Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
203
security advisorysecurity updatebuffer overflowMageia: 2024-0252 Moderate: libcdio Buffer Overflow Threat
Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. (CVE-2024-36600) References: . MGASA-2024-0252 - Updated libcdio packages fix security vulnerability Publication date: 03 Jul 2024 URL: https://advisories.mageia.org/MGASA-2024-0252.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-36600 Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. (CVE-2024-36600) References: - https://bugs.mageia.org/show_bug.cgi?id=33349 - https://ubuntu.com/security/notices/USN-6855-1 - https://www.cve.org/CVERecord?id=CVE-2024-36600 SRPMS: - 9/core/libcdio-2.1.0-4.1.mga9 . Mageia 2024-0253 announces a libcdio upgrade addressing a critical security vulnerability. Discover the potential consequences and solutions.. libcdio security, buffer overflow patch, Mageia updates, security vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Jul 03, 2024
•Important
Mageia
172
security advisorydenial of servicebuffer overflowUbuntu 24.04: USN-6855-1 Moderate: Buffer Overflow in Libcdio DDoS
libcdio could be made to crash or run programs as your login if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-6855-1 June 28, 2024 libcdio vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: libcdio could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - libcdio: C++ library to read and control CD-ROM (development files) Details: Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when parsing an ISO file, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libcdio++1t64 2.1.0-4.1ubuntu1.2 libcdio19t64 2.1.0-4.1ubuntu1.2 libiso9660++0t64 2.1.0-4.1ubuntu1.2 libiso9660-11t64 2.1.0-4.1ubuntu1.2 libudf0t64 2.1.0-4.1ubuntu1.2 Ubuntu 23.10 libcdio++1 2.1.0-4ubuntu0.2 libcdio19 2.1.0-4ubuntu0.2 libiso9660++0 2.1.0-4ubuntu0.2 libiso9660-11 2.1.0-4ubuntu0.2 libudf0 2.1.0-4ubuntu0.2 Ubuntu 22.04 LTS libcdio++1 2.1.0-3ubuntu0.2 libcdio19 2.1.0-3ubuntu0.2 libiso9660++0 2.1.0-3ubuntu0.2 libiso9660-11 2.1.0-3ubuntu0.2 libudf0 2.1.0-3ubuntu0.2 Ubuntu 20.04 LTS libcdio18 2.0.0-2ubuntu0.2 libiso9660-11 2.0.0-2ubuntu0.2 libudf0 2.0.0-2ubuntu0.2 Ubuntu 18.04 LTS libcdio17 1.0.0-2ubuntu2+esm2 Available with Ubuntu Pro libiso9660-10 1.0.0-2ubuntu2+esm2 Available with Ubuntu Pro libudf0 1.0.0-2ubuntu2+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS libcdio13 0.83-4.2ubuntu1+esm3 Available with Ubuntu Pro libiso9660-8 0.83-4.2ubuntu1+esm3 Available with Ubuntu Pro libudf0 0.83-4.2ubuntu1+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS libcdio13 0.83-4.1ubuntu1+esm3 Available with Ubuntu Pro libiso9660-8 0.83-4.1ubuntu1+esm3 Available with Ubuntu Pro libudf0 0.83-4.1ubuntu1+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6855-1 CVE-2024-36600 Package Information: https://launchpad.net/ubuntu/+source/libcdio/2.1.0-4ubuntu0.2 https://launchpad.net/ubuntu/+source/libcdio/2.0.0-2ubuntu0.2 . An urgent libcdio security flaw impacts various Ubuntu versions. Ensure to verify for updates to mitigate this significant risk.. Ubuntu Libcdio Update, Software Vulnerability Fix, Ubuntu Security Notice, Buffer Overflow Mitigation. . LinuxSecurity.com Team
Jul 01, 2024
Ubuntu
172
security advisorydenial of serviceupdateUbuntu 16.04 & 14.04: USN-5558-1 Moderate Libcdio Security Update
Several security issues were fixed in libcdio.. =========================================================================Ubuntu Security Notice USN-5558-1 August 10, 2022 libcdio vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in libcdio. Software Description: - libcdio: library to read and control digital audio CDs (development files) Details: Zhao Liang discovered that libcdio was not properly performing memory management operations when processing ISO files, which could result in a heap buffer overflow or in a NULL pointer dereference. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2017-18198, CVE-2017-18199) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libcdio-cdda1 0.83-4.2ubuntu1+esm1 libcdio-paranoia1 0.83-4.2ubuntu1+esm1 libcdio-utils 0.83-4.2ubuntu1+esm1 libcdio13 0.83-4.2ubuntu1+esm1 libiso9660-8 0.83-4.2ubuntu1+esm1 libudf0 0.83-4.2ubuntu1+esm1 Ubuntu 14.04 ESM: libcdio-cdda1 0.83-4.1ubuntu1+esm1 libcdio-paranoia1 0.83-4.1ubuntu1+esm1 libcdio-utils 0.83-4.1ubuntu1+esm1 libcdio13 0.83-4.1ubuntu1+esm1 libiso9660-8 0.83-4.1ubuntu1+esm1 libudf0 0.83-4.1ubuntu1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5558-1 CVE-2017-18198, CVE-2017-18199 . In November 2023, Ubuntu 14.04 and 16.04 received security updates for libcdio vulnerabilities, addressing risks like remote code execution and denial of service. libcdio Security, Ubuntu Update, Memory Management Issues. . Severity: Important. LinuxSecurity.com Team
Aug 10, 2022
•Important
Ubuntu
100
security advisorydenial of servicelow severitySUSE: 2020:3023-1 Low: libcdio NULL Pointer Denial Of Service
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for libcdio ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3023-1 Rating: low References: #1082821 Cross-References: CVE-2017-18199 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcdio fixes the following issues: The following security vulnerability was addressed: - CVE-2017-18199: Fixed a NULL pointer dereference in realloc_symlink in rock.c, which allowed remote attackers to cause a denial of service via a crafted ISO file. (bsc#1082821) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-3023=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3023=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3023=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libcdio-debugsource-0.90-6.6.5 libiso9660-8-0.90-6.6.5 libiso9660-8-debuginfo-0.90-6.6.5 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libcdio++0-0.90-6.6.5 libcdio++0-debuginfo-0.90-6.6.5 libcdio-debugsource-0.90-6.6.5 libcdio-devel-0.90-6.6.5 libiso9660-8-0.90-6.6.5 libiso9660-8-debuginfo-0.90-6.6.5 libudf0-0.90-6.6.5 libudf0-debuginfo-0.90-6.6.5 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libcdio-debugsource-0.90-6.6.5 libcdio14-0.90-6.6.5 libcdio14-debuginfo-0.90-6.6.5 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcdio14-32bit-0.90-6.6.5 libcdio14-debuginfo-32bit-0.90-6.6.5 References: https://www.suse.com/security/cve/CVE-2017-18199.html https://bugzilla.suse.com/1082821 . Addresses a NULL pointer vulnerability in libcdio that could lead to denial of service through specially crafted ISO images on SUSE Linux distributions.. SUSE Linux, libcdio, security update, denial of service, NULL pointer. . Severity: Low. LinuxSecurity.com Team
Oct 23, 2020
•Low
SuSE
100
security advisorylow severityDenial of ServiceSUSE: 2021:12345-7 Critical: libxyz Vulnerability Remote Code Execution
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for libcdio ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14498-1 Rating: low References: #1082821 Cross-References: CVE-2017-18199 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcdio and libcdio-mini fixes the following issues: Security issue fixed: - CVE-2017-18199: Fixed a NULL Pointer Dereference in realloc_symlink which could allow remote attackers to cause Denial of Service (bsc#1082821). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libcdio-14498=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libcdio-14498=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libcdio7-0.80-8.3.5 libcdio_cdda0-0.80-8.3.5 libcdio_paranoia0-0.80-8.3.5 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libcdio-debuginfo-0.80-8.3.5 libcdio-debugsource-0.80-8.3.5 References: https://www.suse.com/security/cve/CVE-2017-18199.html https://bugzilla.suse.com/1082821 _______________________________________________ sle-security-updates mailing list
Sep 23, 2020
•Low
SuSE
200
security advisorysecurity issuedouble freeScientific Linux SL7: SLSA-2018-3246-1 Low: libcdio Issues and Fixes
libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) * libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) * libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201) SL7 x86_64 libcdio-0.92-3.el7.i686.rpm libcdio-0.92-3.el7.x86_64.rpm libcdio-debuginfo-0.92-3.el7.i68 [More...]. Synopsis: Low: libcdio security update Advisory ID: SLSA-2018:3246-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2017-18198 CVE-2017-18199 CVE-2017-18201 -- Security Fix(es): * libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) * libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) * libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201) -- SL7 x86_64 libcdio-0.92-3.el7.i686.rpm libcdio-0.92-3.el7.x86_64.rpm libcdio-debuginfo-0.92-3.el7.i686.rpm libcdio-debuginfo-0.92-3.el7.x86_64.rpm libcdio-devel-0.92-3.el7.i686.rpm libcdio-devel-0.92-3.el7.x86_64.rpm - Scientific Linux Development Team . A minor security update for libcdio on Scientific Linux addresses several vulnerabilities. Check for essential patches included in the release.. libcdio, security advisory, Scientific Linux, buffer over-read, NULL pointer dereference. . Severity: Low. LinuxSecurity.com Team
Nov 26, 2018
•Low
Scientific Linux
98
security advisorysecurity fixRed Hat Enterprise LinuxRed Hat 7 RHSA-2018-3246-01 Low: Libcdio Buffer Over-Read
An update for libcdio is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: libcdio security update Advisory ID: RHSA-2018:3246-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3246 Issue date: 2018-10-30 CVE Names: CVE-2017-18198 CVE-2017-18199 CVE-2017-18201 ==================================================================== 1. Summary: An update for libcdio is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The libcdio library provides an interface for CD-ROM access. It can be used by applications that need OS-independent and device-independent access to CD-ROM devices. SecurityFix(es): * libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) * libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) * libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1549644 - CVE-2017-18198 libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c 1549701 - CVE-2017-18199 libcdio: NULL pointer dereference in realloc_symlink in rock.c 1549707 - CVE-2017-18201 libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libcdio-0.92-3.el7.src.rpm x86_64: libcdio-0.92-3.el7.i686.rpm libcdio-0.92-3.el7.x86_64.rpm libcdio-debuginfo-0.92-3.el7.i686.rpm libcdio-debuginfo-0.92-3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libcdio-debuginfo-0.92-3.el7.i686.rpm libcdio-debuginfo-0.92-3.el7.x86_64.rpm libcdio-devel-0.92-3.el7.i686.rpm libcdio-devel-0.92-3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: libcdio-0.92-3.el7.src.rpm x86_64: libcdio-0.92-3.el7.i686.rpm libcdio-0.92-3.el7.x86_64.rpm libcdio-debuginfo-0.92-3.el7.i686.rpm libcdio-debuginfo-0.92-3.el7.x86_64.rpm libcdio-devel-0.92-3.el7.i686.rpm libcdio-devel-0.92-3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: libcdio-0.92-3.el7.src.rpm ppc64: libcdio-0.92-3.el7.ppc.rpm libcdio-0.92-3.el7.ppc64.rpm libcdio-debuginfo-0.92-3.el7.ppc.rpm libcdio-debuginfo-0.92-3.el7.ppc64.rpm ppc64le: libcdio-0.92-3.el7.ppc64le.rpm libcdio-debuginfo-0.92-3.el7.ppc64le.rpm s390x: libcdio-0.92-3.el7.s390.rpm libcdio-0.92-3.el7.s390x.rpm libcdio-debuginfo-0.92-3.el7.s390.rpm libcdio-debuginfo-0.92-3.el7.s390x.rpm x86_64: libcdio-0.92-3.el7.i686.rpm libcdio-0.92-3.el7.x86_64.rpm libcdio-debuginfo-0.92-3.el7.i686.rpm libcdio-debuginfo-0.92-3.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: libcdio-0.92-3.el7.src.rpm aarch64: libcdio-0.92-3.el7.aarch64.rpm libcdio-debuginfo-0.92-3.el7.aarch64.rpm ppc64le: libcdio-0.92-3.el7.ppc64le.rpm libcdio-debuginfo-0.92-3.el7.ppc64le.rpm s390x: libcdio-0.92-3.el7.s390.rpm libcdio-0.92-3.el7.s390x.rpm libcdio-debuginfo-0.92-3.el7.s390.rpm libcdio-debuginfo-0.92-3.el7.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: libcdio-debuginfo-0.92-3.el7.aarch64.rpm libcdio-devel-0.92-3.el7.aarch64.rpm ppc64le: libcdio-debuginfo-0.92-3.el7.ppc64le.rpm libcdio-devel-0.92-3.el7.ppc64le.rpm s390x: libcdio-debuginfo-0.92-3.el7.s390.rpm libcdio-debuginfo-0.92-3.el7.s390x.rpm libcdio-devel-0.92-3.el7.s390.rpm libcdio-devel-0.92-3.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libcdio-debuginfo-0.92-3.el7.ppc.rpm libcdio-debuginfo-0.92-3.el7.ppc64.rpm libcdio-devel-0.92-3.el7.ppc.rpm libcdio-devel-0.92-3.el7.ppc64.rpm ppc64le: libcdio-debuginfo-0.92-3.el7.ppc64le.rpm libcdio-devel-0.92-3.el7.ppc64le.rpm s390x: libcdio-debuginfo-0.92-3.el7.s390.rpm libcdio-debuginfo-0.92-3.el7.s390x.rpm libcdio-devel-0.92-3.el7.s390.rpm libcdio-devel-0.92-3.el7.s390x.rpm x86_64: libcdio-debuginfo-0.92-3.el7.i686.rpm libcdio-debuginfo-0.92-3.el7.x86_64.rpm libcdio-devel-0.92-3.el7.i686.rpm libcdio-devel-0.92-3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v.7): Source: libcdio-0.92-3.el7.src.rpm x86_64: libcdio-0.92-3.el7.i686.rpm libcdio-0.92-3.el7.x86_64.rpm libcdio-debuginfo-0.92-3.el7.i686.rpm libcdio-debuginfo-0.92-3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libcdio-debuginfo-0.92-3.el7.i686.rpm libcdio-debuginfo-0.92-3.el7.x86_64.rpm libcdio-devel-0.92-3.el7.i686.rpm libcdio-devel-0.92-3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-18198 https://access.redhat.com/security/cve/CVE-2017-18199 https://access.redhat.com/security/cve/CVE-2017-18201 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW9gQUtzjgjWX9erEAQjVVw/+JN13RRK2dXdLC0QbjrBi0xDPpzoZKeMg wwK7GWBbxV3HcOL4yq3HRXSr+xu6TaTDsIf8SLCsF928IJTcQQ6pdyf/jRyjm7sq wPHeT3DmYYRk/1FrEm3YhaNyw8ZxfVIRNP+Q3oHHnZoV9VZbHqbK5vOSvIeL55bT ZAocjE1wKKTl5QrY15/AQVVtTGgoJG/zT8kmSsVuma0u6F82kaI23l8YMotOIR/5 IsIVvRv2+SCPlU6BqzvQqAoWQcMRulJhosc2L2Po+qwN13Lwv9WtNmrBoZ8twE8a SG5ljDtdPGU11vvD40ivifi4hmbG5sMjbsMh5PxiGsGSCdDaZvLNR6+XIHf6+jVF EgE3mFfWkZITIX5buQdOBcyTfqyfe07ixv9VxBiYavFT6Pn1aU7RhXvM1em2xjBt LzclY/LMRkzrbJ6DU5Wq7NCDHm7iqM0D/GzvhqNvYP9dNTxrTevxDln3g63ztl70 zGzI/bgb0PEovHdIQx0TBp+AmiIuy82s0WmKtcUHylNDO4fUey1WXEYldboO2R+v p7CYZEJuf5DsZVeXAZl2LakF5Jfaa9s+l/OlT8+sE8YOfHy5f2QRULmRJjnJ6fz0 U6NJifM8uWpCNv5dH91hLN1/tXhFGXcH0ZOhOIGwbvSQE7AhAXJM2k1EFw2UgjOP TroGnR1gZqg=pOse -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 30, 2018
•Low
Red Hat
202
security advisorymemory leaklow severityopenSUSE Leap 15.0: 2018:2294-1 Low: Memory Management Flaws
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for libcdio ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2294-1 Rating: low References: #1082821 #1082877 Cross-References: CVE-2017-18199 CVE-2017-18201 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libcdio fixes the following issues: The following security vulnerabilities were addressed: - CVE-2017-18199: Fixed a NULL pointer dereference in realloc_symlink in rock.c (bsc#1082821) - CVE-2017-18201: Fixed a double free vulnerability in get_cdtext_generic() in _cdio_generic.c (bsc#1082877) - Fixed several memory leaks (bsc#1082821) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-857=1 Package List: - openSUSE Leap 15.0 (i586 x86_64): libcdio++0-0.94-lp150.5.3.1 libcdio++0-debuginfo-0.94-lp150.5.3.1 libcdio-debugsource-0.94-lp150.5.3.1 libcdio-devel-0.94-lp150.5.3.1 libcdio16-0.94-lp150.5.3.1 libcdio16-debuginfo-0.94-lp150.5.3.1 libiso9660-10-0.94-lp150.5.3.1 libiso9660-10-debuginfo-0.94-lp150.5.3.1 libudf0-0.94-lp150.5.3.1 libudf0-debuginfo-0.94-lp150.5.3.1 - openSUSE Leap 15.0 (x86_64): cdio-utils-0.94-lp150.5.3.1 cdio-utils-debuginfo-0.94-lp150.5.3.1 cdio-utils-debugsource-0.94-lp150.5.3.1 libcdio++0-32bit-0.94-lp150.5.3.1 libcdio++0-32bit-debuginfo-0.94-lp150.5.3.1 libcdio16-32bit-0.94-lp150.5.3.1 libcdio16-32bit-debuginfo-0.94-lp150.5.3.1 libiso9660-10-32bit-0.94-lp150.5.3.1 libiso9660-10-32bit-debuginfo-0.94-lp150.5.3.1 libudf0-32bit-0.94-lp150.5.3.1 libudf0-32bit-debuginfo-0.94-lp150.5.3.1 References: https://www.suse.com/security/cve/CVE-2017-18199.html https://www.suse.com/security/cve/CVE-2017-18201.html https://bugzilla.suse.com/1082821 https://bugzilla.suse.com/1082877 -- . A new update for libcdio has been released, addressing several security vulnerabilities such as memory leaks and potential NULL pointer dereference errors.. libcdio fixes, openSUSE updates, memory management issues, security advisories. . Severity: Low. LinuxSecurity.com Team
Aug 10, 2018
•Low
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!