Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Fedora 35: 2022-3dd3274ae2 Critical: Librecad Buffer Overflow

fedora
Calendar Grey October 3, 2022
Dist Fedora Esm H88
Librecad 2.2.0 RC4 addresses several problems such as key buffer overflows, enhancing both security and overall reliability.
Update to 2.2.0 RC4

Summary

A graphical and comprehensive 2D CAD application.

Update to 2.2.0 RC4. ---- Update librecad to 2.2.0 rc3. Apply fixes to

libdxfrw and librecad for CVE-2021-45341, CVE-2021-45342, CVE-2021-45343. This

also resolves the issue where some dwg files no longer opened.

* Sat Sep 24 2022 Richard Shaw - 2.2.0-0.15.rc4

- Update to 2.2.0 RC4.

- Apply patch from upstream to make sure plugins are found.

* Thu Jul 21 2022 Fedora Release Engineering - 2.2.0-0.14.rc3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

* Tue Feb 1 2022 Tom Callaway - 2.2.0-0.13.rc3

- update to rc3

- apply upstream fix for CVE-2021-45342, CVE-2021-45341

* Thu Jan 20 2022 Fedora Release Engineering - 2.2.0-0.12.rc2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

[ 1 ] Bug #2027148 - librecad-2.2.0-rc3 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2027148

[ 2 ] Bug #2031379 - [regression] .dwg file no longer opens

https://bugzilla.redhat.com/show_bug.cgi?id=2031379

[ 3 ] Bug #2046248 - CVE-2021-45341 librecad: buffer overflow in CDataMoji of the jwwlib component allows remote code execution via a crafted JWW document [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2046248

[ 4 ] Bug #2046252 - CVE-2021-45342 librecad: buffer overflow in CDataList of the jwwlib component allows remote code execution via a crafted JWW document [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2046252

[ 5 ] Bug #2046256 - CVE-2021-45343 librecad: NULL pointer dereference in the HATCH handling of libdxfrw can lead to DoS via a crafted DXF document [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2046256

su -c 'dnf upgrade --advisory FEDORA-2022-3dd3274ae2' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora software fix Librecad

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 35
Version: 2.2.0
Release: 0.15.rc4.fc35
URL: https://librecad.org/
Summary: Computer Assisted Design (CAD) Application

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora software fix Librecad

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here