Sunday, June 30, 2024

[USN-6855-1] libcdio vulnerability

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsDNBGYvHjQBDADOi4xF8D69+cDdNMpjhdrWL3Hs7cRLXj2+aOPuMJXBw+dKUeOJ
eLHWnU+yhzQAJTVMSO/cYSzbJSkSF45dSnAIwYU9A501PWv786NEBNNe76y7B8Nm
PTQlRHdet678wzNNvIPCF/Ovll1dmRwh6OBvuSGrjhAITv3F6fDYyP2GE9lfDYyr
aMvG6HxkUZF5mAOB8N0AkVQaiIVLNOXHeKcpznw0G0uW3LtMMQWlm/VPLnaAwehK
0xHW6iK9ou5t5pWYJHoLRWbLTqUHDa9wvDaW+UGMsReVymXRJApHmS/li16TOaJN
w5xyz2NZ30f8FEstdTPo3OmZGcOSqztaqJAKn2tePDTnGXr/yj6wognQGZzXMcRi
uyyN+8j98u1pGwIVnxBQuq+lvpnC6acLvGjrp7F8g5zj6yeYGPJoR1Zp4eP7vbim
KhwK5tQxyoN0b5jP+PdGRQ3AwCBIGVSMRx58JTrPTdmfbVTswlVx+Zc4SeMY9PkO
t8PYsDZR+op2mK0AEQEAAc0nQnJ1Y2UgQ2FibGUgPGJydWNlLmNhYmxlQGNhbm9u
aWNhbC5jb20+wsEOBBMBCgA4AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE
kd98mdFcnQdP7vQkuGrtzot7pOcFAmYvIIEACgkQuGrtzot7pOetwwv9F4wYw/6x
ZEAp0Vu5F8QlO1rKzEM2eI7Hle/YUEglOdEkKKgtOIrTFlGNIAovVrG/tR8iIdyb
JpEKZoD8e7Vq4wUDNMMTdmrDcetVIHJHCE6ZsFNTXuETss2oKZWPlYAWu9WKK/a3
CukscfORCuR7dVMXOSQ/B9MIt4KabfqOZo6Quh79HHLBNku4FfDlAoiBbG7jEir+
P8QgcJXG8PXjZC4TeVlY4nzGvecr/HVZuuX31GKjqvNRFgohWNYEveDy9zbdkqSf
OgpPHM5E3AAsZUNplo6iIWpxsJ8CyaO9kCNpAQko4rohmYp/VdC/PjaINZKqYT2w
RcZBhsaz8UnZ/frmPTQI8vYOMjhrJx+/t6j1U4hPc1IxeZONoe/vwPlFeR3tpJTC
Ve9uBEGDHZ4peg7wYq6soBaywPZtfhv+vdYfAjJ2W5Ve1xdWXn/Ni3t2Jj0zKOp1
EskzVYobpty3eAoW6BHL1YTin+1BRyt0fB0NoK956UNvQ0EHMm4+n2d2wsEUBBMB
CgA+FiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmYvHjQCGwMFCQPCZwAFCwkIBwIG
FQoJCAsCBBYCAwECHgECF4AACgkQuGrtzot7pOch/gv6A/IpwNg2u8tHVshl6skL
jdg+ZbN1iXjEWl/yZhPInPni0N3j+uYXO5WcbcnzHCABwl23CEXONDqK56YSFA3w
CriafqM60+8T0rhtE7V1ZDTnlscYWngW135EbPjTMV97UPAzGNJFxQABcNze3Ol3
Gfzqi8PM4dua+rBhuc7frLPGMnr6Uh0dK+48zkR7A3S4FpPodW9Lrx+3p1D4msF+
fCVqiXJAgNZ+4+4DLvw/Z0TqAfq8+p1U5ZPQghmY5t7Eb/ohqmMAHvfwt0ydqTb6
dPQFDftoS5X8k+bq3K2jcjjiXKpnfr2enUtLyC542bXWNcPd0plYYzrU4NI/jLsa
+65eMsJL+jMonB03lvbKcAmJriwsz8ptJPzOeRF+7XYYmgO7qg3FFTcxiomhPKSH
Fm+NAWzxTmHLzNQ93Y+3qSiQ0JGHs3M/68Juzl88qFhOqVUPZkd0q/fQpWWE/DU2
qDIpTJB/EOzrVjlgp9qTGJV1skGtW40nvhhpRhR/njz6zsDNBGYvHjQBDADGlkFl
ersL/tg3bhamgmyYg89KXwxILy7k74KtWQ/dufAf8M11q4y0BpzMu00nTRC0M5NH
nMSqZcvwz+iWvNDc5SiL4OwNg8YKU/3oGmCLBKDpWzXvBhLkGw8L94CLRakU358P
QCtmmPMdYVQ/HBJoxFhnzDPxe9ioPUm/sFaRHswCK/0hJ0q7LUz8w2D6gy+3SDcy
/9MaHTVRarGSVCeShz7qwAg/1dLTFosgxrb4fEKlldlbO97AM+GCpgt1Jew5e88Y
LEWP59/h6kDTQrPddUBO7hVNbly3Pxc8eL9b3iQ1wRJxBNrJ0hlGE4nBw6tVmUjc
vpngQHJ8ZmxQnVs3oVvZESFu6JPoqgNS8VhEAI6EnEOFFm5HL9uDL71fmacAWRrm
9gh1qsMByVvB6pOpeWSQPRicrgAAMcZP+COYl6uqwc2VCKL9NxahrjPjecSUHoEc
78tnVkHrOJiyUa4Xu1AJgeLuwhFnGbgF3SJ4/8/rrYoHScIS9+yKmYzHYDcAEQEA
AcLA/AQYAQoAJhYhBJHffJnRXJ0HT+70JLhq7c6Le6TnBQJmLx40AhsMBQkDwmcA
AAoJELhq7c6Le6Tn/0YL/3u59UilxpTpYCc24LevE7/2RgDHjxG+2TSPs+0G7jN5
wruyvRWOVahZ/N+XW2QLuOUimuYcRtDlAwwd/nsz8OMvVZ++NcFgKJNLUJOqe7Fn
t1oYtTUx9JX7E4j5+SZgG5ORWc4YfLx9hKRxfxZuKOjYrAjPn3f21TppQyhc/mt7
7afVn5tWGGAtV1LTf+qg8JZYLDk6/uz60QFmLga5/r5JDYsrZ9tLrlKymBL2CvJA
B80PAmY7BG0xcJPBU92rU/vj1qEBkQq6tV9dJMmf8u3j3PXVMQTvlm83INjr71lt
bzA/Wy6jHoW1xUWzDb6RKHpfLu87QJ9JMNe/A7eK3xWIwe9aDaQv1pftZ1p3DYau
4xZW0n/FI+30ZxH3W1dTuR2nodEPZIUtD2y8iZyQYie1Ru02rTnw364h/dAB2o7P
MGn/BTYQXiui5WHdgd4e8zAYTC8OSAVw5qjh42UIMltpCX5dli5blaM0lK70x2xe
24qugAHoDe4CIMOsmvXvEw==
=NMey
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmaCD7gFAwAAAAAACgkQuGrtzot7pOcy
Owv8COu0EKBcx3bZFBnE00FTKgAFfqAk0tG3SHHWbT1Aj0wkLxN1M+VvkSvtdvnqF5lIP1FG/tGZ
5uWRMXZFoMwKnJWVP7r+fLuNqcsOyO7HyPk6U08HMc3jLv+C5EPqWViEZd0LlgajD8HIuKg7Hlxv
8QRTJQ+LGW+Uhq16bOWS1ICPmPENw4nXDOYrcX4kPXgj5t8ETx3igWXuLumFfHCS2i3N98KE/fLw
mooi1Mku9PxgMPep8CXqG5OJhkuHq4A/tW3oplIjHRarK1/K14xeKQkvfi8ija0S0J5GYJ5qJLh+
/Icw0Er1ISzwBlyq4Tj4xq9Akg7aeK/q3kKfZWMwrNO9BGicOmqYNE9icuEjTNczyhIXeksqZ5kj
q42E7AYh5Q2x506Vy9AtJioiG2x5i98qaU0KXLg93JdR/GlF2gVrnEcOHS0NfmLs+FBQx5U2RGlF
WQvcia611xtDbBVwJ6AzaKsQkwIiaHCjunz0xOELgvxQ90/bEsvsCrFJML5l
=jnBi
-----END PGP SIGNATURE----- 

==========================================================================  Ubuntu Security Notice USN-6855-1  June 28, 2024    libcdio vulnerability  ==========================================================================    A security issue affects these releases of Ubuntu and its derivatives:    - Ubuntu 24.04 LTS  - Ubuntu 23.10  - Ubuntu 22.04 LTS  - Ubuntu 20.04 LTS  - Ubuntu 18.04 LTS  - Ubuntu 16.04 LTS  - Ubuntu 14.04 LTS    Summary:    libcdio could be made to crash or run programs as your login if it  opened a specially crafted file.    Software Description:  - libcdio: C++ library to read and control CD-ROM (development files)    Details:    Mansour Gashasbi discovered that libcdio incorrectly handled certain  memory operations when parsing an ISO file, leading to a buffer overflow  vulnerability. An attacker could use this to cause a denial of service   or possibly execute arbitrary code.    Update instructions:    The problem can be corrected by updating your system to the following  package versions:    Ubuntu 24.04 LTS    libcdio++1t64                   2.1.0-4.1ubuntu1.2    libcdio19t64                    2.1.0-4.1ubuntu1.2    libiso9660++0t64                2.1.0-4.1ubuntu1.2    libiso9660-11t64                2.1.0-4.1ubuntu1.2    libudf0t64                      2.1.0-4.1ubuntu1.2    Ubuntu 23.10    libcdio++1                      2.1.0-4ubuntu0.2    libcdio19                       2.1.0-4ubuntu0.2    libiso9660++0                   2.1.0-4ubuntu0.2    libiso9660-11                   2.1.0-4ubuntu0.2    libudf0                         2.1.0-4ubuntu0.2    Ubuntu 22.04 LTS    libcdio++1                      2.1.0-3ubuntu0.2    libcdio19                       2.1.0-3ubuntu0.2    libiso9660++0                   2.1.0-3ubuntu0.2    libiso9660-11                   2.1.0-3ubuntu0.2    libudf0                         2.1.0-3ubuntu0.2    Ubuntu 20.04 LTS    libcdio18                       2.0.0-2ubuntu0.2    libiso9660-11                   2.0.0-2ubuntu0.2    libudf0                         2.0.0-2ubuntu0.2    Ubuntu 18.04 LTS    libcdio17                       1.0.0-2ubuntu2+esm2                                    Available with Ubuntu Pro    libiso9660-10                   1.0.0-2ubuntu2+esm2                                    Available with Ubuntu Pro    libudf0                         1.0.0-2ubuntu2+esm2                                    Available with Ubuntu Pro    Ubuntu 16.04 LTS    libcdio13                       0.83-4.2ubuntu1+esm3                                    Available with Ubuntu Pro    libiso9660-8                    0.83-4.2ubuntu1+esm3                                    Available with Ubuntu Pro    libudf0                         0.83-4.2ubuntu1+esm3                                    Available with Ubuntu Pro    Ubuntu 14.04 LTS    libcdio13                       0.83-4.1ubuntu1+esm3                                    Available with Ubuntu Pro    libiso9660-8                    0.83-4.1ubuntu1+esm3                                    Available with Ubuntu Pro    libudf0                         0.83-4.1ubuntu1+esm3                                    Available with Ubuntu Pro    In general, a standard system update will make all the necessary changes.    References:    https://ubuntu.com/security/notices/USN-6855-1    CVE-2024-36600    Package Information:    https://launchpad.net/ubuntu/+source/libcdio/2.1.0-4.1ubuntu1.2    https://launchpad.net/ubuntu/+source/libcdio/2.1.0-4ubuntu0.2    https://launchpad.net/ubuntu/+source/libcdio/2.1.0-3ubuntu0.2    https://launchpad.net/ubuntu/+source/libcdio/2.0.0-2ubuntu0.2

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)