Debian Bug report logs -
#459129
libcdio: CVE-2007-6613 stack-based buffer overflow in print_iso9660_recurse function
Reported by: Nico Golde <nion@debian.org>
Date: Fri, 4 Jan 2008 13:30:54 UTC
Severity: grave
Tags: patch, security
Found in version 0.78.2+dfsg1-1
Fixed in version libcdio/0.78.2+dfsg1-2
Done: Nicolas Boullis <nboullis@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Nicolas Boullis <nboullis@debian.org>:
Bug#459129; Package libcdio.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Nicolas Boullis <nboullis@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libcdio
Version: 0.78.2+dfsg1-1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libcdio.
CVE-2007-6613[0]:
| Stack-based buffer overflow in the print_iso9660_recurse function in
| iso-info (src/iso-info.c) in GNU Compact Disc Input and Control
| Library (libcdio) 0.79 and earlier allows context-dependent attackers
| to cause a denial of service (core dump) and possibly execute
| arbitrary code via a disk or image that contains a long joilet file
| name.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6613
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Nicolas Boullis <nboullis@debian.org>:
Bug#459129; Package libcdio.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Nicolas Boullis <nboullis@debian.org>.
(full text, mbox, link).
Message #10 received at 459129@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 459129 + patch
thanks
Hi,
attached is a proposal for an NMU which includes a fix for
this if you have no time for an update yourself. Please
notify me in this case so i can upload.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/libcdio-0.78.2+dfsg1-1_0.78.2+dfsg1-1.1.patch
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[libcdio-0.78.2+dfsg1-1_0.78.2+dfsg1-1.1.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]
Tags added: patch
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Fri, 04 Jan 2008 14:06:11 GMT) (full text, mbox, link).
Message sent on to Nico Golde <nion@debian.org>:
Bug#459129.
(full text, mbox, link).
Message #15 received at 459129-submitter@bugs.debian.org (full text, mbox, reply):
Hi,
On Fri, Jan 04, 2008 at 03:02:37PM +0100, Nico Golde wrote:
> tags 459129 + patch
> thanks
> Hi,
> attached is a proposal for an NMU which includes a fix for
> this if you have no time for an update yourself. Please
> notify me in this case so i can upload.
>
> It will be also archived on:
> http://people.debian.org/~nion/nmu-diff/libcdio-0.78.2+dfsg1-1_0.78.2+dfsg1-1.1.patch
Thanks for your patch.
I did not know the alloca function; it looks interesting, although its
use is discouraged according to the corresponding manpage.
I think I should be able to upload within a few days, fixing also
#449457; feel free to tell me or to NMU if you thing a faster upload is
deserved.
Thanks,
Nicolas
Reply sent to Nicolas Boullis <nboullis@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #20 received at 459129-close@bugs.debian.org (full text, mbox, reply):
Source: libcdio
Source-Version: 0.78.2+dfsg1-2
We believe that the bug you reported is fixed in the latest version of
libcdio, which is due to be installed in the Debian FTP archive:
libcdio-cdda-dev_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio-cdda-dev_0.78.2+dfsg1-2_powerpc.deb
libcdio-cdda-dev_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio-cdda-dev_0.78.2+dfsg1-2_sparc.deb
libcdio-cdda0_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio-cdda0_0.78.2+dfsg1-2_powerpc.deb
libcdio-cdda0_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio-cdda0_0.78.2+dfsg1-2_sparc.deb
libcdio-dev_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio-dev_0.78.2+dfsg1-2_powerpc.deb
libcdio-dev_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio-dev_0.78.2+dfsg1-2_sparc.deb
libcdio-paranoia-dev_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio-paranoia-dev_0.78.2+dfsg1-2_powerpc.deb
libcdio-paranoia-dev_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio-paranoia-dev_0.78.2+dfsg1-2_sparc.deb
libcdio-paranoia0_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio-paranoia0_0.78.2+dfsg1-2_powerpc.deb
libcdio-paranoia0_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio-paranoia0_0.78.2+dfsg1-2_sparc.deb
libcdio-utils_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio-utils_0.78.2+dfsg1-2_powerpc.deb
libcdio-utils_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio-utils_0.78.2+dfsg1-2_sparc.deb
libcdio7_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libcdio7_0.78.2+dfsg1-2_powerpc.deb
libcdio7_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libcdio7_0.78.2+dfsg1-2_sparc.deb
libcdio_0.78.2+dfsg1-2.diff.gz
to pool/main/libc/libcdio/libcdio_0.78.2+dfsg1-2.diff.gz
libcdio_0.78.2+dfsg1-2.dsc
to pool/main/libc/libcdio/libcdio_0.78.2+dfsg1-2.dsc
libiso9660-5_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libiso9660-5_0.78.2+dfsg1-2_powerpc.deb
libiso9660-5_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libiso9660-5_0.78.2+dfsg1-2_sparc.deb
libiso9660-dev_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libiso9660-dev_0.78.2+dfsg1-2_powerpc.deb
libiso9660-dev_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libiso9660-dev_0.78.2+dfsg1-2_sparc.deb
libudf-dev_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libudf-dev_0.78.2+dfsg1-2_powerpc.deb
libudf-dev_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libudf-dev_0.78.2+dfsg1-2_sparc.deb
libudf0_0.78.2+dfsg1-2_powerpc.deb
to pool/main/libc/libcdio/libudf0_0.78.2+dfsg1-2_powerpc.deb
libudf0_0.78.2+dfsg1-2_sparc.deb
to pool/main/libc/libcdio/libudf0_0.78.2+dfsg1-2_sparc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 459129@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nicolas Boullis <nboullis@debian.org> (supplier of updated libcdio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 7 Jan 2008 00:34:44 +0100
Source: libcdio
Binary: libcdio-paranoia-dev libcdio-cdda-dev libcdio-utils libudf-dev libcdio-cdda0 libcdio-paranoia0 libudf0 libcdio-dev libiso9660-dev libcdio7 libiso9660-5
Architecture: powerpc source sparc
Version: 0.78.2+dfsg1-2
Distribution: unstable
Urgency: high
Maintainer: Nicolas Boullis <nboullis@debian.org>
Changed-By: Nicolas Boullis <nboullis@debian.org>
Description:
libcdio-cdda-dev - library to read and control digital audio CDs (development files)
libcdio-cdda0 - library to read and control digital audio CDs
libcdio-dev - library to read and control CD-ROM (development files)
libcdio-paranoia-dev - library to read digital audio CDs with error correction (developm
libcdio-paranoia0 - library to read digital audio CDs with error correction
libcdio-utils - sample applications based on the CDIO libraries
libcdio7 - library to read and control CD-ROM
libiso9660-5 - library to work with ISO9660 filesystems
libiso9660-dev - library to work with ISO9660 filesystems (development files)
libudf-dev - library to work with UDF filesystems (development files)
libudf0 - library to work with UDF filesystems
Closes: 449457 459129
Changes:
libcdio (0.78.2+dfsg1-2) unstable; urgency=high
.
* This update addresses the following security issue, thanks to Nico
Golde:
- CVE-2007-6613: a stack-based buffer overflow in the
print_iso9660_recurse function could lead to cause a denial of
service or arbitrary code execution if the iso-info or cd-info tool
is used with a crafted iso image. (Closes: #459129)
* Support GNU/kFreeBSD systems, thanks to Petr Salinger for his
patch. (Closes: #449457)
* Bump Standards-Version to 3.7.3 (no change needed).
Files:
0ea47b304c9337835f920dab3123faf6 109972 libdevel optional libcdio-paranoia-dev_0.78.2+dfsg1-2_sparc.deb
1029005b0684f2f664d1e3b2297db34a 113450 libs optional libiso9660-5_0.78.2+dfsg1-2_sparc.deb
23d981a88832fe6140050dbb73369438 181228 otherosfs optional libcdio-utils_0.78.2+dfsg1-2_sparc.deb
24a11d23ef499fcad0ae6db5ac14725c 111394 libdevel optional libcdio-paranoia-dev_0.78.2+dfsg1-2_powerpc.deb
32f5ccbe9027e26da8139c092417ea59 207384 otherosfs optional libcdio-utils_0.78.2+dfsg1-2_powerpc.deb
379551b99ab7250b434641a3bb648eca 117300 libs optional libiso9660-5_0.78.2+dfsg1-2_powerpc.deb
3812e853517c5d185079c9c03d8d1441 109512 libs optional libcdio-cdda0_0.78.2+dfsg1-2_powerpc.deb
3a1d1d1490ceede05c935e6d308c26c4 109854 libs optional libcdio-paranoia0_0.78.2+dfsg1-2_powerpc.deb
3d49ce3e1edbc27aa62744abb3079051 105572 libs optional libcdio-cdda0_0.78.2+dfsg1-2_sparc.deb
65ea7684655b79855a94e4e100ead9ad 105836 libs optional libcdio-paranoia0_0.78.2+dfsg1-2_sparc.deb
75d2942cb828452842e64ebc1c31061e 103184 libs optional libudf0_0.78.2+dfsg1-2_powerpc.deb
79e479ebb56c36ce4b5b15dbe79e642f 110968 libdevel optional libudf-dev_0.78.2+dfsg1-2_powerpc.deb
7cb6a727fc3d867b22b9b3ea51f34aab 148860 libs optional libcdio7_0.78.2+dfsg1-2_powerpc.deb
7e8becbdf4bcd2f2a27f70fa88298fda 131414 libdevel optional libiso9660-dev_0.78.2+dfsg1-2_sparc.deb
fdab790b7b756a94f932cffa42780ed2 842 libs optional libcdio_0.78.2+dfsg1-2.dsc
88e3347f5f506d9ee1560f07c2713378 113354 libdevel optional libcdio-cdda-dev_0.78.2+dfsg1-2_powerpc.deb
8cb0f126e43984c0d285588762c74b2a 99497 libs optional libcdio_0.78.2+dfsg1-2.diff.gz
9a1e18586c7527c4e38eca21fec6254c 141694 libs optional libcdio7_0.78.2+dfsg1-2_sparc.deb
a9c22d6c47489af46a36335a046d3f90 100814 libs optional libudf0_0.78.2+dfsg1-2_sparc.deb
b112e398c91128542a5f875014200d12 111672 libdevel optional libcdio-cdda-dev_0.78.2+dfsg1-2_sparc.deb
c295091d737e8794ab3e92c83834f63b 111402 libdevel optional libudf-dev_0.78.2+dfsg1-2_sparc.deb
c5370aa13215edfa4f04ae14caba4ee4 205628 libdevel optional libcdio-dev_0.78.2+dfsg1-2_powerpc.deb
d8392640abea47aff44f885b41399658 199456 libdevel optional libcdio-dev_0.78.2+dfsg1-2_sparc.deb
e13b51cc973551a8015f1b4df26f4aaa 133142 libdevel optional libiso9660-dev_0.78.2+dfsg1-2_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHgXEWwmyXkG1Pxm8RAhgZAKCVeRfrc2IQnXHiq5R6xNVzknYgyACffBkr
7fsMTUZvVUQQ9NcdctFlc2E=
=JTpE
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 07 Feb 2008 07:28:13 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:36:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon