Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
172
security advisorydenial of servicecritical issueUbuntu 20.04 LTS USN-5957-1 Critical: LibreCAD Denial Of Service
Several security issues were fixed in LibreCAD.. =========================================================================Ubuntu Security Notice USN-5957-1 March 15, 2023 librecad vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in LibreCAD. Software Description: - librecad: Computer-aided design (CAD) system Details: Cody Sixteen discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-19105) Lilith of Cisco Talos discovered that LibreCAD incorrectly handled memory when parsing DWG files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2021-21898, CVE-2021-21899) Lilith of Cisco Talos discovered that LibreCAD incorrectly handled memory when parsing DRW files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2021-21900) Albin Eldstål-Ahrens discovered that LibreCAD incorrectly handled memory when parsing JWW files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2021-45341, CVE-2021-45342) Albin Eldstål-Ahrens discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. (CVE-2021-45343) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: librecad 2.1.3-1.2+deb10u1build0.20.04.1 Ubuntu 18.04 LTS: librecad 2.1.2-1ubuntu0.1~esm1 Ubuntu 16.04 ESM: librecad 2.0.9-2ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5957-1 CVE-2018-19105, CVE-2021-21898, CVE-2021-21899, CVE-2021-21900, CVE-2021-45341, CVE-2021-45342, CVE-2021-45343 Package Information: https://launchpad.net/ubuntu/+source/librecad/2.1.3-1.2+deb10u1build0.20.04.1 . A series of security patches has been deployed for LibreCAD in Ubuntu's newest upgrade, bolstering user protection.. LibreCAD Security Issues, Ubuntu Advisory, CAD Software Fixes. . Severity: Critical. LinuxSecurity.com Team
Mar 15, 2023
•Critical
Ubuntu
202
security advisorybuffer overflowremote code executionopenSUSE: 2022:10002-1 important: buffer overflow in librecad
An update that solves two vulnerabilities and has one errata is now available. . openSUSE Security Update: Security update for librecad ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10002-1 Rating: important References: #1195105 #1195122 #1197664 Cross-References: CVE-2021-45341 CVE-2021-45342 CVSS scores: CVE-2021-45341 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-45342 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for librecad fixes the following issues: - CVE-2021-45341: Fixed a buffer overflow vulnerability in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195105] - CVE-2021-45342: Fixed a buffer overflow vulnerability in jwwlib in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195122] - Strip excess blank fields from librecad.desktop:MimeType [boo#1197664] Update to 2.2.0-rc3 * major release * DWG imports are more reliable now * and a lot more of bugfixes and improvements Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10002=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1 libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1 libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1 libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1 libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1 libdxfrw1-1.0.1+git.20220109-bp154.2.3.1 libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1 - openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64): librecad-2.2.0~rc3-bp154.3.3.1 - openSUSE Backports SLE-15-SP4 (noarch): librecad-parts-2.2.0~rc3-bp154.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-45341.html https://www.suse.com/security/cve/CVE-2021-45342.html https://bugzilla.suse.com/1195105 https://bugzilla.suse.com/1195122 https://bugzilla.suse.com/1197664 . The latest openSUSE LibreCAD upgrade tackles critical security concerns and outlines steps for applying fixes to vulnerabilities.. librecad security update, openSUSE patch instructions, buffer overflow fix. . Severity: Important. LinuxSecurity.com Team
Jun 15, 2022
•Important
OpenSUSE
202
security advisorybuffer overflowremote code executionopenSUSE: 2022:10002-1 Important: Librecad Buffer Overflow – Critical Fix
An update that solves two vulnerabilities and has one errata is now available. . openSUSE Security Update: Security update for librecad ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10002-1 Rating: important References: #1195105 #1195122 #1197664 Cross-References: CVE-2021-45341 CVE-2021-45342 CVSS scores: CVE-2021-45341 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-45342 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for librecad fixes the following issues: - CVE-2021-45341: Fixed a buffer overflow vulnerability in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195105] - CVE-2021-45342: Fixed a buffer overflow vulnerability in jwwlib in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195122] - Strip excess blank fields from librecad.desktop:MimeType [boo#1197664] Update to 2.2.0-rc3 * major release * DWG imports are more reliable now * and a lot more of bugfixes and improvements Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10002=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1 libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1 libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1 libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1 libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1 libdxfrw1-1.0.1+git.20220109-bp154.2.3.1 libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1 - openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64): librecad-2.2.0~rc3-bp154.3.3.1 - openSUSE Backports SLE-15-SP4 (noarch): librecad-parts-2.2.0~rc3-bp154.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-45341.html https://www.suse.com/security/cve/CVE-2021-45342.html https://bugzilla.suse.com/1195105 https://bugzilla.suse.com/1195122 https://bugzilla.suse.com/1197664 . openSUSE reveals an urgent security patch for librecad, addressing buffer overflow vulnerabilities and enhancing safeguards.. Librecad Security Update, openSUSE Patch, Buffer Overflow Fix, Remote Code Execution. . Severity: Important. LinuxSecurity.com Team
Jun 15, 2022
•Important
OpenSUSE
202
security advisorybuffer overflowcriticalopenSUSE: 2022:0144-1 Serious: OpenJDK Remote Code Execution
An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for librecad ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0143-1 Rating: critical References: #1195105 #1195122 Cross-References: CVE-2021-45341 CVE-2021-45342 CVSS scores: CVE-2021-45341 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-45342 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for librecad fixes the following issues: - CVE-2021-45341: Fixed a buffer overflow vulnerability in LibreCAD that allowed an attacker to achieve remote code execution via a crafted JWW document [boo#1195105] - CVE-2021-45342: Fixed a buffer overflow vulnerability in jwwlib in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195122] Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-143=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64): librecad-2.2.0~rc3-bp153.2.9.1 - openSUSE Backports SLE-15-SP3 (noarch): librecad-parts-2.2.0~rc3-bp153.2.9.1 References: https://www.suse.com/security/cve/CVE-2021-45341.html https://www.suse.com/security/cve/CVE-2021-45342.html https://bugzilla.suse.com/1195105 https://bugzilla.suse.com/1195122 . Important openSUSE Security Patch for GIMP resolves multiple critical vulnerabilities, including bufferunderflow concerns, accompanied by comprehensive setup guidelines.. librecad security update,openSUSE vulnerabilities,buffer overflow fix,remote code execution. . Severity: Critical. LinuxSecurity.com Team
May 23, 2022
•Critical
OpenSUSE
203
security advisoryupdatebuffer overflowMageia 8 MGASA-2022-0152 Critical: Librecad Remote Execution Risk
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. (CVE-2021-45341) A buffer overflow vulnerability in CDataList of the jwwlib component of . MGASA-2022-0152 - Updated librecad packages fix security vulnerability Publication date: 24 Apr 2022 URL: https://advisories.mageia.org/MGASA-2022-0152.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-45341, CVE-2021-45342 A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. (CVE-2021-45341) A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. (CVE-2021-45342) References: - https://bugs.mageia.org/show_bug.cgi?id=29996 - https://lists.debian.org/debian-lts-announce/2022/02/msg00002.html - https://lists.fedoraproject.org/archives/list/
Apr 24, 2022
•Critical
Mageia
202
security advisoryimportantbufferopenSUSE: 2022:0067-1 Important Threat Fix For LibDXFRW And LibreCAD
An update that fixes three vulnerabilities is now available. . openSUSE Security Update: Security update for libdxfrw, librecad ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0067-1 Rating: important References: #1192936 #1192937 #1192938 Cross-References: CVE-2021-21898 CVE-2021-21899 CVE-2021-21900 CVSS scores: CVE-2021-21898 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21899 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21900 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libdxfrw, librecad fixes the following issues: - Update to version 1.0.1+git.20220109: * fixed ambiguous error for DRW_Dimension::parseDwg() * fixed enless while()-loop for pre 2004 versions * dwgReader::readDwgObjects() stop reading after 1st error * dwgReader::readDwgEntities() stop reading after 1st error * replace ENTRY_PARSE macro with template method * remove unused DRW_Class::parseCode() method * protect vector .reserve() calls * Added NULL check for hatch code 93 * Fix bounds check in DRW_LWPolyline * fix, check maxClassNum for valid value * fixed wrong 2010+ check for 64-bit size * Set compiler warnings on by default, because makes harder for bugs to go undetected. modified: CMakeLists.txt * Fixed fall through and other warnings (#54) * fix "Vertex ID" printout - Update to version 1.0.1+git.20211110: * fixed heap use after free vulnerability CVE-2021-21900 (boo#1192938) * minor improvements to dwg2dxf, formatting and message output on success * fixed heapbuffer overflow vulnerability CVE-2021-21899 (boo#1192937) * dwg2dxf - enable debug output of libdxfrw by command line switch * fixed out-of-bounds write vulnerability CVE-2021-21898 (boo#1192936) * fixed please note section formatting * updated README.md for LibreCAD_3 branch and sf.net successor * fixed LibreCAD 2 issue #1371, read failed with binary DXF * Use ununordered_map instead of map * manual merge changes from LibreCAD2 * and much more - Update to version 1.0.1+git.20200429: * Fix includes install dir * Export target as libdxfrw::libdxfrw to keep consistency with Conan packages * Add archive destination in install * Install DXFRW::dxfrw target * Remove duplicate target properties * Remove version from pkg-config file * Let CMake handle C++11 compiler definition * Change minimal required CMake version to 3.0 * cmake: add doc target * README.md: fix typo * cmake: generate and install pkgconfig * cmake: add one for dwg2dxf * cmake: set library VERSIONs * cmake: use GNUInstallDirs - Update to version 0.6.3+git.20190501: * Add build status and update example link * Add Travis-CI script * [#10] Fix compilation on GCC * Fix bugs with .dwg import of TEXT and MTEXT entities * This was unnecessary * Link libdxfrw against libstdc++ * Return an error when the file ends prematurely * Add version getter * Fix polyline 2d/3d write * Initialize return buffers in GetRawChar8 et al. - update to 2.2.0-rc3 * major release * DWG imports are more reliable now * and a lot more of bugfixes and improvements Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-67=1 Package List: -openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1 libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1 libdxfrw1-1.0.1+git.20220109-bp153.2.3.1 - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64): librecad-2.2.0~rc3-bp153.2.3.1 librecad-debuginfo-2.2.0~rc3-bp153.2.3.1 librecad-debugsource-2.2.0~rc3-bp153.2.3.1 - openSUSE Backports SLE-15-SP3 (noarch): librecad-parts-2.2.0~rc3-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2021-21898.html https://www.suse.com/security/cve/CVE-2021-21899.html https://www.suse.com/security/cve/CVE-2021-21900.html https://bugzilla.suse.com/1192936 https://bugzilla.suse.com/1192937 https://bugzilla.suse.com/1192938 . This revision targets essential LibDXFRW and LibreCAD vulnerabilities, tackling various heap, buffer, and write risks.. LibDXFRW Patch, LibreCAD Security, openSUSE Update, Software Vulnerability, Security Fixes. . Severity: Important. LinuxSecurity.com Team
Mar 02, 2022
•Important
OpenSUSE
87
security advisorydenial of servicesoftware updateDebian: DSA-5077-1 Critical: LibreCAD Denial Of Service Risk
Multiple security issues were discovered in LibreCAD, an application for computer aided design (CAD) which could result in denial of service or the execution of arbitrary code if a malformed CAD file is opened. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5077-1
Feb 15, 2022
•Critical
Debian
89
security advisorybuffer overflowFedoraFedora 34: FEDORA-2022-08d7ee21f7 Medium: Librecad Buffer Overflow
Update librecad to 2.2.0 rc3. Apply fixes to libdxfrw and librecad for CVE-2021-45341, CVE-2021-45342, CVE-2021-45343. This also resolves the issue where some dwg files no longer opened.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-08d7ee21f7 2022-02-12 01:14:11.929405 --------------------------------------------------------------------------------Name : librecad Product : Fedora 34 Version : 2.2.0 Release : 0.13.rc3.fc34 URL : https://librecad.org/ Summary : Computer Assisted Design (CAD) Application Description : A graphical and comprehensive 2D CAD application. --------------------------------------------------------------------------------Update Information: Update librecad to 2.2.0 rc3. Apply fixes to libdxfrw and librecad for CVE-2021-45341, CVE-2021-45342, CVE-2021-45343. This also resolves the issue where some dwg files no longer opened. --------------------------------------------------------------------------------ChangeLog: * Tue Feb 1 2022 Tom Callaway - 2.2.0-0.13.rc3 - update to rc3 - apply upstream fix for CVE-2021-45342, CVE-2021-45341 * Thu Jan 20 2022 Fedora Release Engineering - 2.2.0-0.12.rc2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2027148 - librecad-2.2.0-rc3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2027148 [ 2 ] Bug #2031379 - [regression] .dwg file no longer opens https://bugzilla.redhat.com/show_bug.cgi?id=2031379 [ 3 ] Bug #2046248 - CVE-2021-45341 librecad: buffer overflow in CDataMoji of the jwwlib component allows remote code execution via a crafted JWW document [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2046248 [ 4 ] Bug #2046252 - CVE-2021-45342 librecad: buffer overflow in CDataList of the jwwlib component allows remote code execution via acrafted JWW document [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2046252 [ 5 ] Bug #2046256 - CVE-2021-45343 librecad: NULL pointer dereference in the HATCH handling of libdxfrw can lead to DoS via a crafted DXF document [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2046256 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-08d7ee21f7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 11, 2022
•Medium
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!