Ubuntu 6614 Published by

A libcdio security update has been released for Ubuntu Linux 14.04 ESM and 16.04 ESM.



USN-5558-1: libcdio vulnerabilities


==========================================================================
Ubuntu Security Notice USN-5558-1
August 10, 2022

libcdio vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in libcdio.

Software Description:
- libcdio: library to read and control digital audio CDs (development files)

Details:

Zhao Liang discovered that libcdio was not properly performing memory
management operations when processing ISO files, which could result
in a heap buffer overflow or in a NULL pointer dereference. If a user
or automated system were tricked into opening a specially crafted file,
an attacker could possibly use this issue to cause a denial of service.
(CVE-2017-18198, CVE-2017-18199)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
libcdio-cdda1 0.83-4.2ubuntu1+esm1
libcdio-paranoia1 0.83-4.2ubuntu1+esm1
libcdio-utils 0.83-4.2ubuntu1+esm1
libcdio13 0.83-4.2ubuntu1+esm1
libiso9660-8 0.83-4.2ubuntu1+esm1
libudf0 0.83-4.2ubuntu1+esm1

Ubuntu 14.04 ESM:
libcdio-cdda1 0.83-4.1ubuntu1+esm1
libcdio-paranoia1 0.83-4.1ubuntu1+esm1
libcdio-utils 0.83-4.1ubuntu1+esm1
libcdio13 0.83-4.1ubuntu1+esm1
libiso9660-8 0.83-4.1ubuntu1+esm1
libudf0 0.83-4.1ubuntu1+esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5558-1
CVE-2017-18198, CVE-2017-18199