Description of problem:
A buffer overrun in cd-info and libcdio was uncovered when one reads a
disk/image with a long joilet filename. Please see URL  and the Gentoo
bugreport  for more information and the patch (should be in upstream CVS now).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
mkdir -p tmp/dir1
mkisofs -J -R -volid My_Image -o test.iso tmp
iso-info -l test.iso
A fair number of applications link against libcdio (and also Livna ones). Please
do the update for all affected branches as soon as possible!
Actually, this is not that serious. The applications that use libcdio are not
vulnerable, as the problem lies in iso-info program only.
libcdio-0.78.2-4.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
libcdio-0.78.2-4.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue got CVE name CVE-2007-6613
Robert Buchholz pointed out that original patch has an issue:
The original patches are off by two in the size calculation, as they
This was reported by bannedit.
Discussion in the referenced Gentoo bug.
I have fixed it in CVS and will make updates available for EL-5, F-7, F-8 and
this is top level bug for tracking this issue across all red hat products and
Updates pushed to Fedora as:
+ off-by-two fix:
Fixed now across all products.
Reporter changed to security-response-team by request of Jay Turner.