Test ID:	1.3.6.1.4.1.25623.1.1.10.2018.0454
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2018-0454)
Summary:	The remote host is missing an update for the 'mingw-SDL2, mingw-SDL2_image, mingw-SDL2_mixer, sdl2, sdl2_image, sdl2_mixer' package(s) announced via the MGASA-2018-0454 advisory.
Description:	Summary: The remote host is missing an update for the 'mingw-SDL2, mingw-SDL2_image, mingw-SDL2_mixer, sdl2, sdl2_image, sdl2_mixer' package(s) announced via the MGASA-2018-0454 advisory. Vulnerability Insight: This update fixes various security vulnerabilities affecting the SDL2_image library, listed below. The fixes are provided in SDL2_image 2.0.4, which depends on SDL2 2.0.8 or later. As such, the SDL2 and SDL2_mixer libraries are also updated to their current stable releases, providing various bug fixes and features. The security vulnerabilities fixed in this update are the following: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0488, CVE-2017-12122) An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0489, CVE-2017-14440) An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0490, CVE-2017-14441) An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0491, CVE-2017-14442) An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0497, CVE-2017-14448) A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2017-0498, CVE-2017-14449) A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. (TALOS-2017-0499, CVE-2017-14450) An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability. (TALOS-2018-0519, CVE-2018-3837) An ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'mingw-SDL2, mingw-SDL2_image, mingw-SDL2_mixer, sdl2, sdl2_image, sdl2_mixer' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-12122 Debian Security Information: DSA-4177 (Google Search) https://www.debian.org/security/2018/dsa-4177 Debian Security Information: DSA-4184 (Google Search) https://www.debian.org/security/2018/dsa-4184 https://security.gentoo.org/glsa/201903-17 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488 https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2017-14440 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489 Common Vulnerability Exposure (CVE) ID: CVE-2017-14441 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490 Common Vulnerability Exposure (CVE) ID: CVE-2017-14442 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491 Common Vulnerability Exposure (CVE) ID: CVE-2017-14448 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497 Common Vulnerability Exposure (CVE) ID: CVE-2017-14449 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498 Common Vulnerability Exposure (CVE) ID: CVE-2017-14450 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499 Common Vulnerability Exposure (CVE) ID: CVE-2018-3837 https://www.starwindsoftware.com/security/sw-20191008-0001/ https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519 Common Vulnerability Exposure (CVE) ID: CVE-2018-3838 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520 Common Vulnerability Exposure (CVE) ID: CVE-2018-3839 https://www.starwindsoftware.com/security/sw-20191008-0002/ https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521 Common Vulnerability Exposure (CVE) ID: CVE-2018-3977 https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645 https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://usn.ubuntu.com/4238-1/
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.