Referenced CVEs:
CVE-2007-6613
Description:
=========================================================== Ubuntu Security Notice USN-580-1 February 20, 2008libcdio vulnerabilityCVE-2007-6613===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 6.10Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libcdio6 0.76-1ubuntu1.6.06.1Ubuntu 6.10: libcdio6 0.76-1ubuntu1.6.10.1Ubuntu 7.04: libcdio6 0.76-1ubuntu2.7.04.1Ubuntu 7.10: libcdio6 0.76-1ubuntu2.7.10.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Devon Miller discovered that the iso-info and cd-info tools did notproperly perform bounds checking. If a user were tricked into usingthese tools with a crafted iso image, an attacker could cause adenial of service via a core dump, and possibly execute arbitrarycode.
More...