Ubuntu 5558-1: libcdio vulnerabilities | LinuxSecurity.com
==========================================================================
Ubuntu Security Notice USN-5558-1
August 10, 2022

libcdio vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in libcdio.

Software Description:
- libcdio: library to read and control digital audio CDs (development files)

Details:

Zhao Liang discovered that libcdio was not properly performing memory
management operations when processing ISO files, which could result
in a heap buffer overflow or in a NULL pointer dereference. If a user
or automated system were tricked into opening a specially crafted file,
an attacker could possibly use this issue to cause a denial of service.
(CVE-2017-18198, CVE-2017-18199)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   libcdio-cdda1                   0.83-4.2ubuntu1+esm1
   libcdio-paranoia1               0.83-4.2ubuntu1+esm1
   libcdio-utils                   0.83-4.2ubuntu1+esm1
   libcdio13                       0.83-4.2ubuntu1+esm1
   libiso9660-8                    0.83-4.2ubuntu1+esm1
   libudf0                         0.83-4.2ubuntu1+esm1

Ubuntu 14.04 ESM:
   libcdio-cdda1                   0.83-4.1ubuntu1+esm1
   libcdio-paranoia1               0.83-4.1ubuntu1+esm1
   libcdio-utils                   0.83-4.1ubuntu1+esm1
   libcdio13                       0.83-4.1ubuntu1+esm1
   libiso9660-8                    0.83-4.1ubuntu1+esm1
   libudf0                         0.83-4.1ubuntu1+esm1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5558-1
   CVE-2017-18198, CVE-2017-18199


Ubuntu 5558-1: libcdio vulnerabilities

August 10, 2022

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in libcdio. Software Description: - libcdio: library to read and control digital audio CDs (development files) Details: Zhao Liang discovered that libcdio was not properly performing memory management operations when processing ISO files, which could result in a heap buffer overflow or in a NULL pointer dereference. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2017-18198, CVE-2017-18199)

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM:   libcdio-cdda1                   0.83-4.2ubuntu1+esm1   libcdio-paranoia1               0.83-4.2ubuntu1+esm1   libcdio-utils                   0.83-4.2ubuntu1+esm1   libcdio13                       0.83-4.2ubuntu1+esm1   libiso9660-8                    0.83-4.2ubuntu1+esm1   libudf0                         0.83-4.2ubuntu1+esm1 Ubuntu 14.04 ESM:   libcdio-cdda1                   0.83-4.1ubuntu1+esm1   libcdio-paranoia1               0.83-4.1ubuntu1+esm1   libcdio-utils                   0.83-4.1ubuntu1+esm1   libcdio13                       0.83-4.1ubuntu1+esm1   libiso9660-8                    0.83-4.1ubuntu1+esm1   libudf0                         0.83-4.1ubuntu1+esm1 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5558-1

  CVE-2017-18198, CVE-2017-18199

Severity
Ubuntu Security Notice USN-5558-1

Package Information

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.