libcdio security update

2018-11-15T18:48:20
ID CESA-2018:3246
Type centos
Reporter CentOS Project
Modified 2018-11-15T18:48:20

Description

CentOS Errata and Security Advisory CESA-2018:3246

The libcdio library provides an interface for CD-ROM access. It can be used by applications that need OS-independent and device-independent access to CD-ROM devices.

Security Fix(es):

  • libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198)

  • libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199)

  • libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2018-November/005493.html

Affected packages: libcdio libcdio-devel

Upstream details at: