Debian 10036 Published by

A libsdl2 security update has been released for Debian GNU/Linux 8 Extended LTS to address several issues that could lead to buffer overflow, integer overflow or heap-based buffer over-read.

ELA-353-1 libsdl2 security update

Package libsdl2
Version 2.0.2+dfsg1-6+deb8u3
Related CVEs CVE-2019-13616 CVE-2020-14409 CVE-2020-14410

Several issues have been found in libsdl2, a library for portable low level access to a video framebuffer, audio output, mouse, and keyboard. All issues are related to either buffer overflow, integer overflow or heap-based buffer over-read, resulting in a DoS or remote code execution by using a crafted BMP file.

For Debian 8 jessie, these problems have been fixed in version 2.0.2+dfsg1-6+deb8u3.

We recommend that you upgrade your libsdl2 packages.

Further information about Extended LTS security advisories can be found at:

  ELA-353-1 libsdl2 security update