USN-5558-1: libcdio vulnerabilities
10 August 2022
Several security issues were fixed in libcdio.
Releases
Packages
- libcdio - library to read and control digital audio CDs (development files)
Details
Zhao Liang discovered that libcdio was not properly performing memory
management operations when processing ISO files, which could result
in a heap buffer overflow or in a NULL pointer dereference. If a user
or automated system were tricked into opening a specially crafted file,
an attacker could possibly use this issue to cause a denial of service.
(CVE-2017-18198, CVE-2017-18199)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
libcdio-paranoia1
-
0.83-4.2ubuntu1+esm1
Available with Ubuntu Pro
-
libcdio-cdda1
-
0.83-4.2ubuntu1+esm1
Available with Ubuntu Pro
-
libcdio-utils
-
0.83-4.2ubuntu1+esm1
Available with Ubuntu Pro
-
libcdio13
-
0.83-4.2ubuntu1+esm1
Available with Ubuntu Pro
-
libiso9660-8
-
0.83-4.2ubuntu1+esm1
Available with Ubuntu Pro
-
libudf0
-
0.83-4.2ubuntu1+esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
libcdio-paranoia1
-
0.83-4.1ubuntu1+esm1
Available with Ubuntu Pro
-
libcdio-cdda1
-
0.83-4.1ubuntu1+esm1
Available with Ubuntu Pro
-
libcdio-utils
-
0.83-4.1ubuntu1+esm1
Available with Ubuntu Pro
-
libcdio13
-
0.83-4.1ubuntu1+esm1
Available with Ubuntu Pro
-
libiso9660-8
-
0.83-4.1ubuntu1+esm1
Available with Ubuntu Pro
-
libudf0
-
0.83-4.1ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.