Lucene search
SuseOPENSUSE-SU-2020:0095-1HistoryJan 23, 2020 - 12:00 a.m.
Security update for libredwg (moderate)
2020-01-2300:00:00
lists.opensuse.org
55
0.114 Low
EPSS
Percentile
95.3%
An update that solves 17 vulnerabilities and has one errata
is now available.
Description:
This update for libredwg fixes the following issues:
libredwg was updated to release 0.9.3:
- Added the -x,–extnames option to dwglayers for r13-r14 DWGs.
- Fixed some leaks: SORTENTSTABLE, PROXY_ENTITY.ownerhandle for r13.
- Add DICTIONARY.itemhandles[] for r13 and r14.
- Fixed some dwglayers null pointer derefs, and flush its output for each
layer. - Added several overflow checks from fuzzing [CVE-2019-20010,
boo#1159825], [CVE-2019-20011, boo#1159826], [CVE-2019-20012,
boo#1159827], [CVE-2019-20013, boo#1159828], [CVE-2019-20014,
boo#1159831], [CVE-2019-20015, boo#1159832] - Disallow illegal SPLINE scenarios [CVE-2019-20009, boo#1159824]
Update to release 0.9.1:
- Fixed more null pointer dereferences, overflows, hangs and memory leaks
for fuzzed (i.e. illegal) DWGs.
Update to release 0.9 [boo#1154080]:
- Added the DXF importer, using the new dynapi and the r2000 encoder. Only
for r2000 DXFs. - Added utf8text conversion functions to the dynapi.
- Added 3DSOLID encoder.
- Added APIs to find handles for names, searching in tables and dicts.
- API breaking changes - see NEWS file in package.
- Fixed null pointer dereferences, and memory leaks (except DXF importer)
[boo#1129868, CVE-2019-9779] [boo#1129869, CVE-2019-9778] [boo#1129870,
CVE-2019-9777] [boo#1129873, CVE-2019-9776] [boo#1129874, CVE-2019-9773]
[boo#1129875, CVE-2019-9772] [boo#1129876, CVE-2019-9771] [boo#1129878,
CVE-2019-9775] [boo#1129879, CVE-2019-9774] [boo#1129881, CVE-2019-9770]
Update to 0.8:
- add a new dynamic API, read and write all header and object fields by
name - API breaking changes
- Fix many errors in DXF output
- Fix JSON output
- Many more bug fixes to handle specific object types
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-95=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Backports SLE | 15-SP1 | aarch64 | - opensuse backports sle | < 15-SP1 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):.aarch64.rpm |
| openSUSE Backports SLE | 15-SP1 | ppc64le | - opensuse backports sle | < 15-SP1 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm |
| openSUSE Backports SLE | 15-SP1 | s390x | - opensuse backports sle | < 15-SP1 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):.s390x.rpm |
| openSUSE Backports SLE | 15-SP1 | x86_64 | - opensuse backports sle | < 15-SP1 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):.x86_64.rpm |
Related
nessus
nessus
openSUSE Security Update : libredwg (openSUSE-2020-68)
2020-01-21 00:00:00
openvas
openvas
openSUSE: Security Advisory for libredwg (openSUSE-SU-2020:0068_1)
2020-01-27 00:00:00
suse
suse
Security update for libredwg (moderate)
2020-01-17 00:00:00
cve
cve
osv
osv
nvd
nvd
prion
prion
Null pointer dereference
2019-03-14 09:29:00
Null pointer dereference
2019-03-14 09:29:00
Design/Logic Flaw
2019-12-27 01:15:00
cvelist
cvelist