Описание
Security update for libcdio
This update for libcdio fixes the following issues:
The following security vulnerability was addressed:
- CVE-2017-18199: Fixed a NULL pointer dereference in realloc_symlink in rock.c, which allowed remote attackers to cause a denial of service via a crafted ISO file. (bsc#1082821)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
libcdio14-0.90-6.6.5
libcdio14-32bit-0.90-6.6.5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libcdio14-0.90-6.6.5
libcdio14-32bit-0.90-6.6.5
SUSE Linux Enterprise Software Development Kit 12 SP5
libcdio++0-0.90-6.6.5
libcdio-devel-0.90-6.6.5
libiso9660-8-0.90-6.6.5
libudf0-0.90-6.6.5
SUSE Linux Enterprise Workstation Extension 12 SP5
libiso9660-8-0.90-6.6.5
Ссылки
- Link for SUSE-SU-2020:3023-1
- E-Mail link for SUSE-SU-2020:3023-1
- SUSE Security Ratings
- SUSE Bug 1082821
- SUSE CVE CVE-2017-18199 page
Описание
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libcdio14-0.90-6.6.5
SUSE Linux Enterprise Server 12 SP5:libcdio14-32bit-0.90-6.6.5
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcdio14-0.90-6.6.5
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcdio14-32bit-0.90-6.6.5
Ссылки
- CVE-2017-18199
- SUSE Bug 1082821