Security update for libmirage (moderate)

ID OPENSUSE-SU-2019:2077-1
Type suse
Reporter Suse
Modified 2019-09-06T15:40:08


This update for libmirage fixes the following issues:

CVE-2019-15540: The CSO filter in libMirage in CDemu did not validate the part size, triggering a heap-based buffer overflow that could lead to root access by a local user. [boo#1148087]

  • Update to new upstream release 3.2.2
    • ISO parser: fixed ISO9660/UDF pattern search for sector sizes 2332 and 2336.
    • ISO parser: added support for Nintendo GameCube and Wii ISO images.
    • Extended medium type guess to distinguish between DVD and BluRay images based on length.
    • Removed fabrication of disc structures from the library (moved to CDEmu daemon).
    • MDS parser: cleanup of disc structure parsing, fixed the incorrectly set structure sizes.

This update was imported from the openSUSE:Leap:15.0:Update update project.