UbuntuUpdates.org

Package "libcdio"

Name: libcdio

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • sample applications based on the CDIO libraries
  • library to work with ISO9660 filesystems (development files)

Latest version: 2.1.0-4.1ubuntu1.2
Release: noble (24.04)
Level: security
Repository: universe

Links



Other versions of "libcdio" in Noble

Repository Area Version
base universe 2.1.0-4.1ubuntu1
base main 2.1.0-4.1ubuntu1
security main 2.1.0-4.1ubuntu1.2
updates main 2.1.0-4.1ubuntu1.2
updates universe 2.1.0-4.1ubuntu1.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.1.0-4.1ubuntu1.2 2024-07-01 01:07:11 UTC

  libcdio (2.1.0-4.1ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2024-36600-1.patch: Allocates space for
      growth and additional buffer in lib/iso9660/rock.c
    - debian/patches/CVE-2024-36600-2.patch: Limits the maximum read
      count to prevent an overflow in lib/driver/_cdio_stdio.c
    - debian/patches/CVE-2024-36600-3.patch: Adds input validation to
      unicode16_decode function in lib/udf/udf_fs.c
    - debian/patches/CVE-2024-36600-4.patch: Adds bounds checking for
      directory buffer size and total size calculation in
      lib/iso9660/iso9660_fs.c
    - debian/patches/CVE-2024-36600-5.patch: Fixes overflow in iso9660
      dir read (32-bit) in lib/iso9660/iso9660_fs.c
    - debian/patches/CVE-2024-36600-6.patch: Checks the validity of
      i_extended_attr member in udf_get_lba() in lib/udf/udf_fs.c
    - debian/patches/CVE-2024-36600-7.patch: Adds 32-bit size test
      only when needed in lib/iso9660/iso9660_fs.c
    - CVE-2024-36600

 -- Bruce Cable <email address hidden> Mon, 24 Jun 2024 12:34:25 +1000

CVE-2024-36600 Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.



About   -   Send Feedback to @ubuntu_updates