USN-5558-1: libcdio vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5558-1
August 10, 2022
libcdio vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in libcdio.
Software Description:
- libcdio: library to read and control digital audio CDs (development files)
Details:
Zhao Liang discovered that libcdio was not properly performing memory
management operations when processing ISO files, which could result
in a heap buffer overflow or in a NULL pointer dereference. If a user
or automated system were tricked into opening a specially crafted file,
an attacker could possibly use this issue to cause a denial of service.
(CVE-2017-18198, CVE-2017-18199)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
libcdio-cdda1 0.83-4.2ubuntu1+esm1
libcdio-paranoia1 0.83-4.2ubuntu1+esm1
libcdio-utils 0.83-4.2ubuntu1+esm1
libcdio13 0.83-4.2ubuntu1+esm1
libiso9660-8 0.83-4.2ubuntu1+esm1
libudf0 0.83-4.2ubuntu1+esm1
Ubuntu 14.04 ESM:
libcdio-cdda1 0.83-4.1ubuntu1+esm1
libcdio-paranoia1 0.83-4.1ubuntu1+esm1
libcdio-utils 0.83-4.1ubuntu1+esm1
libcdio13 0.83-4.1ubuntu1+esm1
libiso9660-8 0.83-4.1ubuntu1+esm1
libudf0 0.83-4.1ubuntu1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5558-1
CVE-2017-18198, CVE-2017-18199
A libcdio security update has been released for Ubuntu Linux 14.04 ESM and 16.04 ESM.