Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
172
security advisorymoderatesoftware updateUbuntu 23.10 USN-6760-1 moderate: Gerbv application crash details
Gerbv could be made to crash if it opened a specially crafted input file.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ========================================================================== Ubuntu Security Notice USN-6760-1 April 30, 2024 gerbv vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - - Ubuntu 23.10 - - Ubuntu 22.04 LTS - - Ubuntu 20.04 LTS - - Ubuntu 18.04 LTS - - Ubuntu 16.04 LTS - - Ubuntu 14.04 LTS Summary: Gerbv could be made to crash if it opened a specially crafted input file. Software Description: - - gerbv: Gerber file viewer for PCB design Details: George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service (application crash). Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10 gerbv 2.9.8-1ubuntu0.1 Ubuntu 22.04 LTS gerbv 2.8.2-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS gerbv 2.7.0-1ubuntu0.2 Ubuntu 18.04 LTS gerbv 2.6.1-3ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS gerbv 2.6.0-1ubuntu0.16.04.1~esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS gerbv 2.6.0-1ubuntu0.14.04.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6760-1 CVE-2023-4508 Package Information: https://launchpad.net/ubuntu/+source/gerbv/2.9.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/gerbv/2.7.0-1ubuntu0.2 -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETB/nIDy9nvCSgAUj3gXQmO/Tr3wFAmYxdyoACgkQ3gXQmO/T r3yNiQ/+KvuxjndpQCm6GeS+17sRUl3W93JhcMAbai01bJN+5OttDZyqm0pP8d7t i9ZYyPBV4buYjfKcx2X4yHXRjaer1vctmyy9zxA7hcJd5yTaXU2xH8ks0Ei4rFbg DM1rl3470ifaGH4/NTnM2iberSrgG8fbeGGDb3IUpWIQpMZp13PlIQp5dG++4hI1 CY9d5jdbp/FEH4sVdCozJmDBoZ/tdd7vn3HGXH1Y3i7Pw3RcOUNeNvBALIx81TnS JkuFl6ttT194rptxm2151ZFWPNS609kusUd0lUTDWdgQm9Macw7F4RtRLqVGdnHJ SZMWbrjKRq/VS0oItBPnEcUGkQ88kEH7tMPfnYB8f9L17B6jMiEI6NM4IgMt8fgM Al3Un5x6V/nrTo7jUum/zAS1Ru5iq1EoGK7d794iIH96d8VD9yDejQIZgL0mSsaP UxPNelvedu/pGjwd2AUo8Dm5G76J/Ah0zXZrkWkP8Ex6mLkOGLSR5zsj8Joj0ZRt 5neI8EtWTzeSMTKA4qW9YyUgM4nqz0T2jPE9VsCzIThxZLp5WM3WtKPAwzi1ITNL oRwPcfulKUQfLdszRAJyVX5/zP821wlapS4O6ZsDBk6y3g30j8J95OmS+qpwWS3G jSssybjnxb7nt9qV3gK2jboEo0Mv/YEhI4tEsF1UaDjLSDtvKfA= =8lge -----END PGP SIGNATURE----- . Discover the details of the Ubuntu 6780-2 advisory that resolves a potential vulnerability in Gerbv caused by specially designed input files. Ensure your system is secure and update today!. Gerbv Crash Update, Ubuntu Security Notice, Application Security Fix. . Severity: Important. LinuxSecurity.com Team
Apr 30, 2024
•Important
Ubuntu
197
security advisorymoderatedebianDebian 10 Buster DLA-3593-1 Moderate: Gerbv Out-Of-Bounds Write
Several vulnerabilities were fixed in gerbv, a viewer for the Gerber format for printed circuit board (PCB) design. CVE-2021-40393 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3593-1
Sep 30, 2023
Debian LTS
89
security advisorymoderatesoftware updateFedora 37 FEDORA-2023-5f5bea627b Moderate Gerbv 2.9.8 Update
update to 2.9.8. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-5f5bea627b 2023-08-19 00:47:19.197885 -------------------------------------------------------------------------------- Name : gerbv Product : Fedora 37 Version : 2.9.8 Release : 1.fc37 URL : https://github.com/gerbv/gerbv Summary : Gerber file viewer from the gEDA toolkit Description : Gerber Viewer (gerbv) is a viewer for Gerber files. Gerber files are generated from PCB CAD system and sent to PCB manufacturers as basis for the manufacturing process. The standard supported by gerbv is RS-274X. gerbv also supports drill files. The format supported are known under names as NC-drill or Excellon. The format is a bit undefined and different EDA-vendors implement it different. gerbv is listed among Fedora Electronic Lab (FEL) packages. -------------------------------------------------------------------------------- Update Information: update to 2.9.8 -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 2 2023 Filipe Rosset - 2.9.8-1 - update to 2.9.8 * Wed Jul 19 2023 Fedora Release Engineering - 2.9.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering - 2.9.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Sun Dec 11 2022 Alain Vigne - 2.9.5-1 - new upstream release - SPDX license identifier -------------------------------------------------------------------------------- References: [ 1 ] Bug #2075792 - gerbv project moved, new versions released https://bugzilla.redhat.com/show_bug.cgi?id=2075792 [ 2 ] Bug #2159185 - CVE-2021-40393 gerbv: Gerbv RS-274X format aperture macro variables out-of-bounds write vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2159185 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-5f5bea627b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Aug 19, 2023
Fedora
197
security advisorydebianinfo leakDebian 10 Buster DLA-3210-1 Critical: Gerbv Execution Risk & Info Leak
Two vulnerabilities were discovered gerbv, a Gerber file viewer. Most Printed Circuit Board (PCB) design programs can export data to a Gerber file. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3210-1
Nov 28, 2022
•Critical
Debian LTS
203
security advisorymoderatesecurity flawsMageia 8: MGASA-2022-0260 Moderate: Gerbv Out-Of-Bounds Security Flaws
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). (CVE-2021-40391) An out-of-bounds write vulnerability exists in the RS-274X aperture macro . MGASA-2022-0260 - Updated gerbv packages fix security vulnerability Publication date: 13 Jul 2022 URL: https://advisories.mageia.org/MGASA-2022-0260.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-40391, CVE-2021-40393, CVE-2021-40394, CVE-2021-40400, CVE-2021-40401 An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). (CVE-2021-40391) An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). (CVE-2021-40393, CVE-2021-40394) An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). (CVE-2021-40400) A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. (CVE-2021-40401) References: - https://bugs.mageia.org/show_bug.cgi?id=30622 - https://lists.fedoraproject.org/archives/list/
Jul 13, 2022
Mageia
89
security advisorycriticalFedoraFedora: 2022-4a3ef86baa Critical: Gerbv Out-Of-Bounds and Use-After-Free
upstream release 2.9.2. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-4a3ef86baa 2022-07-09 01:22:58.773927 --------------------------------------------------------------------------------Name : gerbv Product : Fedora 36 Version : 2.9.2 Release : 1.fc36 URL : https://github.com/gerbv/gerbv Summary : Gerber file viewer from the gEDA toolkit Description : Gerber Viewer (gerbv) is a viewer for Gerber files. Gerber files are generated from PCB CAD system and sent to PCB manufacturers as basis for the manufacturing process. The standard supported by gerbv is RS-274X. gerbv also supports drill files. The format supported are known under names as NC-drill or Excellon. The format is a bit undefined and different EDA-vendors implement it different. gerbv is listed among Fedora Electronic Lab (FEL) packages. --------------------------------------------------------------------------------Update Information: upstream release 2.9.2 --------------------------------------------------------------------------------ChangeLog: * Thu Jun 30 2022 Alain Vigne - 2.9.2-1 - new upstream release --------------------------------------------------------------------------------References: [ 1 ] Bug #2041799 - CVE-2021-40391 gerbv: out-of-bounds write in the drill format T-code tool number functionality [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2041799 [ 2 ] Bug #2051387 - CVE-2021-40401 gerbv: A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2051387 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-4a3ef86baa' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 08, 2022
•Critical
Fedora
89
security advisorysoftware updateFedoraFedora 36: FEDORA-2022-e819bd191f Moderate: Gerbv Security Fix
Project is forked. Now maintained in GitHub. Contains security fixes.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-e819bd191f 2022-05-07 04:08:14.315546 --------------------------------------------------------------------------------Name : gerbv Product : Fedora 36 Version : 2.8.2 Release : 1.fc36 URL : https://github.com/gerbv/gerbv Summary : Gerber file viewer from the gEDA toolkit Description : Gerber Viewer (gerbv) is a viewer for Gerber files. Gerber files are generated from PCB CAD system and sent to PCB manufacturers as basis for the manufacturing process. The standard supported by gerbv is RS-274X. gerbv also supports drill files. The format supported are known under names as NC-drill or Excellon. The format is a bit undefined and different EDA-vendors implement it different. gerbv is listed among Fedora Electronic Lab (FEL) packages. --------------------------------------------------------------------------------Update Information: Project is forked. Now maintained in GitHub. Contains security fixes. --------------------------------------------------------------------------------ChangeLog: * Mon Apr 18 2022 Alain Vigne - 2.8.2-1 - Project is forked. Now maintained in GitHub - Split doc into -doc package --------------------------------------------------------------------------------References: [ 1 ] Bug #2051389 - CVE-2021-40403 gerbv:pick-and-place rotation parsing use of uninitialized variable vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2051389 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-e819bd191f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora ProjectGPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 07, 2022
Fedora
197
security advisorycriticalsoftware updateDebian 9: DLA-2839-1 Critical: Gerbv Code Execution Risk
One security issue has been discovered in gerbv: a viewer for Gerber RS-274X files. It was discovered that an out-of-bounds write vulnerability exists in the drill format T-code tool. A specially-crafted drill file can lead to code execution. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2839-1
Dec 03, 2021
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!