Mageia alert MGASA-2018-0225 (libcdio)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2018-0225: Updated libcdio packages fix security vulnerabilities 
Date:
    	     
 
Wed, 9 May 2018 20:33:51 +0200
Message-ID:
    	     
 
<20180509183351.21B079F9B1@duvel.mageia.org>
MGASA-2018-0225 - Updated libcdio packages fix security vulnerabilities

Publication date: 09 May 2018
URL: https://advisories.mageia.org/MGASA-2018-0225.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2017-18198,
     CVE-2017-18199,
     CVE-2017-18201

Description:
A heap corruption bug was found in the way libcdio handled processing of
ISO files. An attacker could potentially use this flaw to crash
applications using libcdio by tricking them into processing crafted ISO
files, thus resulting in local DoS (CVE-2017-18198).

A NULL pointer dereference flaw was found in the way libcdio handled
processing of ISO files. An attacker could potentially use this flaw to
crash applications using libcdio by tricking them into processing
crafted ISO files (CVE-2017-18199).

A double-free flaw was found in the way libcdio handled processing of
ISO files. An attacker could potentially use this flaw to crash
applications using libcdio by tricking them into processing crafted ISO
files (CVE-2017-18201).

References:
- https://bugs.mageia.org/show_bug.cgi?id=22902
-
https://lists.fedoraproject.org/archives/list/package-ann...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1...

SRPMS:
- 5/core/libcdio-0.92-3.1.mga5