Описание
Security update for libcdio
This update for libcdio fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2017-18199: Fixed a NULL pointer dereference in realloc_symlink in rock.c (bsc#1082821)
- CVE-2017-18201: Fixed a double free vulnerability in get_cdtext_generic() in _cdio_generic.c (bsc#1082877)
- Fixed several memory leaks (bsc#1082821)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
cdio-utils-0.94-lp150.5.3.1
libcdio-0.94-lp150.5.3.1
libcdio++0-0.94-lp150.5.3.1
libcdio++0-32bit-0.94-lp150.5.3.1
libcdio-devel-0.94-lp150.5.3.1
libcdio16-0.94-lp150.5.3.1
libcdio16-32bit-0.94-lp150.5.3.1
libiso9660-10-0.94-lp150.5.3.1
libiso9660-10-32bit-0.94-lp150.5.3.1
libudf0-0.94-lp150.5.3.1
libudf0-32bit-0.94-lp150.5.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:2294-1
- SUSE Security Ratings
Описание
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
Затронутые продукты
openSUSE Leap 15.0:cdio-utils-0.94-lp150.5.3.1
openSUSE Leap 15.0:libcdio++0-0.94-lp150.5.3.1
openSUSE Leap 15.0:libcdio++0-32bit-0.94-lp150.5.3.1
openSUSE Leap 15.0:libcdio-0.94-lp150.5.3.1
Ссылки
- CVE-2017-18199
- SUSE Bug 1082821
Описание
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.
Затронутые продукты
openSUSE Leap 15.0:cdio-utils-0.94-lp150.5.3.1
openSUSE Leap 15.0:libcdio++0-0.94-lp150.5.3.1
openSUSE Leap 15.0:libcdio++0-32bit-0.94-lp150.5.3.1
openSUSE Leap 15.0:libcdio-0.94-lp150.5.3.1
Ссылки
- CVE-2017-18201
- SUSE Bug 1082877