Publishing details
Changelog
libcdio (2.0.0-2ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2024-36600-1.patch: Allocates space for
growth and additional buffer in lib/iso9660/rock.c
- debian/patches/CVE-2024-36600-2.patch: Limits the maximum read
count to prevent an overflow in lib/driver/_cdio_stdio.c
- debian/patches/CVE-2024-36600-3.patch: Adds input validation to
unicode16_decode function in lib/udf/udf_fs.c
- debian/patches/CVE-2024-36600-4.patch: Adds bounds checking for
directory buffer size and total size calculation in
lib/iso9660/iso9660_fs.c
- debian/patches/CVE-2024-36600-5.patch: Fixes overflow in iso9660
dir read (32-bit) in lib/iso9660/iso9660_fs.c
- debian/patches/CVE-2024-36600-6.patch: Checks the validity of
i_extended_attr member in udf_get_lba() in lib/udf/udf_fs.c
- debian/patches/CVE-2024-36600-7.patch: Adds 32-bit size test
only when needed in lib/iso9660/iso9660_fs.c
- CVE-2024-36600
-- Bruce Cable <email address hidden> Mon, 24 Jun 2024 16:01:37 +1000
Builds
Built packages
-
libcdio-dev
library to read and control CD-ROM (development files)
-
libcdio-utils
sample applications based on the CDIO libraries
-
libcdio-utils-dbgsym
debug symbols for libcdio-utils
-
libcdio18
library to read and control CD-ROM
-
libcdio18-dbgsym
debug symbols for libcdio18
-
libiso9660-11
library to work with ISO9660 filesystems
-
libiso9660-11-dbgsym
debug symbols for libiso9660-11
-
libiso9660-dev
library to work with ISO9660 filesystems (development files)
-
libudf-dev
library to work with UDF filesystems (development files)
-
libudf0
library to work with UDF filesystems
-
libudf0-dbgsym
debug symbols for libudf0
Package files