Security update for libcdio
This update for libcdio fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2017-18199: Fixed a NULL pointer dereference in realloc_symlink in rock.c
(bsc#1082821)
- CVE-2017-18201: Fixed a double free vulnerability in get_cdtext_generic() in
_cdio_generic.c (bsc#1082877)
- Fixed several memory leaks (bsc#1082821)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Stanislav Brabec (sbrabec)
Fixed bugs
bnc#1082821
VUL-1: CVE-2017-18199: libcdio: realloc_symlink in rock.c allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
bnc#1082877
VUL-0: CVE-2017-18201: libcdio: There is a double free inget_cdtext_generic() in lib/driver/_cdio_generic.c.
