Описание
Security update for libredwg
This update for libredwg fixes the following issues:
libredwg was updated to release 0.10:
API breaking changes:
- Added a new int *isnewp argument to all dynapi utf8text getters, if the returned string is freshly malloced or not.
- removed the UNKNOWN supertype, there are only UNKNOWN_OBJ and UNKNOWN_ENT left, with common_entity_data.
- renamed BLOCK_HEADER.preview_data to preview, preview_data_size to preview_size.
- renamed SHAPE.shape_no to style_id.
- renamed CLASS.wasazombie to is_zombie.
Bugfixes:
- Harmonized INDXFB with INDXF, removed extra src/in_dxfb.c.
- Fixed encoding of added r2000 AUXHEADER address.
- Fixed EED encoding from dwgrewrite.
- Add several checks against [CVE-2020-6609, boo#1160520], [CVE-2020-6610, boo#1160522], [CVE-2020-6611, boo#1160523], [CVE-2020-6612, boo#1160524], [CVE-2020-6613, boo#1160525], [CVE-2020-6614, boo#1160526], [CVE-2020-6615, boo#1160527]
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0096-1
- SUSE Security Ratings
- SUSE Bug 1160520
- SUSE Bug 1160522
- SUSE Bug 1160523
- SUSE Bug 1160524
- SUSE Bug 1160525
- SUSE Bug 1160526
- SUSE Bug 1160527
- SUSE CVE CVE-2020-6609 page
- SUSE CVE CVE-2020-6610 page
- SUSE CVE CVE-2020-6611 page
- SUSE CVE CVE-2020-6612 page
- SUSE CVE CVE-2020-6613 page
- SUSE CVE CVE-2020-6614 page
- SUSE CVE CVE-2020-6615 page
Описание
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
Затронутые продукты
Ссылки
- CVE-2020-6609
- SUSE Bug 1160520
Описание
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
Затронутые продукты
Ссылки
- CVE-2020-6610
- SUSE Bug 1160522
Описание
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
Затронутые продукты
Ссылки
- CVE-2020-6611
- SUSE Bug 1160523
Описание
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
Затронутые продукты
Ссылки
- CVE-2020-6612
- SUSE Bug 1160524
Описание
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
Затронутые продукты
Ссылки
- CVE-2020-6613
- SUSE Bug 1160525
Описание
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
Затронутые продукты
Ссылки
- CVE-2020-6614
- SUSE Bug 1160526
Описание
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).
Затронутые продукты
Ссылки
- CVE-2020-6615
- SUSE Bug 1160527