Описание
Security update for libcdio
This update for libcdio fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2017-18199: Fixed a NULL pointer dereference in realloc_symlink in rock.c (bsc#1082821)
- CVE-2017-18201: Fixed a double free vulnerability in get_cdtext_generic() in _cdio_generic.c (bsc#1082877)
- Fixed several memory leaks (bsc#1082821)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15
libcdio++0-0.94-6.3.1
libcdio-devel-0.94-6.3.1
libcdio16-0.94-6.3.1
libiso9660-10-0.94-6.3.1
libudf0-0.94-6.3.1
Ссылки
- Link for SUSE-SU-2018:2236-1
- E-Mail link for SUSE-SU-2018:2236-1
- SUSE Security Ratings
- SUSE Bug 1082821
- SUSE Bug 1082877
- SUSE CVE CVE-2017-18199 page
- SUSE CVE CVE-2017-18201 page
Описание
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:libcdio++0-0.94-6.3.1
SUSE Linux Enterprise Module for Desktop Applications 15:libcdio-devel-0.94-6.3.1
SUSE Linux Enterprise Module for Desktop Applications 15:libcdio16-0.94-6.3.1
SUSE Linux Enterprise Module for Desktop Applications 15:libiso9660-10-0.94-6.3.1
Ссылки
- CVE-2017-18199
- SUSE Bug 1082821
Описание
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:libcdio++0-0.94-6.3.1
SUSE Linux Enterprise Module for Desktop Applications 15:libcdio-devel-0.94-6.3.1
SUSE Linux Enterprise Module for Desktop Applications 15:libcdio16-0.94-6.3.1
SUSE Linux Enterprise Module for Desktop Applications 15:libiso9660-10-0.94-6.3.1
Ссылки
- CVE-2017-18201
- SUSE Bug 1082877