Описание
Security update for libmirage
This update for libmirage fixes the following issues:
CVE-2019-15540: The CSO filter in libMirage in CDemu did not validate the part size, triggering a heap-based buffer overflow that could lead to root access by a local user. [boo#1148087]
- Update to new upstream release 3.2.2
- ISO parser: fixed ISO9660/UDF pattern search for sector sizes 2332 and 2336.
- ISO parser: added support for Nintendo GameCube and Wii ISO images.
- Extended medium type guess to distinguish between DVD and BluRay images based on length.
- Removed fabrication of disc structures from the library (moved to CDEmu daemon).
- MDS parser: cleanup of disc structure parsing, fixed the incorrectly set structure sizes.
Список пакетов
openSUSE Leap 15.1
libmirage-3_2-3.2.2-lp151.3.3.1
libmirage-data-3.2.2-lp151.3.3.1
libmirage-devel-3.2.2-lp151.3.3.1
libmirage-lang-3.2.2-lp151.3.3.1
libmirage11-3.2.2-lp151.3.3.1
typelib-1_0-libmirage-3_2-3.2.2-lp151.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2033-1
- SUSE Security Ratings
- SUSE Bug 1148087
- SUSE CVE CVE-2019-15540 page
Описание
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.
Затронутые продукты
openSUSE Leap 15.1:libmirage-3_2-3.2.2-lp151.3.3.1
openSUSE Leap 15.1:libmirage-data-3.2.2-lp151.3.3.1
openSUSE Leap 15.1:libmirage-devel-3.2.2-lp151.3.3.1
openSUSE Leap 15.1:libmirage-lang-3.2.2-lp151.3.3.1
Ссылки
- CVE-2019-15540
- SUSE Bug 1148087