==========================================================================
Ubuntu Security Notice USN-5558-1
August 10, 2022

libcdio vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in libcdio.

Software Description:
- libcdio: library to read and control digital audio CDs (development files)

Details:

Zhao Liang discovered that libcdio was not properly performing memory
management operations when processing ISO files, which could result
in a heap buffer overflow or in a NULL pointer dereference. If a user
or automated system were tricked into opening a specially crafted file,
an attacker could possibly use this issue to cause a denial of service.
(CVE-2017-18198, CVE-2017-18199)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   libcdio-cdda1                   0.83-4.2ubuntu1+esm1
   libcdio-paranoia1               0.83-4.2ubuntu1+esm1
   libcdio-utils                   0.83-4.2ubuntu1+esm1
   libcdio13                       0.83-4.2ubuntu1+esm1
   libiso9660-8                    0.83-4.2ubuntu1+esm1
   libudf0                         0.83-4.2ubuntu1+esm1

Ubuntu 14.04 ESM:
   libcdio-cdda1                   0.83-4.1ubuntu1+esm1
   libcdio-paranoia1               0.83-4.1ubuntu1+esm1
   libcdio-utils                   0.83-4.1ubuntu1+esm1
   libcdio13                       0.83-4.1ubuntu1+esm1
   libiso9660-8                    0.83-4.1ubuntu1+esm1
   libudf0                         0.83-4.1ubuntu1+esm1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5558-1
   CVE-2017-18198, CVE-2017-18199