Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

openSUSE: 2020:0095-1 Moderate: libredwg Memory Leak Fix

opensuse
Calendar Grey January 22, 2020
Dist Opensuse Esm H88
The latest openSUSE release resolves 17 security vulnerabilities concerning libredwg, improving overall system integrity and safeguarding against threats.
An update that solves 17 vulnerabilities and has one errata is now available.

Description

This update for libredwg fixes the following issues:

libredwg was updated to release 0.9.3:

* Added the -x,--extnames option to dwglayers for r13-r14 DWGs.

* Fixed some leaks: SORTENTSTABLE, PROXY_ENTITY.ownerhandle for r13.

* Add DICTIONARY.itemhandles[] for r13 and r14.

* Fixed some dwglayers null pointer derefs, and flush its output for each

layer.

* Added several overflow checks from fuzzing [CVE-2019-20010,

boo#1159825], [CVE-2019-20011, boo#1159826], [CVE-2019-20012,

boo#1159827], [CVE-2019-20013, boo#1159828], [CVE-2019-20014,

boo#1159831], [CVE-2019-20015, boo#1159832]

* Disallow illegal SPLINE scenarios [CVE-2019-20009, boo#1159824]

Update to release 0.9.1:

* Fixed more null pointer dereferences, overflows, hangs and memory leaks

for fuzzed (i.e. illegal) DWGs.

Update to release 0.9 [boo#1154080]:

* Added the DXF importer, using the new dynapi and the r2000 encoder. Only

for r2000 DXFs.

* Added...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate buffer overflow patch memory leak openSUSE libredwg

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-95=1

Package List

- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

libredwg-devel-0.9.3-bp151.2.3.1

libredwg-tools-0.9.3-bp151.2.3.1

libredwg0-0.9.3-bp151.2.3.1

References

https://www.suse.com/security/cve/CVE-2019-20009.html

https://www.suse.com/security/cve/CVE-2019-20010.html

https://www.suse.com/security/cve/CVE-2019-20011.html

https://www.suse.com/security/cve/CVE-2019-20012.html

https://www.suse.com/security/cve/CVE-2019-20013.html

https://www.suse.com/security/cve/CVE-2019-20014.html

https://www.suse.com/security/cve/CVE-2019-20015.html

https://www.suse.com/security/cve/CVE-2019-9770.html

https://www.suse.com/security/cve/CVE-2019-9771.html

https://www.suse.com/security/cve/CVE-2019-9772.html

https://www.suse.com/security/cve/CVE-2019-9773.html

https://www.suse.com/security/cve/CVE-2019-9774.html

https://www.suse.com/security/cve/CVE-2019-9775.html

https://www.suse.com/security/cve/CVE-2019-9776.html

https://www.suse.com/security/cve/CVE-2019-9777.html

https://www.suse.com/security/cve/CVE-2019-9778.html

https://www.suse.com/security/cve/CVE-2019-9779.html

https://bugzilla.suse.com/1129868

https://bugzilla.suse.com/1129869

https://bugzilla.suse.com/1129870

https://bu...

Read the Full Advisory

Announcement ID: openSUSE-SU-2020:0095-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP1 le.

Topics%20covered

Topics Covered

security advisory moderate buffer overflow patch memory leak openSUSE libredwg

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here