USN-6855-1: libcdio vulnerability | Ubuntu security notices

Packages

libcdio - C++ library to read and control CD-ROM (development files)

Details

Mansour Gashasbi discovered that libcdio incorrectly handled certain
memory operations when parsing an ISO file, leading to a buffer overflow
vulnerability. An attacker could use this to cause a denial of service
or possibly execute arbitrary code.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
24.04 LTS noble	libcdio++1t64 – 2.1.0-4.1ubuntu1.2
	libcdio19t64 – 2.1.0-4.1ubuntu1.2
	libiso9660++0t64 – 2.1.0-4.1ubuntu1.2
	libiso9660-11t64 – 2.1.0-4.1ubuntu1.2
	libudf0t64 – 2.1.0-4.1ubuntu1.2
23.10 mantic	libcdio++1 – 2.1.0-4ubuntu0.2
	libcdio19 – 2.1.0-4ubuntu0.2
	libiso9660++0 – 2.1.0-4ubuntu0.2
	libiso9660-11 – 2.1.0-4ubuntu0.2
	libudf0 – 2.1.0-4ubuntu0.2
22.04 LTS jammy	libcdio++1 – 2.1.0-3ubuntu0.2
	libcdio19 – 2.1.0-3ubuntu0.2
	libiso9660++0 – 2.1.0-3ubuntu0.2
	libiso9660-11 – 2.1.0-3ubuntu0.2
	libudf0 – 2.1.0-3ubuntu0.2
20.04 LTS focal	libcdio18 – 2.0.0-2ubuntu0.2
	libiso9660-11 – 2.0.0-2ubuntu0.2
	libudf0 – 2.0.0-2ubuntu0.2
18.04 LTS bionic	libcdio17 – 1.0.0-2ubuntu2+esm2
	libiso9660-10 – 1.0.0-2ubuntu2+esm2
	libudf0 – 1.0.0-2ubuntu2+esm2
16.04 LTS xenial	libcdio13 – 0.83-4.2ubuntu1+esm3
	libiso9660-8 – 0.83-4.2ubuntu1+esm3
	libudf0 – 0.83-4.2ubuntu1+esm3
14.04 LTS trusty	libcdio13 – 0.83-4.1ubuntu1+esm3
	libiso9660-8 – 0.83-4.1ubuntu1+esm3
	libudf0 – 0.83-4.1ubuntu1+esm3

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

CVE-2024-36600

CVE-2024-36600