Bug 1777372 (CVE-2019-14906)

Summary: CVE-2019-14906 SDL: CVE-2019-13616 not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950
Product: [Other] Security Response Reporter: Riccardo Schirone <rschiron>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: dingyichen, erik-fedora, igor.raits, klember, maci, manisandro, ppisar, tcallawa, wtaymans
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. A heap-based buffer overflow flaw, in SDL while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-12-02 13:04:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1777405, 1777406    
Bug Blocks: 1777373    

Description Riccardo Schirone 2019-11-27 14:17:03 UTC
Erratum RHSA-2019:3950 (https://access.redhat.com/errata/RHSA-2019:3950) was released to address SDL CVE-2019-13616 in Red Hat Enterprise Linux 7. However, this erratum failed to include the fix for the flaw and hence it did not fix the flaw as claimed. This issue is about the incomplete fix for CVE-2019-13616.

For more details about the original issue, refer to bug 1747237.

Comment 7 errata-xmlrpc 2019-12-02 09:37:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:4024 https://access.redhat.com/errata/RHSA-2019:4024

Comment 8 Product Security DevOps Team 2019-12-02 13:04:52 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):