Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Scientific Linux SL7: SLSA-2018-3246-1 Low: libcdio Issues and Fixes

Scientific Large Esm H446
libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) * libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) * libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201) SL7 x86_64 libcdio-0.92-3.el7.i686.rpm libcdio-0.92-3.el7.x86_64.rpm libcdio-debuginfo-0.92-3.el7.i68 [More...]
Synopsis:          Low: libcdio security update
Advisory ID:       SLSA-2018:3246-1
Issue Date:        2018-10-30
CVE Numbers:       CVE-2017-18198
                   CVE-2017-18199
                   CVE-2017-18201
--

Security Fix(es):

* libcdio: Heap-based buffer over-read in print_iso9660_recurse function
in iso-info.c (CVE-2017-18198)

* libcdio: NULL pointer dereference in realloc_symlink in rock.c
(CVE-2017-18199)

* libcdio: Double free in get_cdtext_generic() in
lib/driver/_cdio_generic.c (CVE-2017-18201)
--

SL7
  x86_64
    libcdio-0.92-3.el7.i686.rpm
    libcdio-0.92-3.el7.x86_64.rpm
    libcdio-debuginfo-0.92-3.el7.i686.rpm
    libcdio-debuginfo-0.92-3.el7.x86_64.rpm
    libcdio-devel-0.92-3.el7.i686.rpm
    libcdio-devel-0.92-3.el7.x86_64.rpm

- Scientific Linux Development Team