SUSE-SU-2018:2236-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2018/suse-su-20182236-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:2236-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:2236-1
Related
Published
2018-08-07T10:48:04Z
Modified
2025-05-02T04:06:39.609266Z
Upstream
Summary
Security update for libcdio
Details

This update for libcdio fixes the following issues:

The following security vulnerabilities were addressed:

  • CVE-2017-18199: Fixed a NULL pointer dereference in realloc_symlink in rock.c (bsc#1082821)
  • CVE-2017-18201: Fixed a double free vulnerability in getcdtextgeneric() in cdiogeneric.c (bsc#1082877)
  • Fixed several memory leaks (bsc#1082821)
References

Affected packages

SUSE:Linux Enterprise Module for Desktop Applications 15 / libcdio

Package

Name
libcdio
Purl
pkg:rpm/suse/libcdio&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.94-6.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "libudf0": "0.94-6.3.1",
            "libiso9660-10": "0.94-6.3.1",
            "libcdio-devel": "0.94-6.3.1",
            "libcdio++0": "0.94-6.3.1",
            "libcdio16": "0.94-6.3.1"
        }
    ]
}