Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu 24.04: USN-6855-1 Moderate: Buffer Overflow in Libcdio DDoS

ubuntu
Calendar Grey July 1, 2024
Dist Ubuntu Esm H88
An urgent libcdio security flaw impacts various Ubuntu versions. Ensure to verify for updates to mitigate this significant risk.
libcdio could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

libcdio could be made to crash or run programs as your login if it

opened a specially crafted file.

Software Description:

- libcdio: C++ library to read and control CD-ROM (development files)

Details:

Mansour Gashasbi discovered that libcdio incorrectly handled certain

memory operations when parsing an ISO file, leading to a buffer overflow

vulnerability. An attacker could use this to cause a denial of service

or possibly execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   libcdio++1t64                   2.1.0-4.1ubuntu1.2
   libcdio19t64                    2.1.0-4.1ubuntu1.2
   libiso9660++0t64                2.1.0-4.1ubuntu1.2
   libiso9660-11t64                2.1.0-4.1ubuntu1.2
   libudf0t64                      2.1.0-4.1ubuntu1.2

Ubuntu 23.10
   libcdio++1                      2.1.0-4ubuntu0.2
   libcdio19                       2.1.0-4ubuntu0.2
   libiso9660++0                   2.1.0-4ubuntu0.2
   libiso9660-11                   2.1.0-4ubuntu0.2
   libudf0                         2.1.0-4ubuntu0.2

Ubuntu 22.04 LTS
   libcdio++1                      2.1.0-3ubuntu0.2
   libcdio19                       2.1.0-3ubuntu0.2
   libiso9660++0                   2.1.0-3ubuntu0.2
   libiso9660-11                   2.1.0-3ubuntu0.2
   libudf0                         2.1.0-3ubuntu0.2

Ubuntu 20.04 LTS
   libcdio18                       2.0.0-2ubuntu0.2
   libiso9660-11                   2.0.0-2ubuntu0.2
   libudf0                         2.0.0-2ubuntu0.2

Ubuntu 18.04 LTS
   libcdio17                       1.0.0-2ubuntu2+esm2
                                   Available with Ubuntu Pro
   libiso9660-10                   1.0.0-2ubuntu2+esm2
                                   Available with Ubuntu Pro
   libudf0                         1.0.0-2ubuntu2+esm2
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   libcdio13                       0.83-4.2ubuntu1+esm3
                                   Available with Ubuntu Pro
   libiso9660-8                    0.83-4.2ubuntu1+esm3
                                   Available with Ubuntu Pro
   libudf0                         0.83-4.2ubuntu1+esm3
                                   Available with Ubuntu Pro

Ubuntu 14.04 LTS
   libcdio13                       0.83-4.1ubuntu1+esm3
                                   Available with Ubuntu Pro
   libiso9660-8                    0.83-4.1ubuntu1+esm3
                                   Available with Ubuntu Pro
   libudf0                         0.83-4.1ubuntu1+esm3
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6855-1

CVE-2024-36600

Ubuntu Security Notice USN-6855-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here