openSUSE: 2020:0095-1: moderate: libredwg

    Date22 Jan 2020
    197
    Posted ByLinuxSecurity Advisories
    An update that solves 17 vulnerabilities and has one errata is now available.
       openSUSE Security Update: Security update for libredwg
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2020:0095-1
    Rating:             moderate
    References:         #1129868 #1129869 #1129870 #1129873 #1129874 
                        #1129875 #1129876 #1129878 #1129879 #1129881 
                        #1154080 #1159824 #1159825 #1159826 #1159827 
                        #1159828 #1159831 #1159832 
    Cross-References:   CVE-2019-20009 CVE-2019-20010 CVE-2019-20011
                        CVE-2019-20012 CVE-2019-20013 CVE-2019-20014
                        CVE-2019-20015 CVE-2019-9770 CVE-2019-9771
                        CVE-2019-9772 CVE-2019-9773 CVE-2019-9774
                        CVE-2019-9775 CVE-2019-9776 CVE-2019-9777
                        CVE-2019-9778 CVE-2019-9779
    Affected Products:
                        openSUSE Backports SLE-15-SP1
    ______________________________________________________________________________
    
       An update that solves 17 vulnerabilities and has one errata
       is now available.
    
    Description:
    
       This update for libredwg fixes the following issues:
    
       libredwg was updated to release 0.9.3:
    
       * Added the -x,--extnames option to dwglayers for r13-r14 DWGs.
       * Fixed some leaks: SORTENTSTABLE, PROXY_ENTITY.ownerhandle for r13.
       * Add DICTIONARY.itemhandles[] for r13 and r14.
       * Fixed some dwglayers null pointer derefs, and flush its output for each
         layer.
       * Added several overflow checks from fuzzing [CVE-2019-20010,
         boo#1159825], [CVE-2019-20011, boo#1159826], [CVE-2019-20012,
         boo#1159827], [CVE-2019-20013, boo#1159828], [CVE-2019-20014,
         boo#1159831], [CVE-2019-20015, boo#1159832]
       * Disallow illegal SPLINE scenarios [CVE-2019-20009, boo#1159824]
    
       Update to release 0.9.1:
    
       * Fixed more null pointer dereferences, overflows, hangs and memory leaks
         for fuzzed (i.e. illegal) DWGs.
    
       Update to release 0.9 [boo#1154080]:
    
       * Added the DXF importer, using the new dynapi and the r2000 encoder. Only
         for r2000 DXFs.
       * Added utf8text conversion functions to the dynapi.
       * Added 3DSOLID encoder.
       * Added APIs to find handles for names, searching in tables and dicts.
       * API breaking changes - see NEWS file in package.
       * Fixed null pointer dereferences, and memory leaks (except DXF importer)
         [boo#1129868, CVE-2019-9779] [boo#1129869, CVE-2019-9778] [boo#1129870,
         CVE-2019-9777] [boo#1129873, CVE-2019-9776] [boo#1129874, CVE-2019-9773]
         [boo#1129875, CVE-2019-9772] [boo#1129876, CVE-2019-9771] [boo#1129878,
         CVE-2019-9775] [boo#1129879, CVE-2019-9774] [boo#1129881, CVE-2019-9770]
    
       Update to 0.8:
    
       * add a new dynamic API, read and write all header and object fields by
         name
       * API breaking changes
       * Fix many errors in DXF output
       * Fix JSON output
       * Many more bug fixes to handle specific object types
    
       This update was imported from the openSUSE:Leap:15.1:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Backports SLE-15-SP1:
    
          zypper in -t patch openSUSE-2020-95=1
    
    
    
    Package List:
    
       - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
    
          libredwg-devel-0.9.3-bp151.2.3.1
          libredwg-tools-0.9.3-bp151.2.3.1
          libredwg0-0.9.3-bp151.2.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-20009.html
       https://www.suse.com/security/cve/CVE-2019-20010.html
       https://www.suse.com/security/cve/CVE-2019-20011.html
       https://www.suse.com/security/cve/CVE-2019-20012.html
       https://www.suse.com/security/cve/CVE-2019-20013.html
       https://www.suse.com/security/cve/CVE-2019-20014.html
       https://www.suse.com/security/cve/CVE-2019-20015.html
       https://www.suse.com/security/cve/CVE-2019-9770.html
       https://www.suse.com/security/cve/CVE-2019-9771.html
       https://www.suse.com/security/cve/CVE-2019-9772.html
       https://www.suse.com/security/cve/CVE-2019-9773.html
       https://www.suse.com/security/cve/CVE-2019-9774.html
       https://www.suse.com/security/cve/CVE-2019-9775.html
       https://www.suse.com/security/cve/CVE-2019-9776.html
       https://www.suse.com/security/cve/CVE-2019-9777.html
       https://www.suse.com/security/cve/CVE-2019-9778.html
       https://www.suse.com/security/cve/CVE-2019-9779.html
       https://bugzilla.suse.com/1129868
       https://bugzilla.suse.com/1129869
       https://bugzilla.suse.com/1129870
       https://bugzilla.suse.com/1129873
       https://bugzilla.suse.com/1129874
       https://bugzilla.suse.com/1129875
       https://bugzilla.suse.com/1129876
       https://bugzilla.suse.com/1129878
       https://bugzilla.suse.com/1129879
       https://bugzilla.suse.com/1129881
       https://bugzilla.suse.com/1154080
       https://bugzilla.suse.com/1159824
       https://bugzilla.suse.com/1159825
       https://bugzilla.suse.com/1159826
       https://bugzilla.suse.com/1159827
       https://bugzilla.suse.com/1159828
       https://bugzilla.suse.com/1159831
       https://bugzilla.suse.com/1159832
    
    -- 
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"35","type":"x","order":"1","pct":92.11,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":5.26,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":2.63,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.