/cve/CVE-2022-4743
- https://access.redhat.com/security/cve/CVE-2022-4743
- https://bugzilla.redhat.com/show_bug.cgi?id=2156290
- https://bugzilla.redhat.com/show_bug.cgi?id=2156290
- https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b
- https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b
- https://github.com/libsdl-org/SDL/pull/6269
- https://github.com/libsdl-org/SDL/pull/6269
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update
- [debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update
- GLSA-202305-18
- GLSA-202305-18
Closed bugs
2.30.0
Package libbctoolbox updated to version 5.3.74-alt1 for branch c10f2 in task 356322.
Closed bugs
Сборка libbctoolbox
Package obs-studio updated to version 30.1.2-alt2 for branch c10f2 in task 356322.
Closed bugs
Ошибка подключения к серверам при настройки трансляции для telegram
Closed vulnerabilities
Modified: 2024-11-21
CVE-2024-8096
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.