Two Vulnerabilities to be Found at SDL

Two of six serious vulnerabilities in this cross-platform multimedia library create conditions for remote code execution.
04 July 2019   1500

The SDL (Simple Direct Layer) library set, which provides tools for hardware accelerated 2D and 3D graphics rendering, input processing, audio playback, 3D output via OpenGL / OpenGL ES, and many other related operations, revealed 6 vulnerabilities. Including in the SDL2_image library, two problems have been discovered that allow organizing remote code execution in the system. Attacks can be made on applications that use SDL to load images.

Both vulnerabilities (CVE-2019-5051, CVE-2019-5051) are present in the IMG_LoadPCX_RW function and are caused by the lack of the necessary error handler and integer overflow that can be exploited through the transfer of a specially crafted PCX file. Issues have already been fixed in the SDL_image 2.0.5 release. Information about the remaining 4 vulnerabilities has not yet been disclosed.

Vulnerabilities were found by Talos, so you can find more info at their website.

Red Hat's CFO to Left His Possition

Due to the "violation of Red Hat's operating standards" Eric Shander was fired without appropriate $4 000 000 payment
14 October 2019   177

Eric Shander has been dismissed as Red Hat CFO without paying the $ 4 million bonus set before IBM acquired Red Hat. The decision was made by the board of directors of Red Hat and approved by IBM. As a reason for dismissal without appropraite payments, a violation of Red Hat's operating standards is mentioned. The spokesman refused to provide more information about the reasons for the dismissal, but explained that the accounting and financial statements of the company are in good order.

Eric was hired by Red Hat in 2015, initially serving as acting financial director, and in 2017 was approved as permanent financial director. Prior to joining Red Hat, Eric Chander held various financial positions at IBM and Lenovo.