USN-6855-1: libcdio vulnerability
28 June 2024
libcdio could be made to crash or run programs as your login if it opened a specially crafted file.
Releases
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- libcdio - C++ library to read and control CD-ROM (development files)
Details
Mansour Gashasbi discovered that libcdio incorrectly handled certain
memory operations when parsing an ISO file, leading to a buffer overflow
vulnerability. An attacker could use this to cause a denial of service
or possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04
-
libcdio++1t64
-
2.1.0-4.1ubuntu1.2
-
libcdio19t64
-
2.1.0-4.1ubuntu1.2
-
libiso9660++0t64
-
2.1.0-4.1ubuntu1.2
-
libiso9660-11t64
-
2.1.0-4.1ubuntu1.2
-
libudf0t64
-
2.1.0-4.1ubuntu1.2
Ubuntu 23.10
-
libcdio++1
-
2.1.0-4ubuntu0.2
-
libcdio19
-
2.1.0-4ubuntu0.2
-
libiso9660++0
-
2.1.0-4ubuntu0.2
-
libiso9660-11
-
2.1.0-4ubuntu0.2
-
libudf0
-
2.1.0-4ubuntu0.2
Ubuntu 22.04
-
libcdio++1
-
2.1.0-3ubuntu0.2
-
libcdio19
-
2.1.0-3ubuntu0.2
-
libiso9660++0
-
2.1.0-3ubuntu0.2
-
libiso9660-11
-
2.1.0-3ubuntu0.2
-
libudf0
-
2.1.0-3ubuntu0.2
Ubuntu 20.04
Ubuntu 18.04
-
libcdio17
-
1.0.0-2ubuntu2+esm2
Available with Ubuntu Pro
-
libiso9660-10
-
1.0.0-2ubuntu2+esm2
Available with Ubuntu Pro
-
libudf0
-
1.0.0-2ubuntu2+esm2
Available with Ubuntu Pro
Ubuntu 16.04
-
libcdio13
-
0.83-4.2ubuntu1+esm3
Available with Ubuntu Pro
-
libiso9660-8
-
0.83-4.2ubuntu1+esm3
Available with Ubuntu Pro
-
libudf0
-
0.83-4.2ubuntu1+esm3
Available with Ubuntu Pro
Ubuntu 14.04
-
libcdio13
-
0.83-4.1ubuntu1+esm3
Available with Ubuntu Pro
-
libiso9660-8
-
0.83-4.1ubuntu1+esm3
Available with Ubuntu Pro
-
libudf0
-
0.83-4.1ubuntu1+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.