Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2020:3868 - Security Advisory
Issued:
2020-09-29
Updated:
2020-09-29

RHSA-2020:3868 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: SDL security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for SDL is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.

Security Fix(es):

  • SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)
  • SDL: heap-based buffer overflow in function MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)
  • SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)
  • SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)
  • SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)
  • SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573)
  • SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)
  • SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7576)
  • SDL: buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)
  • SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)
  • SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1676509 - CVE-2019-7577 SDL: buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c
  • BZ - 1676743 - CVE-2019-7575 SDL: heap-based buffer overflow in function MS_ADPCM_decode in audio/SDL_wave.c
  • BZ - 1676749 - CVE-2019-7574 SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c
  • BZ - 1676751 - CVE-2019-7573 SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
  • BZ - 1676753 - CVE-2019-7572 SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c
  • BZ - 1676755 - CVE-2019-7576 SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
  • BZ - 1676781 - CVE-2019-7578 SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c
  • BZ - 1677143 - CVE-2019-7638 SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c
  • BZ - 1677151 - CVE-2019-7637 SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c
  • BZ - 1677156 - CVE-2019-7636 SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c
  • BZ - 1677158 - CVE-2019-7635 SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c

CVEs

  • CVE-2019-7572
  • CVE-2019-7573
  • CVE-2019-7574
  • CVE-2019-7575
  • CVE-2019-7576
  • CVE-2019-7577
  • CVE-2019-7578
  • CVE-2019-7635
  • CVE-2019-7636
  • CVE-2019-7637
  • CVE-2019-7638

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
SDL-1.2.15-17.el7.src.rpm SHA-256: de221f8db30d22e314956ca2dbb1b2bf93e27613faa4eb1c1a72f253e18a6ef7
x86_64
SDL-1.2.15-17.el7.i686.rpm SHA-256: b59a706507d34a7f838fea377799395d858f1bf4f27e0689e251b78417c5b076
SDL-1.2.15-17.el7.x86_64.rpm SHA-256: ae35866bad8e20c4d37a92337a7bd389f7479b5fea420d33becb3b4a37e0c5c8
SDL-debuginfo-1.2.15-17.el7.i686.rpm SHA-256: 2be78e21a897f960749c9bcfe9618cef8e810b66d0795d8e6b9fe8192368ace7
SDL-debuginfo-1.2.15-17.el7.i686.rpm SHA-256: 2be78e21a897f960749c9bcfe9618cef8e810b66d0795d8e6b9fe8192368ace7
SDL-debuginfo-1.2.15-17.el7.x86_64.rpm SHA-256: 5355e705ea4b2eb9cc053ec7c0557088af88b64435ef3b8afea152b666bd1131
SDL-debuginfo-1.2.15-17.el7.x86_64.rpm SHA-256: 5355e705ea4b2eb9cc053ec7c0557088af88b64435ef3b8afea152b666bd1131
SDL-devel-1.2.15-17.el7.i686.rpm SHA-256: 516cdce8baaacedb4e17082e4d3b850231605ce93b3634fc343b19df7715c269
SDL-devel-1.2.15-17.el7.x86_64.rpm SHA-256: c08a437607cb4eeba3cfefbc74130ad6840d7aca91120445b603c11436da28c2
SDL-static-1.2.15-17.el7.i686.rpm SHA-256: 8432b845f32188b4ede45e3a9811c65b7de2b6a07a369e45d9f21c036e9eec7d
SDL-static-1.2.15-17.el7.x86_64.rpm SHA-256: 4476a366d1102ee390cf537c04473522107d468629ebfb3a4ba7fda72eb7b972

Red Hat Enterprise Linux Workstation 7

SRPM
SDL-1.2.15-17.el7.src.rpm SHA-256: de221f8db30d22e314956ca2dbb1b2bf93e27613faa4eb1c1a72f253e18a6ef7
x86_64
SDL-1.2.15-17.el7.i686.rpm SHA-256: b59a706507d34a7f838fea377799395d858f1bf4f27e0689e251b78417c5b076
SDL-1.2.15-17.el7.x86_64.rpm SHA-256: ae35866bad8e20c4d37a92337a7bd389f7479b5fea420d33becb3b4a37e0c5c8
SDL-debuginfo-1.2.15-17.el7.i686.rpm SHA-256: 2be78e21a897f960749c9bcfe9618cef8e810b66d0795d8e6b9fe8192368ace7
SDL-debuginfo-1.2.15-17.el7.i686.rpm SHA-256: 2be78e21a897f960749c9bcfe9618cef8e810b66d0795d8e6b9fe8192368ace7
SDL-debuginfo-1.2.15-17.el7.x86_64.rpm SHA-256: 5355e705ea4b2eb9cc053ec7c0557088af88b64435ef3b8afea152b666bd1131
SDL-debuginfo-1.2.15-17.el7.x86_64.rpm SHA-256: 5355e705ea4b2eb9cc053ec7c0557088af88b64435ef3b8afea152b666bd1131
SDL-devel-1.2.15-17.el7.i686.rpm SHA-256: 516cdce8baaacedb4e17082e4d3b850231605ce93b3634fc343b19df7715c269
SDL-devel-1.2.15-17.el7.x86_64.rpm SHA-256: c08a437607cb4eeba3cfefbc74130ad6840d7aca91120445b603c11436da28c2
SDL-static-1.2.15-17.el7.i686.rpm SHA-256: 8432b845f32188b4ede45e3a9811c65b7de2b6a07a369e45d9f21c036e9eec7d
SDL-static-1.2.15-17.el7.x86_64.rpm SHA-256: 4476a366d1102ee390cf537c04473522107d468629ebfb3a4ba7fda72eb7b972

Red Hat Enterprise Linux Desktop 7

SRPM
SDL-1.2.15-17.el7.src.rpm SHA-256: de221f8db30d22e314956ca2dbb1b2bf93e27613faa4eb1c1a72f253e18a6ef7
x86_64
SDL-1.2.15-17.el7.i686.rpm SHA-256: b59a706507d34a7f838fea377799395d858f1bf4f27e0689e251b78417c5b076
SDL-1.2.15-17.el7.x86_64.rpm SHA-256: ae35866bad8e20c4d37a92337a7bd389f7479b5fea420d33becb3b4a37e0c5c8
SDL-debuginfo-1.2.15-17.el7.i686.rpm SHA-256: 2be78e21a897f960749c9bcfe9618cef8e810b66d0795d8e6b9fe8192368ace7
SDL-debuginfo-1.2.15-17.el7.i686.rpm SHA-256: 2be78e21a897f960749c9bcfe9618cef8e810b66d0795d8e6b9fe8192368ace7
SDL-debuginfo-1.2.15-17.el7.x86_64.rpm SHA-256: 5355e705ea4b2eb9cc053ec7c0557088af88b64435ef3b8afea152b666bd1131
SDL-debuginfo-1.2.15-17.el7.x86_64.rpm SHA-256: 5355e705ea4b2eb9cc053ec7c0557088af88b64435ef3b8afea152b666bd1131
SDL-devel-1.2.15-17.el7.i686.rpm SHA-256: 516cdce8baaacedb4e17082e4d3b850231605ce93b3634fc343b19df7715c269
SDL-devel-1.2.15-17.el7.x86_64.rpm SHA-256: c08a437607cb4eeba3cfefbc74130ad6840d7aca91120445b603c11436da28c2
SDL-static-1.2.15-17.el7.i686.rpm SHA-256: 8432b845f32188b4ede45e3a9811c65b7de2b6a07a369e45d9f21c036e9eec7d
SDL-static-1.2.15-17.el7.x86_64.rpm SHA-256: 4476a366d1102ee390cf537c04473522107d468629ebfb3a4ba7fda72eb7b972

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
SDL-1.2.15-17.el7.src.rpm SHA-256: de221f8db30d22e314956ca2dbb1b2bf93e27613faa4eb1c1a72f253e18a6ef7
s390x
SDL-1.2.15-17.el7.s390.rpm SHA-256: e918b4928b2e4f9e1dce87fb0dbdbf1a3f134c42a58ad83adcdd307aa7633de1
SDL-1.2.15-17.el7.s390x.rpm SHA-256: f29474490a6d629a6ce72e7ef11da15321b29ee65734317d94d188fce3f9c377
SDL-debuginfo-1.2.15-17.el7.s390.rpm SHA-256: 28b64cd0a7add44e6101c613c63250d797f99e2c3b1458a87d99e6a3e69fe116
SDL-debuginfo-1.2.15-17.el7.s390.rpm SHA-256: 28b64cd0a7add44e6101c613c63250d797f99e2c3b1458a87d99e6a3e69fe116
SDL-debuginfo-1.2.15-17.el7.s390x.rpm SHA-256: ed0ef017330b4c7ed71ea229f957fbbc4414e86b790efe911ff9bb0414b50f4b
SDL-debuginfo-1.2.15-17.el7.s390x.rpm SHA-256: ed0ef017330b4c7ed71ea229f957fbbc4414e86b790efe911ff9bb0414b50f4b
SDL-devel-1.2.15-17.el7.s390.rpm SHA-256: 43b31d42831acb3cfdc21ed40266a25457eb6fe80f6c13a6256a2d916dc0a23f
SDL-devel-1.2.15-17.el7.s390x.rpm SHA-256: 07fe93fb8922c1f4903ce9b8d6fd85576a1673e91dae6260bcb59bfaf872c6d1
SDL-static-1.2.15-17.el7.s390.rpm SHA-256: a3e747087222416b405b83c16ede5f9367dbf24c12a0366cec16b0444f5c5d59
SDL-static-1.2.15-17.el7.s390x.rpm SHA-256: 90a6820a0974a491861be923872bb9515e74909d9ef2258b977b0710c5d6e034

Red Hat Enterprise Linux for Power, big endian 7

SRPM
SDL-1.2.15-17.el7.src.rpm SHA-256: de221f8db30d22e314956ca2dbb1b2bf93e27613faa4eb1c1a72f253e18a6ef7
ppc64
SDL-1.2.15-17.el7.ppc.rpm SHA-256: bc569e26f1b6eb9e05a5493d49a5b4bbdd7a2e21325a960d411720edd4b98f1d
SDL-1.2.15-17.el7.ppc64.rpm SHA-256: b0fb260deb71ac42690ef091f8cb919cc67e43e37af06ed05ef8c6c436cd2977
SDL-debuginfo-1.2.15-17.el7.ppc.rpm SHA-256: e2df47c25c174bfb8bf9b4daefdf3fbdfefc00e692d4da9f2dea33d584dcb7fb
SDL-debuginfo-1.2.15-17.el7.ppc.rpm SHA-256: e2df47c25c174bfb8bf9b4daefdf3fbdfefc00e692d4da9f2dea33d584dcb7fb
SDL-debuginfo-1.2.15-17.el7.ppc64.rpm SHA-256: fa4070ecad79a011c284350250b454f416b4072c86ef7b8b5bdd3caefc17d1a1
SDL-debuginfo-1.2.15-17.el7.ppc64.rpm SHA-256: fa4070ecad79a011c284350250b454f416b4072c86ef7b8b5bdd3caefc17d1a1
SDL-devel-1.2.15-17.el7.ppc.rpm SHA-256: a97a239ec95bb16b96ac304106009bdc4f55b4a1b59c40074fbd5e5599f93639
SDL-devel-1.2.15-17.el7.ppc64.rpm SHA-256: c16eda07ebf6d6c646cc08653610e2d7e5e919df78b446f557f004c30d1c78a2
SDL-static-1.2.15-17.el7.ppc.rpm SHA-256: d0e0c2892cbe4be5dcca62f752a4b88b118d8a4668233deb5a4765f9464c9904
SDL-static-1.2.15-17.el7.ppc64.rpm SHA-256: fb7b9a060fe2588640302e13313a94f16912e8199ded801d0d4c413c7aa9f6b0

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
SDL-1.2.15-17.el7.src.rpm SHA-256: de221f8db30d22e314956ca2dbb1b2bf93e27613faa4eb1c1a72f253e18a6ef7
x86_64
SDL-1.2.15-17.el7.i686.rpm SHA-256: b59a706507d34a7f838fea377799395d858f1bf4f27e0689e251b78417c5b076
SDL-1.2.15-17.el7.x86_64.rpm SHA-256: ae35866bad8e20c4d37a92337a7bd389f7479b5fea420d33becb3b4a37e0c5c8
SDL-debuginfo-1.2.15-17.el7.i686.rpm SHA-256: 2be78e21a897f960749c9bcfe9618cef8e810b66d0795d8e6b9fe8192368ace7
SDL-debuginfo-1.2.15-17.el7.i686.rpm SHA-256: 2be78e21a897f960749c9bcfe9618cef8e810b66d0795d8e6b9fe8192368ace7
SDL-debuginfo-1.2.15-17.el7.x86_64.rpm SHA-256: 5355e705ea4b2eb9cc053ec7c0557088af88b64435ef3b8afea152b666bd1131
SDL-debuginfo-1.2.15-17.el7.x86_64.rpm SHA-256: 5355e705ea4b2eb9cc053ec7c0557088af88b64435ef3b8afea152b666bd1131
SDL-devel-1.2.15-17.el7.i686.rpm SHA-256: 516cdce8baaacedb4e17082e4d3b850231605ce93b3634fc343b19df7715c269
SDL-devel-1.2.15-17.el7.x86_64.rpm SHA-256: c08a437607cb4eeba3cfefbc74130ad6840d7aca91120445b603c11436da28c2
SDL-static-1.2.15-17.el7.i686.rpm SHA-256: 8432b845f32188b4ede45e3a9811c65b7de2b6a07a369e45d9f21c036e9eec7d
SDL-static-1.2.15-17.el7.x86_64.rpm SHA-256: 4476a366d1102ee390cf537c04473522107d468629ebfb3a4ba7fda72eb7b972

Red Hat Enterprise Linux for Power, little endian 7

SRPM
SDL-1.2.15-17.el7.src.rpm SHA-256: de221f8db30d22e314956ca2dbb1b2bf93e27613faa4eb1c1a72f253e18a6ef7
ppc64le
SDL-1.2.15-17.el7.ppc64le.rpm SHA-256: c5a1bed1e24d0b37cc77cb8d43eea72aaa710a13655d4ae36317a37c6b587d1c
SDL-debuginfo-1.2.15-17.el7.ppc64le.rpm SHA-256: 43ebc0fb9df56ff002e566a715c90cf81f7055e9a592ee668c9312c2897aa221
SDL-debuginfo-1.2.15-17.el7.ppc64le.rpm SHA-256: 43ebc0fb9df56ff002e566a715c90cf81f7055e9a592ee668c9312c2897aa221
SDL-devel-1.2.15-17.el7.ppc64le.rpm SHA-256: fb94a3242f9b6aaf628efb653c29f0c23dcba5c9a9c0abd4724488b63ead959d
SDL-static-1.2.15-17.el7.ppc64le.rpm SHA-256: 65ce1d5f14f91732a653ded4ecc126c5cba6ef1dbe6a9dbfe624206573975a76

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter