SUSE Package Hub - openSUSE-2019-2077

Update Info

openSUSE-2019-2077

Security update for libmirage

Type: security

Severity: moderate

Issued: 2019-09-06

Description:

This update for libmirage fixes the following issues:

CVE-2019-15540: The CSO filter in libMirage in CDemu did not validate the part size,
triggering a heap-based buffer overflow that could lead to root access by a local user.
[boo#1148087]

- Update to new upstream release 3.2.2
  * ISO parser: fixed ISO9660/UDF pattern search for sector
    sizes 2332 and 2336.
  * ISO parser: added support for Nintendo GameCube and Wii
    ISO images.
  * Extended medium type guess to distinguish between DVD and
    BluRay images based on length.
  * Removed fabrication of disc structures from the library
    (moved to CDEmu daemon).
  * MDS parser: cleanup of disc structure parsing, fixed the
    incorrectly set structure sizes.

This update was imported from the openSUSE:Leap:15.0:Update update project.

References

CVE: CVE-2019-15540
Bugzilla: 1148087 VUL-0: CVE-2019-15540: libmirage: filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user

Packages

libmirage-3.2.2-bp151.4.3.1