SUSE Package Hub - openSUSE-2022-10002

Update Info

openSUSE-2022-10002

Security update for librecad

Type: security

Severity: important

Issued: 2022-05-31

Description:

This update for librecad fixes the following issues:

- CVE-2021-45341: Fixed a buffer overflow vulnerability in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195105]
- CVE-2021-45342: Fixed a buffer overflow vulnerability in jwwlib in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195122]

- Strip excess blank fields from librecad.desktop:MimeType [boo#1197664]

Update to 2.2.0-rc3

  * major release
  * DWG imports are more reliable now
  * and a lot more of bugfixes and improvements

References

CVE: CVE-2021-45342
CVE: CVE-2021-45341
Bugzilla: 1197664 librecad mimetype error
Bugzilla: 1195122 VUL-0: CVE-2021-45342: A buffer overflow vulnerability in jwwlib in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document
Bugzilla: 1195105 VUL-0: CVE-2021-45341: A buffer overflow vulnerability in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document

Packages

libdxfrw-1.0.1+git.20220109-bp154.2.3.1

librecad-2.2.0~rc3-bp154.3.3.1