[ubuntu/mantic-security] libcdio 2.1.0-4ubuntu0.2 (Accepted)
Evan Caville
evan.caville at canonical.com
Sun Jun 30 23:58:25 UTC 2024
libcdio (2.1.0-4ubuntu0.2) mantic-security; urgency=medium
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2024-36600-1.patch: Allocates space for
growth and additional buffer in lib/iso9660/rock.c
- debian/patches/CVE-2024-36600-2.patch: Limits the maximum read
count to prevent an overflow in lib/driver/_cdio_stdio.c
- debian/patches/CVE-2024-36600-3.patch: Adds input validation to
unicode16_decode function in lib/udf/udf_fs.c
- debian/patches/CVE-2024-36600-4.patch: Adds bounds checking for
directory buffer size and total size calculation in
lib/iso9660/iso9660_fs.c
- debian/patches/CVE-2024-36600-5.patch: Fixes overflow in iso9660
dir read (32-bit) in lib/iso9660/iso9660_fs.c
- debian/patches/CVE-2024-36600-6.patch: Checks the validity of
i_extended_attr member in udf_get_lba() in lib/udf/udf_fs.c
- debian/patches/CVE-2024-36600-7.patch: Adds 32-bit size test
only when needed in lib/iso9660/iso9660_fs.c
- CVE-2024-36600
Date: 2024-06-26 01:54:10.255092+00:00
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Signed-By: Evan Caville <evan.caville at canonical.com>
https://launchpad.net/ubuntu/+source/libcdio/2.1.0-4ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the mantic-changes
mailing list