SCIENTIFIC-LINUX-ERRATA Archives

November 2018

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Date:
Mon, 26 Nov 2018 18:21:21 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (31 lines)
Synopsis:          Low: libcdio security update
Advisory ID:       SLSA-2018:3246-1
Issue Date:        2018-10-30
CVE Numbers:       CVE-2017-18198
                   CVE-2017-18199
                   CVE-2017-18201
--

Security Fix(es):

* libcdio: Heap-based buffer over-read in print_iso9660_recurse function
in iso-info.c (CVE-2017-18198)

* libcdio: NULL pointer dereference in realloc_symlink in rock.c
(CVE-2017-18199)

* libcdio: Double free in get_cdtext_generic() in
lib/driver/_cdio_generic.c (CVE-2017-18201)
--

SL7
  x86_64
    libcdio-0.92-3.el7.i686.rpm
    libcdio-0.92-3.el7.x86_64.rpm
    libcdio-debuginfo-0.92-3.el7.i686.rpm
    libcdio-debuginfo-0.92-3.el7.x86_64.rpm
    libcdio-devel-0.92-3.el7.i686.rpm
    libcdio-devel-0.92-3.el7.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2