USN-5398-1: Simple DirectMedia Layer vulnerability

28 April 2022

SDL (Simple DirectMedia Layer) could be made to crash or run programs if it opened a specially crafted file.

Releases

Packages

libsdl1.2 - Simple DirectMedia Layer
libsdl2 - Cross-platform multimedia library with low access to hardware

Details

It was discovered that SDL (Simple DirectMedia Layer) incorrectly handled
certain files. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.10

libsdl2-2.0-0 - 2.0.14+dfsg2-3ubuntu0.1

Ubuntu 18.04

libsdl1.2debian - 1.2.15+dfsg2-0.1ubuntu0.2

Ubuntu 16.04

libsdl1.2debian - 1.2.15+dfsg1-3ubuntu0.1+esm1
Available with UA Infra or UA Desktop

Ubuntu 14.04

libsdl1.2debian - 1.2.15-8ubuntu1.1+esm2
Available with UA Infra or UA Desktop

In general, a standard system update will make all the necessary changes.

References

CVE-2021-33657

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›