Debian LTS: DLA-3210-1: gerbv security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3210-1                [email protected]
https://www.debian.org/lts/security/                           Chris Lamb
November 28, 2022                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gerbv
Version        : 2.7.0-1+deb10u2
CVE IDs        : CVE-2021-40401 CVE-2021-40403

Two vulnerabilities were discovered gerbv, a Gerber file viewer. Most
Printed Circuit Board (PCB) design programs can export data to a
Gerber file.

* CVE-2021-40401: A use-after-free vulnerability existed in the
  RS-274X aperture definition tokenization functionality. A
  specially-crafted gerber file could have led to code execution.
 
* CVE-2021-40403: An information disclosure vulnerability existed in
  the pick-and-place rotation parsing functionality. A
  specially-crafted pick-and-place file could have exploited the
  missing initialization of a structure in order to leak memory
  contents.

For Debian 10 buster, these problems have been fixed in version
2.7.0-1+deb10u2.

We recommend that you upgrade your gerbv packages.

For the detailed security status of gerbv please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gerbv

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3210-1: gerbv security update

November 28, 2022
Two vulnerabilities were discovered gerbv, a Gerber file viewer

Summary

* CVE-2021-40401: A use-after-free vulnerability existed in the
RS-274X aperture definition tokenization functionality. A
specially-crafted gerber file could have led to code execution.

* CVE-2021-40403: An information disclosure vulnerability existed in
the pick-and-place rotation parsing functionality. A
specially-crafted pick-and-place file could have exploited the
missing initialization of a structure in order to leak memory
contents.

For Debian 10 buster, these problems have been fixed in version
2.7.0-1+deb10u2.

We recommend that you upgrade your gerbv packages.

For the detailed security status of gerbv please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gerbv

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : gerbv
Version : 2.7.0-1+deb10u2

News

Advisories

HOWTOs

Features

A Complete Guide to Security Automation & Reporting Using Open Source Tools
How to Check if Your Linux System is Infected with a Virus
Security Considerations for Azure Linux & Windows Subsystem for Linux Users
Admins Receive Automated Linux Patch Management & Improved Security with ManageEngine Endpoint Central
Linux Malware: The Truth About This Growing Threat [Updated]

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy