Red Hat Product Errata RHSA-2018:3246 - Security Advisory

Issued:: 2018-10-30
Updated:: 2018-10-30

RHSA-2018:3246 - Security Advisory

Overview
Updated Packages

Synopsis

Low: libcdio security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libcdio is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libcdio library provides an interface for CD-ROM access. It can be used by applications that need OS-independent and device-independent access to CD-ROM devices.

Security Fix(es):

libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198)
libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199)
libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

BZ - 1549644 - CVE-2017-18198 libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c
BZ - 1549701 - CVE-2017-18199 libcdio: NULL pointer dereference in realloc_symlink in rock.c
BZ - 1549707 - CVE-2017-18201 libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
libcdio-0.92-3.el7.src.rpm	SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
x86_64
libcdio-0.92-3.el7.i686.rpm	SHA-256: 1b41dd384693e1a505f6770059998f72e353c23fab92d96415b5645a7c17b868
libcdio-0.92-3.el7.x86_64.rpm	SHA-256: 1209d3cb3bd4f4075be04eb22a52509e7aec627f54588acd476faf675cb3d697
libcdio-debuginfo-0.92-3.el7.i686.rpm	SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.i686.rpm	SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.x86_64.rpm	SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-debuginfo-0.92-3.el7.x86_64.rpm	SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-devel-0.92-3.el7.i686.rpm	SHA-256: 20b34f3fbf565823201e5bfdeebefd9c8e270e1101a5782319a3af37a492a61d
libcdio-devel-0.92-3.el7.x86_64.rpm	SHA-256: c8ab19fb06f6890a2b3fd4ed87574ded00b1da9de626a3d1c73ed9007f0f7db7

Red Hat Enterprise Linux Workstation 7

SRPM
libcdio-0.92-3.el7.src.rpm	SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
x86_64
libcdio-0.92-3.el7.i686.rpm	SHA-256: 1b41dd384693e1a505f6770059998f72e353c23fab92d96415b5645a7c17b868
libcdio-0.92-3.el7.x86_64.rpm	SHA-256: 1209d3cb3bd4f4075be04eb22a52509e7aec627f54588acd476faf675cb3d697
libcdio-debuginfo-0.92-3.el7.i686.rpm	SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.i686.rpm	SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.x86_64.rpm	SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-debuginfo-0.92-3.el7.x86_64.rpm	SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-devel-0.92-3.el7.i686.rpm	SHA-256: 20b34f3fbf565823201e5bfdeebefd9c8e270e1101a5782319a3af37a492a61d
libcdio-devel-0.92-3.el7.x86_64.rpm	SHA-256: c8ab19fb06f6890a2b3fd4ed87574ded00b1da9de626a3d1c73ed9007f0f7db7

Red Hat Enterprise Linux Desktop 7

SRPM
libcdio-0.92-3.el7.src.rpm	SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
x86_64
libcdio-0.92-3.el7.i686.rpm	SHA-256: 1b41dd384693e1a505f6770059998f72e353c23fab92d96415b5645a7c17b868
libcdio-0.92-3.el7.x86_64.rpm	SHA-256: 1209d3cb3bd4f4075be04eb22a52509e7aec627f54588acd476faf675cb3d697
libcdio-debuginfo-0.92-3.el7.i686.rpm	SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.i686.rpm	SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.x86_64.rpm	SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-debuginfo-0.92-3.el7.x86_64.rpm	SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-devel-0.92-3.el7.i686.rpm	SHA-256: 20b34f3fbf565823201e5bfdeebefd9c8e270e1101a5782319a3af37a492a61d
libcdio-devel-0.92-3.el7.x86_64.rpm	SHA-256: c8ab19fb06f6890a2b3fd4ed87574ded00b1da9de626a3d1c73ed9007f0f7db7

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
libcdio-0.92-3.el7.src.rpm	SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
s390x
libcdio-0.92-3.el7.s390.rpm	SHA-256: a77425621c2ec2ac5faccd57fb89463e8b1f0ee0ccd36e64bc3d172cb16a4325
libcdio-0.92-3.el7.s390x.rpm	SHA-256: 70d228826d263a28fb4b791bcd7ff6058f887d663b37d19b35eabf43d0e016c4
libcdio-debuginfo-0.92-3.el7.s390.rpm	SHA-256: 5ce0bf5ca61a7ec5498020827ab7abe1b543f9a963db1640b77202add5204c1b
libcdio-debuginfo-0.92-3.el7.s390.rpm	SHA-256: 5ce0bf5ca61a7ec5498020827ab7abe1b543f9a963db1640b77202add5204c1b
libcdio-debuginfo-0.92-3.el7.s390x.rpm	SHA-256: 470c9d6416a91fe0960190545a061837a6b69f94bf5af39a85c2a73128ccdecf
libcdio-debuginfo-0.92-3.el7.s390x.rpm	SHA-256: 470c9d6416a91fe0960190545a061837a6b69f94bf5af39a85c2a73128ccdecf
libcdio-devel-0.92-3.el7.s390.rpm	SHA-256: 2ad94a147d3d11f8e91a3c7db50f6406b8bf77f23f1580077901fdc2d0f1e99b
libcdio-devel-0.92-3.el7.s390x.rpm	SHA-256: 2bf04badc4c25a1d028b2a7a9f683d51afa87fbecf51c8846731af4c99759fda

Red Hat Enterprise Linux for Power, big endian 7

SRPM
libcdio-0.92-3.el7.src.rpm	SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
ppc64
libcdio-0.92-3.el7.ppc.rpm	SHA-256: 24c147e813e3ddb2a3df8fff54a9f8a3e102305999f11ba729da5f599a6a09c0
libcdio-0.92-3.el7.ppc64.rpm	SHA-256: 01b895bbc116df6b26943aa03fe8fd1669024f6e4d5e023232cb0bc12b52ac94
libcdio-debuginfo-0.92-3.el7.ppc.rpm	SHA-256: a5fa75c223b696fb3ec23271f1c119045b143ed0d3cb3bf5746ab4c44d9e7ce7
libcdio-debuginfo-0.92-3.el7.ppc.rpm	SHA-256: a5fa75c223b696fb3ec23271f1c119045b143ed0d3cb3bf5746ab4c44d9e7ce7
libcdio-debuginfo-0.92-3.el7.ppc64.rpm	SHA-256: ea69350f37e898d1fa994979bb1f7f602f69889327eeba00cd7957f654ff306d
libcdio-debuginfo-0.92-3.el7.ppc64.rpm	SHA-256: ea69350f37e898d1fa994979bb1f7f602f69889327eeba00cd7957f654ff306d
libcdio-devel-0.92-3.el7.ppc.rpm	SHA-256: fc00f14c1ed7478784f66fe24f912b94720885b80e44eb3f5663f37a7c5f6128
libcdio-devel-0.92-3.el7.ppc64.rpm	SHA-256: 68cfb4808479da2f3cb73f8182a752a90038f72e30ce69e1e07519012130a1c8

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
libcdio-0.92-3.el7.src.rpm	SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
x86_64
libcdio-0.92-3.el7.i686.rpm	SHA-256: 1b41dd384693e1a505f6770059998f72e353c23fab92d96415b5645a7c17b868
libcdio-0.92-3.el7.x86_64.rpm	SHA-256: 1209d3cb3bd4f4075be04eb22a52509e7aec627f54588acd476faf675cb3d697
libcdio-debuginfo-0.92-3.el7.i686.rpm	SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.x86_64.rpm	SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-devel-0.92-3.el7.i686.rpm	SHA-256: 20b34f3fbf565823201e5bfdeebefd9c8e270e1101a5782319a3af37a492a61d
libcdio-devel-0.92-3.el7.x86_64.rpm	SHA-256: c8ab19fb06f6890a2b3fd4ed87574ded00b1da9de626a3d1c73ed9007f0f7db7

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libcdio-0.92-3.el7.src.rpm	SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
ppc64le
libcdio-0.92-3.el7.ppc64le.rpm	SHA-256: 0ef0194b323f0b875bfa217a14f10ded7ed2489530ca0ae2297e12670fcbef50
libcdio-debuginfo-0.92-3.el7.ppc64le.rpm	SHA-256: 9da86c78a8bc9cc8a20749e8e6f3d48568184b0f5e5dc3316b30b5dd7551e873
libcdio-debuginfo-0.92-3.el7.ppc64le.rpm	SHA-256: 9da86c78a8bc9cc8a20749e8e6f3d48568184b0f5e5dc3316b30b5dd7551e873
libcdio-devel-0.92-3.el7.ppc64le.rpm	SHA-256: 1b1d4b66935948e374ed07222e2fe7691331cf755cb4a1ec7d2981fb0f39f485

Red Hat Enterprise Linux for ARM 64 7

SRPM
libcdio-0.92-3.el7.src.rpm	SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
aarch64
libcdio-0.92-3.el7.aarch64.rpm	SHA-256: ab594e2d5e46ac4fc9a44668fb1f122c98bc401e4c73699aa3a29f2f1b9ce946
libcdio-debuginfo-0.92-3.el7.aarch64.rpm	SHA-256: 9f758f1ae75279d782f5aa9be29f76aff426b0d9557b3d29336faa7cf042990e
libcdio-debuginfo-0.92-3.el7.aarch64.rpm	SHA-256: 9f758f1ae75279d782f5aa9be29f76aff426b0d9557b3d29336faa7cf042990e
libcdio-devel-0.92-3.el7.aarch64.rpm	SHA-256: 9419735fe068cab7d85e168407bca3dd6f3d2fd133db7f90f9fddddc9ce7545b

Red Hat Enterprise Linux for Power 9 7

SRPM
libcdio-0.92-3.el7.src.rpm	SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
ppc64le
libcdio-0.92-3.el7.ppc64le.rpm	SHA-256: 0ef0194b323f0b875bfa217a14f10ded7ed2489530ca0ae2297e12670fcbef50
libcdio-debuginfo-0.92-3.el7.ppc64le.rpm	SHA-256: 9da86c78a8bc9cc8a20749e8e6f3d48568184b0f5e5dc3316b30b5dd7551e873
libcdio-debuginfo-0.92-3.el7.ppc64le.rpm	SHA-256: 9da86c78a8bc9cc8a20749e8e6f3d48568184b0f5e5dc3316b30b5dd7551e873
libcdio-devel-0.92-3.el7.ppc64le.rpm	SHA-256: 1b1d4b66935948e374ed07222e2fe7691331cf755cb4a1ec7d2981fb0f39f485

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
libcdio-0.92-3.el7.src.rpm	SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
s390x
libcdio-0.92-3.el7.s390.rpm	SHA-256: a77425621c2ec2ac5faccd57fb89463e8b1f0ee0ccd36e64bc3d172cb16a4325
libcdio-0.92-3.el7.s390x.rpm	SHA-256: 70d228826d263a28fb4b791bcd7ff6058f887d663b37d19b35eabf43d0e016c4
libcdio-debuginfo-0.92-3.el7.s390.rpm	SHA-256: 5ce0bf5ca61a7ec5498020827ab7abe1b543f9a963db1640b77202add5204c1b
libcdio-debuginfo-0.92-3.el7.s390.rpm	SHA-256: 5ce0bf5ca61a7ec5498020827ab7abe1b543f9a963db1640b77202add5204c1b
libcdio-debuginfo-0.92-3.el7.s390x.rpm	SHA-256: 470c9d6416a91fe0960190545a061837a6b69f94bf5af39a85c2a73128ccdecf
libcdio-debuginfo-0.92-3.el7.s390x.rpm	SHA-256: 470c9d6416a91fe0960190545a061837a6b69f94bf5af39a85c2a73128ccdecf
libcdio-devel-0.92-3.el7.s390.rpm	SHA-256: 2ad94a147d3d11f8e91a3c7db50f6406b8bf77f23f1580077901fdc2d0f1e99b
libcdio-devel-0.92-3.el7.s390x.rpm	SHA-256: 2bf04badc4c25a1d028b2a7a9f683d51afa87fbecf51c8846731af4c99759fda

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories