Issued:
2018-10-30
Updated:
2018-10-30

RHSA-2018:3246 - Security Advisory

Synopsis

Low: libcdio security update

Type/Severity

Security Advisory: Low

Topic

An update for libcdio is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libcdio library provides an interface for CD-ROM access. It can be used by applications that need OS-independent and device-independent access to CD-ROM devices.

Security Fix(es):

  • libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198)
  • libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199)
  • libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

  • BZ - 1549644 - CVE-2017-18198 libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c
  • BZ - 1549701 - CVE-2017-18199 libcdio: NULL pointer dereference in realloc_symlink in rock.c
  • BZ - 1549707 - CVE-2017-18201 libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c

CVEs

References

Red Hat Enterprise Linux Server 7

SRPM
libcdio-0.92-3.el7.src.rpm SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
x86_64
libcdio-0.92-3.el7.i686.rpm SHA-256: 1b41dd384693e1a505f6770059998f72e353c23fab92d96415b5645a7c17b868
libcdio-0.92-3.el7.x86_64.rpm SHA-256: 1209d3cb3bd4f4075be04eb22a52509e7aec627f54588acd476faf675cb3d697
libcdio-debuginfo-0.92-3.el7.i686.rpm SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.i686.rpm SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.x86_64.rpm SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-debuginfo-0.92-3.el7.x86_64.rpm SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-devel-0.92-3.el7.i686.rpm SHA-256: 20b34f3fbf565823201e5bfdeebefd9c8e270e1101a5782319a3af37a492a61d
libcdio-devel-0.92-3.el7.x86_64.rpm SHA-256: c8ab19fb06f6890a2b3fd4ed87574ded00b1da9de626a3d1c73ed9007f0f7db7

Red Hat Enterprise Linux Workstation 7

SRPM
libcdio-0.92-3.el7.src.rpm SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
x86_64
libcdio-0.92-3.el7.i686.rpm SHA-256: 1b41dd384693e1a505f6770059998f72e353c23fab92d96415b5645a7c17b868
libcdio-0.92-3.el7.x86_64.rpm SHA-256: 1209d3cb3bd4f4075be04eb22a52509e7aec627f54588acd476faf675cb3d697
libcdio-debuginfo-0.92-3.el7.i686.rpm SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.i686.rpm SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.x86_64.rpm SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-debuginfo-0.92-3.el7.x86_64.rpm SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-devel-0.92-3.el7.i686.rpm SHA-256: 20b34f3fbf565823201e5bfdeebefd9c8e270e1101a5782319a3af37a492a61d
libcdio-devel-0.92-3.el7.x86_64.rpm SHA-256: c8ab19fb06f6890a2b3fd4ed87574ded00b1da9de626a3d1c73ed9007f0f7db7

Red Hat Enterprise Linux Desktop 7

SRPM
libcdio-0.92-3.el7.src.rpm SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
x86_64
libcdio-0.92-3.el7.i686.rpm SHA-256: 1b41dd384693e1a505f6770059998f72e353c23fab92d96415b5645a7c17b868
libcdio-0.92-3.el7.x86_64.rpm SHA-256: 1209d3cb3bd4f4075be04eb22a52509e7aec627f54588acd476faf675cb3d697
libcdio-debuginfo-0.92-3.el7.i686.rpm SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.i686.rpm SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.x86_64.rpm SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-debuginfo-0.92-3.el7.x86_64.rpm SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-devel-0.92-3.el7.i686.rpm SHA-256: 20b34f3fbf565823201e5bfdeebefd9c8e270e1101a5782319a3af37a492a61d
libcdio-devel-0.92-3.el7.x86_64.rpm SHA-256: c8ab19fb06f6890a2b3fd4ed87574ded00b1da9de626a3d1c73ed9007f0f7db7

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
libcdio-0.92-3.el7.src.rpm SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
s390x
libcdio-0.92-3.el7.s390.rpm SHA-256: a77425621c2ec2ac5faccd57fb89463e8b1f0ee0ccd36e64bc3d172cb16a4325
libcdio-0.92-3.el7.s390x.rpm SHA-256: 70d228826d263a28fb4b791bcd7ff6058f887d663b37d19b35eabf43d0e016c4
libcdio-debuginfo-0.92-3.el7.s390.rpm SHA-256: 5ce0bf5ca61a7ec5498020827ab7abe1b543f9a963db1640b77202add5204c1b
libcdio-debuginfo-0.92-3.el7.s390.rpm SHA-256: 5ce0bf5ca61a7ec5498020827ab7abe1b543f9a963db1640b77202add5204c1b
libcdio-debuginfo-0.92-3.el7.s390x.rpm SHA-256: 470c9d6416a91fe0960190545a061837a6b69f94bf5af39a85c2a73128ccdecf
libcdio-debuginfo-0.92-3.el7.s390x.rpm SHA-256: 470c9d6416a91fe0960190545a061837a6b69f94bf5af39a85c2a73128ccdecf
libcdio-devel-0.92-3.el7.s390.rpm SHA-256: 2ad94a147d3d11f8e91a3c7db50f6406b8bf77f23f1580077901fdc2d0f1e99b
libcdio-devel-0.92-3.el7.s390x.rpm SHA-256: 2bf04badc4c25a1d028b2a7a9f683d51afa87fbecf51c8846731af4c99759fda

Red Hat Enterprise Linux for Power, big endian 7

SRPM
libcdio-0.92-3.el7.src.rpm SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
ppc64
libcdio-0.92-3.el7.ppc.rpm SHA-256: 24c147e813e3ddb2a3df8fff54a9f8a3e102305999f11ba729da5f599a6a09c0
libcdio-0.92-3.el7.ppc64.rpm SHA-256: 01b895bbc116df6b26943aa03fe8fd1669024f6e4d5e023232cb0bc12b52ac94
libcdio-debuginfo-0.92-3.el7.ppc.rpm SHA-256: a5fa75c223b696fb3ec23271f1c119045b143ed0d3cb3bf5746ab4c44d9e7ce7
libcdio-debuginfo-0.92-3.el7.ppc.rpm SHA-256: a5fa75c223b696fb3ec23271f1c119045b143ed0d3cb3bf5746ab4c44d9e7ce7
libcdio-debuginfo-0.92-3.el7.ppc64.rpm SHA-256: ea69350f37e898d1fa994979bb1f7f602f69889327eeba00cd7957f654ff306d
libcdio-debuginfo-0.92-3.el7.ppc64.rpm SHA-256: ea69350f37e898d1fa994979bb1f7f602f69889327eeba00cd7957f654ff306d
libcdio-devel-0.92-3.el7.ppc.rpm SHA-256: fc00f14c1ed7478784f66fe24f912b94720885b80e44eb3f5663f37a7c5f6128
libcdio-devel-0.92-3.el7.ppc64.rpm SHA-256: 68cfb4808479da2f3cb73f8182a752a90038f72e30ce69e1e07519012130a1c8

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
libcdio-0.92-3.el7.src.rpm SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
x86_64
libcdio-0.92-3.el7.i686.rpm SHA-256: 1b41dd384693e1a505f6770059998f72e353c23fab92d96415b5645a7c17b868
libcdio-0.92-3.el7.x86_64.rpm SHA-256: 1209d3cb3bd4f4075be04eb22a52509e7aec627f54588acd476faf675cb3d697
libcdio-debuginfo-0.92-3.el7.i686.rpm SHA-256: 06770fc755d261fa8a08a5eddbfe899270c55b4efc6db34340fde587cdbdb4d7
libcdio-debuginfo-0.92-3.el7.x86_64.rpm SHA-256: e38eef8f12ee5bca5431e01652f2543908350e7d57caa7203a25b30c0037ccc9
libcdio-devel-0.92-3.el7.i686.rpm SHA-256: 20b34f3fbf565823201e5bfdeebefd9c8e270e1101a5782319a3af37a492a61d
libcdio-devel-0.92-3.el7.x86_64.rpm SHA-256: c8ab19fb06f6890a2b3fd4ed87574ded00b1da9de626a3d1c73ed9007f0f7db7

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libcdio-0.92-3.el7.src.rpm SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
ppc64le
libcdio-0.92-3.el7.ppc64le.rpm SHA-256: 0ef0194b323f0b875bfa217a14f10ded7ed2489530ca0ae2297e12670fcbef50
libcdio-debuginfo-0.92-3.el7.ppc64le.rpm SHA-256: 9da86c78a8bc9cc8a20749e8e6f3d48568184b0f5e5dc3316b30b5dd7551e873
libcdio-debuginfo-0.92-3.el7.ppc64le.rpm SHA-256: 9da86c78a8bc9cc8a20749e8e6f3d48568184b0f5e5dc3316b30b5dd7551e873
libcdio-devel-0.92-3.el7.ppc64le.rpm SHA-256: 1b1d4b66935948e374ed07222e2fe7691331cf755cb4a1ec7d2981fb0f39f485

Red Hat Enterprise Linux for ARM 64 7

SRPM
libcdio-0.92-3.el7.src.rpm SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
aarch64
libcdio-0.92-3.el7.aarch64.rpm SHA-256: ab594e2d5e46ac4fc9a44668fb1f122c98bc401e4c73699aa3a29f2f1b9ce946
libcdio-debuginfo-0.92-3.el7.aarch64.rpm SHA-256: 9f758f1ae75279d782f5aa9be29f76aff426b0d9557b3d29336faa7cf042990e
libcdio-debuginfo-0.92-3.el7.aarch64.rpm SHA-256: 9f758f1ae75279d782f5aa9be29f76aff426b0d9557b3d29336faa7cf042990e
libcdio-devel-0.92-3.el7.aarch64.rpm SHA-256: 9419735fe068cab7d85e168407bca3dd6f3d2fd133db7f90f9fddddc9ce7545b

Red Hat Enterprise Linux for Power 9 7

SRPM
libcdio-0.92-3.el7.src.rpm SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
ppc64le
libcdio-0.92-3.el7.ppc64le.rpm SHA-256: 0ef0194b323f0b875bfa217a14f10ded7ed2489530ca0ae2297e12670fcbef50
libcdio-debuginfo-0.92-3.el7.ppc64le.rpm SHA-256: 9da86c78a8bc9cc8a20749e8e6f3d48568184b0f5e5dc3316b30b5dd7551e873
libcdio-debuginfo-0.92-3.el7.ppc64le.rpm SHA-256: 9da86c78a8bc9cc8a20749e8e6f3d48568184b0f5e5dc3316b30b5dd7551e873
libcdio-devel-0.92-3.el7.ppc64le.rpm SHA-256: 1b1d4b66935948e374ed07222e2fe7691331cf755cb4a1ec7d2981fb0f39f485

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
libcdio-0.92-3.el7.src.rpm SHA-256: b4a700af4b6fa194ade2557e4355595fa53168e91802f0c55fe151b1da0c9132
s390x
libcdio-0.92-3.el7.s390.rpm SHA-256: a77425621c2ec2ac5faccd57fb89463e8b1f0ee0ccd36e64bc3d172cb16a4325
libcdio-0.92-3.el7.s390x.rpm SHA-256: 70d228826d263a28fb4b791bcd7ff6058f887d663b37d19b35eabf43d0e016c4
libcdio-debuginfo-0.92-3.el7.s390.rpm SHA-256: 5ce0bf5ca61a7ec5498020827ab7abe1b543f9a963db1640b77202add5204c1b
libcdio-debuginfo-0.92-3.el7.s390.rpm SHA-256: 5ce0bf5ca61a7ec5498020827ab7abe1b543f9a963db1640b77202add5204c1b
libcdio-debuginfo-0.92-3.el7.s390x.rpm SHA-256: 470c9d6416a91fe0960190545a061837a6b69f94bf5af39a85c2a73128ccdecf
libcdio-debuginfo-0.92-3.el7.s390x.rpm SHA-256: 470c9d6416a91fe0960190545a061837a6b69f94bf5af39a85c2a73128ccdecf
libcdio-devel-0.92-3.el7.s390.rpm SHA-256: 2ad94a147d3d11f8e91a3c7db50f6406b8bf77f23f1580077901fdc2d0f1e99b
libcdio-devel-0.92-3.el7.s390x.rpm SHA-256: 2bf04badc4c25a1d028b2a7a9f683d51afa87fbecf51c8846731af4c99759fda

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.