Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 36: 2022-635599924b Critical: Libdxflib Buffer Overflow

fedora
Calendar Grey May 7, 2022
Dist Fedora Esm H88
Upgrade libdxflib to version 3.26.4 in Fedora to tackle a severe buffer overflow issue and integrate various essential bug resolutions.
Update to 3.26.4, with bug fixes and a security fix for CVE-2021-21897

Summary

dxflib is a C++ library for reading and writing DXF files.

Update to 3.26.4, with bug fixes and a security fix for CVE-2021-21897. Package

class documentation and examples. The following probably-relevant entries are

drawn from the [QCAD

Changelog](https://www.qcad.org/en/documentation/changelog): ### 3.22.1

(2019/05/22) **Fixes** - [FS#1866 - DXF: EXTMIN/EXTMAX

interchanged]()

### 3.21.1 (2018/06/29) **Fixes** - [FS#1180 - dxflib cannot open files with

international characters in path or file

name]() ### 3.18.0

(2017/09/22) **Fixes** - [FS#1631 - dxflib: wrong definition of DL_POLYLINE3D

flag]() ### 3.17.2

(2017/06/27) **Fixes** - [FS#1572 - Dimension font not set to "Standard" when

importing through

dxflib]()

* Fri Apr 1 2022 Benjamin A. Beasley 3.26.4-2

- Package documentation and examples

* Fri Apr 1 2022 Benjamin A. Beasley 3.26.4-1

- Update to 3.26.4 (close RHBZ#1996851)

* Fri Apr 1 2022 Benjamin A. Beasley 3.17.0-19

- Build with qmake from Qt6 instead of Qt4

* Fri Apr 1 2022 Benjamin A. Beasley 3.17.0-18

- General spec file cleanup

[ 1 ] Bug #2080983 - CVE-2021-21897 libdxflib: heap-based buffer overflow in the DL_Dxf:handleLWPolylineData function

https://bugzilla.redhat.com/show_bug.cgi?id=2080983

su -c 'dnf upgrade --advisory FEDORA-2022-635599924b' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory fedora buffer overflow update information software fix libdxflib

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 36
Version: 3.26.4
Release: 2.fc36
URL: https://www.ribbonsoft.com/en/90-dxflib
Summary: A C++ library for reading and writing DXF files

Topics%20covered

Topics Covered

security advisory fedora buffer overflow update information software fix libdxflib

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here