Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="10977">
  <issue tracker="bnc" id="1148087">VUL-0: CVE-2019-15540: libmirage: filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user</issue>
  <issue tracker="cve" id="2019-15540"/>
  <packager>jengelh</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libmirage</summary>
  <description>This update for libmirage fixes the following issues:

CVE-2019-15540: The CSO filter in libMirage in CDemu did not validate the part size,
triggering a heap-based buffer overflow that could lead to root access by a local user.
[boo#1148087]

- Update to new upstream release 3.2.2
  * ISO parser: fixed ISO9660/UDF pattern search for sector
    sizes 2332 and 2336.
  * ISO parser: added support for Nintendo GameCube and Wii
    ISO images.
  * Extended medium type guess to distinguish between DVD and
    BluRay images based on length.
  * Removed fabrication of disc structures from the library
    (moved to CDEmu daemon).
  * MDS parser: cleanup of disc structure parsing, fixed the
    incorrectly set structure sizes.

This update was imported from the openSUSE:Leap:15.0:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places