A libsdl2 security update has been released for Debian GNU/Linux 8 Extended LTS to address several issues that could lead to buffer overflow, integer overflow or heap-based buffer over-read.
ELA-353-1 libsdl2 security update
Package libsdl2
ELA-353-1 libsdl2 security update
Version 2.0.2+dfsg1-6+deb8u3
Related CVEs CVE-2019-13616 CVE-2020-14409 CVE-2020-14410
Several issues have been found in libsdl2, a library for portable low level access to a video framebuffer, audio output, mouse, and keyboard. All issues are related to either buffer overflow, integer overflow or heap-based buffer over-read, resulting in a DoS or remote code execution by using a crafted BMP file.
For Debian 8 jessie, these problems have been fixed in version 2.0.2+dfsg1-6+deb8u3.
We recommend that you upgrade your libsdl2 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
