openSUSE Build Service

Security update for libredwg

This update for libredwg fixes the following issues:

libredwg was updated to release 0.9.3:

* Added the -x,--extnames option to dwglayers for r13-r14 DWGs.
* Fixed some leaks: SORTENTSTABLE, PROXY_ENTITY.ownerhandle
for r13.
* Add DICTIONARY.itemhandles[] for r13 and r14.
* Fixed some dwglayers null pointer derefs, and flush its output
for each layer.
* Added several overflow checks from fuzzing
[CVE-2019-20010, boo#1159825], [CVE-2019-20011, boo#1159826],
[CVE-2019-20012, boo#1159827], [CVE-2019-20013, boo#1159828],
[CVE-2019-20014, boo#1159831], [CVE-2019-20015, boo#1159832]
* Disallow illegal SPLINE scenarios
[CVE-2019-20009, boo#1159824]

Update to release 0.9.1:

* Fixed more null pointer dereferences, overflows, hangs and
memory leaks for fuzzed (i.e. illegal) DWGs.

Update to release 0.9 [boo#1154080]:

* Added the DXF importer, using the new dynapi and the r2000
encoder. Only for r2000 DXFs.
* Added utf8text conversion functions to the dynapi.
* Added 3DSOLID encoder.
* Added APIs to find handles for names, searching in tables
and dicts.
* API breaking changes - see NEWS file in package.
* Fixed null pointer dereferences, and memory leaks (except DXF
importer)
[boo#1129868, CVE-2019-9779]
[boo#1129869, CVE-2019-9778]
[boo#1129870, CVE-2019-9777]
[boo#1129873, CVE-2019-9776]
[boo#1129874, CVE-2019-9773]
[boo#1129875, CVE-2019-9772]
[boo#1129876, CVE-2019-9771]
[boo#1129878, CVE-2019-9775]
[boo#1129879, CVE-2019-9774]
[boo#1129881, CVE-2019-9770]

Update to 0.8:

* add a new dynamic API, read and write all header and object
fields by name
* API breaking changes
* Fix many errors in DXF output
* Fix JSON output
* Many more bug fixes to handle specific object types

Submitted by Jan Engelhardt (jengelh)

Fixed bugs

VUL-0: CVE-2019-9773: libredwg: heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension

bnc#1129873

VUL-1: CVE-2019-9776: libredwg: NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec

bnc#1159826

VUL-1: CVE-2019-20011: libredwg: heap-based buffer over-read in decode_R13_R2000 in decode.c

bnc#1129881

VUL-0: CVE-2019-9770: libredwg: heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension

bnc#1159832

VUL-1: CVE-2019-20015: libredwg: crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.

bnc#1159827

VUL-1: CVE-2019-20012: libredwg: crafted input will lead to excessive memory allocation in dwg_decode_HATCH_private in dwg.spec

bnc#1129875

VUL-1: CVE-2019-9772: libredwg: NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.

bnc#1159828

VUL-1: CVE-2019-20013: libredwg: crafted input will lead to excessive memory allocation in decode_3dsolid in dwg.spec

bnc#1159824

VUL-1: CVE-2019-20009: libredwg: Crafted input will lead to aexcessive memory allocation in dwg_decode_SPLINE_private in dwg.spec

bnc#1129870

VUL-1: CVE-2019-9777: libredwg: heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec

bnc#1129868

VUL-1: CVE-2019-9779: libredwg: NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec

bnc#1129876

VUL-1: CVE-2019-9771: libredwg: NULL pointer dereference in the function bit_convert_TU at bits.c

bnc#1129879

VUL-1: CVE-2019-9774: libredwg: out-of-bounds read in the function bit_read_B at bits.c

bnc#1159825

VUL-1: CVE-2019-20010: libredwg: use-after-free in resolve_objectref_vector in decode.c

bnc#1129878

VUL-1: CVE-2019-9775: libredwg: out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec

bnc#1154080

libredwg: update to v0.9 (beta)

bnc#1129869

VUL-1: CVE-2019-9778: libredwg: heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec

bnc#1159831

VUL-1: CVE-2019-20014: libredwg: double-free in dwg_free in free.c

Places

Fixed bugs

Selected Binaries

Places