Updated libcdio packages fix security vulnerabilities
Publication date: 22 Apr 2018Modification date: 22 Apr 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-18198 , CVE-2017-18199 , CVE-2017-18201
Description
A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS (CVE-2017-18198). A NULL pointer dereference flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files (CVE-2017-18199). A double-free flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files (CVE-2017-18201).
References
- https://bugs.mageia.org/show_bug.cgi?id=22740
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NHBEK7JWO4GCS73UAOQOUFGTMIIMYYTR/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18198
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18199
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18201
SRPMS
6/core
- libcdio-0.94-1.1.mga6