Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

openSUSE: 2023:0201-1 Important: libredwg Buffer Overflow

opensuse
Calendar Grey August 2, 2023
Dist Opensuse Esm H88
The latest libredwg release tackles significant vulnerabilities, boosting the security and reliability of the openSUSE environment.
An update that fixes 5 vulnerabilities is now available

Description

This update for libredwg fixes the following issues:

Update to version 0.12.5.5907

Security issues fixed:

* CVE-2022-33025: Fixed multiple security issues [boo#1200898]

* CVE-2023-36271: Fixed heap buffer overflow via the function bit_wcs2nlen

[boo#1212709]

* CVE-2023-36272: Fixed heap buffer overflow via the function

bit_utf8_to_TU [boo#1212707]

* CVE-2023-36273: Fixed heap buffer overflow via the function bit_calc_CRC

[boo#1212706]

* CVE-2023-36274: Fixed heap buffer overflow via the function bit_write_TF

[boo#1212705]

Topics%20covered

Topics Covered

security advisory buffer overflow security fix openSUSE libredwg

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2023-201=1

Package List

- openSUSE Backports SLE-15-SP5 (aarch64 i586 x86_64):

libredwg-devel-0.12.5.5907-bp155.3.3.1

libredwg-tools-0.12.5.5907-bp155.3.3.1

libredwg0-0.12.5.5907-bp155.3.3.1

References

https://www.suse.com/security/cve/CVE-2022-33025.html

https://www.suse.com/security/cve/CVE-2023-36271.html

https://www.suse.com/security/cve/CVE-2023-36272.html

https://www.suse.com/security/cve/CVE-2023-36273.html

https://www.suse.com/security/cve/CVE-2023-36274.html

https://bugzilla.suse.com/1200898

https://bugzilla.suse.com/1212705

https://bugzilla.suse.com/1212706

https://bugzilla.suse.com/1212707

https://bugzilla.suse.com/1212709

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2023:0201-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP5 .

Topics%20covered

Topics Covered

security advisory buffer overflow security fix openSUSE libredwg

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here