Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 890614 (CVE-2022-4743) - <media-libs/libsdl2-2.26.0: memory leak in GLES_CreateTexture
Summary: <media-libs/libsdl2-2.26.0: memory leak in GLES_CreateTexture
Status: RESOLVED FIXED
Alias: CVE-2022-4743
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 892095
Blocks:
  Show dependency tree
 
Reported: 2023-01-13 04:25 UTC by John Helmert III
Modified: 2023-05-03 10:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-13 04:25:40 UTC 
CVE-2022-4743 (https://bugzilla.redhat.com/show_bug.cgi?id=2156290):
https://access.redhat.com/security/cve/CVE-2022-4743

A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.

Fix, in 2.26.2: https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b
Comment 1 Larry the Git Cow gentoo-dev 2023-05-03 10:05:48 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=1df848183ceabb2deaed160a1e0f1606600e81b7

commit 1df848183ceabb2deaed160a1e0f1606600e81b7
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 10:04:24 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 10:05:29 +0000

    [ GLSA 202305-18 ] libsdl2: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/836665
    Bug: https://bugs.gentoo.org/890614
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-18.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-03 10:07:12 UTC 
Please cleanup.
Comment 3 Larry the Git Cow gentoo-dev 2023-05-03 10:11:30 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ac343d0a65b278c32e2206edab370854d2c7e59

commit 3ac343d0a65b278c32e2206edab370854d2c7e59
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-05-03 10:11:15 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 10:11:15 +0000

    media-libs/libsdl2: drop 2.24.0-r2, 2.24.2, 2.26.0
    
    Bug: https://bugs.gentoo.org/890614
    Signed-off-by: Sam James <sam@gentoo.org>

 media-libs/libsdl2/Manifest                        |   3 -
 .../files/libsdl2-2.24.0-clang-15-configure.patch  |  24 ---
 .../files/libsdl2-2.24.0-cmake-target-fixes.patch  | 145 -------------
 ...libsdl2-2.24.0-fix-build-without-joystick.patch |  32 ---
 .../libsdl2/files/libsdl2-2.26.0-wayland.patch     |  27 ---
 media-libs/libsdl2/libsdl2-2.24.0-r2.ebuild        | 230 --------------------
 media-libs/libsdl2/libsdl2-2.24.2.ebuild           | 228 --------------------
 media-libs/libsdl2/libsdl2-2.26.0.ebuild           | 231 ---------------------
 8 files changed, 920 deletions(-)