Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 38: FEDORA-2024-c990070fa4 Moderate: gtkwave code execution

fedora
Calendar Grey January 18, 2024
Dist Fedora Esm H88
Extensive patch release for Fedora 38 gtkwave addressing multiple security flaws and minimizing possible code execution threats.
Cumulative bug-fix update

Summary

GTKWave is a waveform viewer that can view VCD files produced by most Verilog

simulation tools, as well as LXT files produced by certain Verilog simulation

tools.

Update Information:

Cumulative bug-fix update. This update includes fixes for multiple security issues found by Talos in which specially crafted input files could lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.

Topics%20covered

Topics Covered

security advisory update Fedora code execution bug fix arbitrary code

Change Log

* Tue Jan 9 2024 Paul Howarth - 3.3.118-1 - Update to 3.3.118 - Update xml2stems to handle newer "loc" vs. "fl" xml tags - Change preg_regex_c_1 decl to use regex_t* as datatype - Move gtkwave.appdata.xml to io.github.gtkwave.GTKWave.metainfo.xml - Fixed popen security advisories: - TALOS-2023-1786 (CVE-2023-35963, CVE-2023-35960, CVE-2023-35964, CVE-2023-35959, CVE-2023-35961, CVE-2023-35962) - Fixed FST security advisories: - TALOS-2023-1777 (CVE-2023-32650) - TALOS-2023-1783 (CVE-2023-35704, CVE-2023-35703, CVE-2023-35702) - TALOS-2023-1785 (CVE-2023-35956, CVE-2023-35957, CVE-2023-35958, CVE-2023-35955) - TALOS-2023-1789 (CVE-2023-35969, CVE-2023-35970) - TALOS-2023-1790 (CVE-2023-35992) - TALOS-2023-1791 (CVE-2023-35994, CVE-2023-35996, CVE-2023-35997, CVE-2023-35995) - TALOS-2023-1792 (CVE-2023-35128) - TALOS-2023-1793 (CVE-2023-36747, CVE-2023-36746) - TALOS-2023-1797 (CVE-2023-36864) - TALOS-2023-1798 (CVE-2023-36915, CVE-2023-36916) - Fixed evcd2vcd security advisories: - TALOS-2023-1803 (CVE-2023-34087) - Fixed VCD security advisories: - TALOS-2023-1804 (CVE-2023-37416, CVE-2023-37419, CVE-2023-37420, CVE-2023-37418, CVE-2023-37417) - TALOS-2023-1805 (CVE-2023-37447, CVE-2023-37446, CVE-2023-37445, CVE-2023-37444, CVE-2023-37442, CVE-2023-37443) - TALOS-2023-1806 (CVE-2023-37576, CVE-2023-37577, CVE-2023-37573, CVE-2023-37578, CVE-2023-37575, CVE-2023-37574) - TALOS-2023-1807 (CVE-2023-37921, CVE-2023-37923, CVE-2023-37922) - Fixed VZT security advisories: - TALOS-2023-1810 (CVE-2023-37282) - TALOS-2023-1811 (CVE-2023-36861) - TALOS-2023-1812 (CVE-2023-38618, CVE-2023-38621, CVE-2023-38620, CVE-2023-38619, CVE-2023-38623, CVE-2023-38622) - TALOS-2023-1813 (CVE-2023-38649, CVE-2023-38648) - TALOS-2023-1814 (CVE-2023-38651, CVE-2023-38650) - TALOS-2023-1815 (CVE-2023-38653, CVE-2023-38652) - TALOS-2023-1816 (CVE-2023-35004) - TALOS-2023-1817 (CVE-2023-39235, CVE-2023-39234) - Fixed LXT2 security advisories: - TALOS-2023-1818 (CVE-2023-39273, CVE-2023-39271, CVE-2023-39274, CVE-2023-39275, CVE-2023-39272, CVE-2023-39270) - TALOS-2023-1819 (CVE-2023-34436) - TALOS-2023-1820 (CVE-2023-39316, CVE-2023-39317) - TALOS-2023-1821 (CVE-2023-35057) - TALOS-2023-1822 (CVE-2023-35989) - TALOS-2023-1823 (CVE-2023-38657) - TALOS-2023-1824 (CVE-2023-39413, CVE-2023-39414) - TALOS-2023-1826 (CVE-2023-39443, CVE-2023-39444) - TALOS-2023-1827 (CVE-2023-38583) * Mon Aug 14 2023 Paul Howarth - 3.3.117-1 - Update to 3.3.117 - Fix stems reader processing code broken in 3.3.114 * Sun Jul 23 2023 Paul Howarth - 3.3.116-1 - Update to 3.3.116 - Fix manpage/odt for vcd2fst command switch documentation for zlibpack - Add GDK_WINDOWING_WAYLAND check for gdkwayland.h header usage - Change sprintf to snprintf in fstapi.c - Fix init crash on show_base_symbols enabled * Thu Jul 20 2023 Fedora Release Engineering - 3.3.115-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

References


[ 1 ] Bug #2257435 - gtkwave: Multiple CVEs published by Talos https://bugzilla.redhat.com/show_bug.cgi?id=2257435

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c990070fa4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: gtkwave
Product: Fedora 38
Version: 3.3.118
Release: 1.fc38
URL:
Summary: Waveform Viewer

Topics%20covered

Topics Covered

security advisory update Fedora code execution bug fix arbitrary code

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here