Lucene search

DebianDEBIAN:DLA-3593-1:838A7

HistorySep 30, 2023 - 2:17 p.m.

[SECURITY] [DLA 3593-1] gerbv security update

2023-09-3014:17:01

lists.debian.org

cve-2021-40394

cve-2021-40393

vulnerabilities

gerbv

debian 10 buster

security update

cve-2023-4508

printed circuit board (pcb) design

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.4%

JSON

Debian LTS Advisory DLA-3593-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
September 30, 2023 https://wiki.debian.org/LTS

Package : gerbv
Version : 2.7.0-1+deb10u3
CVE ID : CVE-2021-40393 CVE-2021-40394 CVE-2023-4508
Debian Bug : 1050560

Several vulnerabilities were fixed in gerbv, a viewer for the Gerber
format for printed circuit board (PCB) design.

CVE-2021-40393

RS-274X format aperture macro variables out-of-bounds write

CVE-2021-40394

RS-274X aperture macro outline primitive integer overflow

CVE-2023-4508

Out-of-bounds memory access when referencing external files

For Debian 10 buster, these problems have been fixed in version
2.7.0-1+deb10u3.

We recommend that you upgrade your gerbv packages.

For the detailed security status of gerbv please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gerbv

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10amd64gerbv< 2.7.0-1+deb10u3gerbv_2.7.0-1+deb10u3_amd64.deb
Debian10armhfgerbv< 2.7.0-1+deb10u3gerbv_2.7.0-1+deb10u3_armhf.deb
Debian10i386gerbv< 2.7.0-1+deb10u3gerbv_2.7.0-1+deb10u3_i386.deb
Debian10allgerbv< 2.7.0-1+deb10u3gerbv_2.7.0-1+deb10u3_all.deb
Debian10arm64gerbv< 2.7.0-1+deb10u3gerbv_2.7.0-1+deb10u3_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	amd64	gerbv	< 2.7.0-1+deb10u3	gerbv_2.7.0-1+deb10u3_amd64.deb
Debian	10	armhf	gerbv	< 2.7.0-1+deb10u3	gerbv_2.7.0-1+deb10u3_armhf.deb
Debian	10	i386	gerbv	< 2.7.0-1+deb10u3	gerbv_2.7.0-1+deb10u3_i386.deb
Debian	10	all	gerbv	< 2.7.0-1+deb10u3	gerbv_2.7.0-1+deb10u3_all.deb
Debian	10	arm64	gerbv	< 2.7.0-1+deb10u3	gerbv_2.7.0-1+deb10u3_arm64.deb