USN-580-1: libcdio vulnerability
20 February 2008
libcdio vulnerability
Releases
Packages
- libcdio -
Details
Devon Miller discovered that the iso-info and cd-info tools did not
properly perform bounds checking. If a user were tricked into using
these tools with a crafted iso image, an attacker could cause a
denial of service (core dump) and possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 7.10
Ubuntu 7.04
Ubuntu 6.10
Ubuntu 6.06
In general, a standard system upgrade is sufficient to effect the
necessary changes.