Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE 15.1: 2020:0068-1 Moderate: libredwg Update for 17 Issues

opensuse
Calendar Grey January 17, 2020
Dist Opensuse Esm H88
A recent update to openSUSE tackles 17 vulnerabilities in libredwg, offering patches to enhance security. Discover more details!
An update that solves 17 vulnerabilities and has one errata is now available.

Description

This update for libredwg fixes the following issues:

libredwg was updated to release 0.9.3:

* Added the -x,--extnames option to dwglayers for r13-r14 DWGs.

* Fixed some leaks: SORTENTSTABLE, PROXY_ENTITY.ownerhandle for r13.

* Add DICTIONARY.itemhandles[] for r13 and r14.

* Fixed some dwglayers null pointer derefs, and flush its output for each

layer.

* Added several overflow checks from fuzzing [CVE-2019-20010,

boo#1159825], [CVE-2019-20011, boo#1159826], [CVE-2019-20012,

boo#1159827], [CVE-2019-20013, boo#1159828], [CVE-2019-20014,

boo#1159831], [CVE-2019-20015, boo#1159832]

* Disallow illegal SPLINE scenarios [CVE-2019-20009, boo#1159824]

Update to release 0.9.1:

* Fixed more null pointer dereferences, overflows, hangs and memory leaks

for fuzzed (i.e. illegal) DWGs.

Update to release 0.9 [boo#1154080]:

* Added the DXF importer, using the new dynapi and the r2000 encoder. Only

for r2000 DXFs.

* Added...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory update moderate severity vulnerability openSUSE libredwg

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-68=1

Package List

- openSUSE Leap 15.1 (x86_64):

libredwg-debuginfo-0.9.3-lp151.2.3.1

libredwg-debugsource-0.9.3-lp151.2.3.1

libredwg-devel-0.9.3-lp151.2.3.1

libredwg-tools-0.9.3-lp151.2.3.1

libredwg-tools-debuginfo-0.9.3-lp151.2.3.1

libredwg0-0.9.3-lp151.2.3.1

libredwg0-debuginfo-0.9.3-lp151.2.3.1

References

https://www.suse.com/security/cve/CVE-2019-20009.html

https://www.suse.com/security/cve/CVE-2019-20010.html

https://www.suse.com/security/cve/CVE-2019-20011.html

https://www.suse.com/security/cve/CVE-2019-20012.html

https://www.suse.com/security/cve/CVE-2019-20013.html

https://www.suse.com/security/cve/CVE-2019-20014.html

https://www.suse.com/security/cve/CVE-2019-20015.html

https://www.suse.com/security/cve/CVE-2019-9770.html

https://www.suse.com/security/cve/CVE-2019-9771.html

https://www.suse.com/security/cve/CVE-2019-9772.html

https://www.suse.com/security/cve/CVE-2019-9773.html

https://www.suse.com/security/cve/CVE-2019-9774.html

https://www.suse.com/security/cve/CVE-2019-9775.html

https://www.suse.com/security/cve/CVE-2019-9776.html

https://www.suse.com/security/cve/CVE-2019-9777.html

https://www.suse.com/security/cve/CVE-2019-9778.html

https://www.suse.com/security/cve/CVE-2019-9779.html

https://bugzilla.suse.com/1129868

https://bugzilla.suse.com/1129869

https://bugzilla.suse.com/1129870

https://bu...

Read the Full Advisory

Announcement ID: openSUSE-SU-2020:0068-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 le.

Topics%20covered

Topics Covered

security advisory update moderate severity vulnerability openSUSE libredwg

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here