Security update for librecad SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:10002-1 Final 1 1 2022-05-31T17:32:38Z current 2022-05-31T17:32:38Z 2022-05-31T17:32:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for librecad This update for librecad fixes the following issues: - CVE-2021-45341: Fixed a buffer overflow vulnerability in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195105] - CVE-2021-45342: Fixed a buffer overflow vulnerability in jwwlib in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195122] - Strip excess blank fields from librecad.desktop:MimeType [boo#1197664] Update to 2.2.0-rc3 * major release * DWG imports are more reliable now * and a lot more of bugfixes and improvements The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-10002 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6KTACJSABEKBQTYYPFKDEOPJ4JOG4FBE/ E-Mail link for openSUSE-SU-2022:10002-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1195105 SUSE Bug 1195105 https://bugzilla.suse.com/1195122 SUSE Bug 1195122 https://bugzilla.suse.com/1197664 SUSE Bug 1197664 https://www.suse.com/security/cve/CVE-2021-45341/ SUSE CVE CVE-2021-45341 page https://www.suse.com/security/cve/CVE-2021-45342/ SUSE CVE CVE-2021-45342 page SUSE Package Hub 15 SP4 openSUSE Leap 15.4 libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1 libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1 libdxfrw1-1.0.1+git.20220109-bp154.2.3.1 librecad-2.2.0~rc3-bp154.3.3.1 librecad-parts-2.2.0~rc3-bp154.3.3.1 libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 libdxfrw1-1.0.1+git.20220109-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 librecad-2.2.0~rc3-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 librecad-parts-2.2.0~rc3-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1 as a component of openSUSE Leap 15.4 libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1 as a component of openSUSE Leap 15.4 libdxfrw1-1.0.1+git.20220109-bp154.2.3.1 as a component of openSUSE Leap 15.4 librecad-2.2.0~rc3-bp154.3.3.1 as a component of openSUSE Leap 15.4 librecad-parts-2.2.0~rc3-bp154.3.3.1 as a component of openSUSE Leap 15.4 A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. CVE-2021-45341 SUSE Package Hub 15 SP4:libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1 SUSE Package Hub 15 SP4:libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1 SUSE Package Hub 15 SP4:libdxfrw1-1.0.1+git.20220109-bp154.2.3.1 SUSE Package Hub 15 SP4:librecad-2.2.0~rc3-bp154.3.3.1 SUSE Package Hub 15 SP4:librecad-parts-2.2.0~rc3-bp154.3.3.1 openSUSE Leap 15.4:libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1 openSUSE Leap 15.4:libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1 openSUSE Leap 15.4:libdxfrw1-1.0.1+git.20220109-bp154.2.3.1 openSUSE Leap 15.4:librecad-2.2.0~rc3-bp154.3.3.1 openSUSE Leap 15.4:librecad-parts-2.2.0~rc3-bp154.3.3.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6KTACJSABEKBQTYYPFKDEOPJ4JOG4FBE/ https://www.suse.com/security/cve/CVE-2021-45341.html CVE-2021-45341 https://bugzilla.suse.com/1195105 SUSE Bug 1195105 A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. CVE-2021-45342 SUSE Package Hub 15 SP4:libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1 SUSE Package Hub 15 SP4:libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1 SUSE Package Hub 15 SP4:libdxfrw1-1.0.1+git.20220109-bp154.2.3.1 SUSE Package Hub 15 SP4:librecad-2.2.0~rc3-bp154.3.3.1 SUSE Package Hub 15 SP4:librecad-parts-2.2.0~rc3-bp154.3.3.1 openSUSE Leap 15.4:libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1 openSUSE Leap 15.4:libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1 openSUSE Leap 15.4:libdxfrw1-1.0.1+git.20220109-bp154.2.3.1 openSUSE Leap 15.4:librecad-2.2.0~rc3-bp154.3.3.1 openSUSE Leap 15.4:librecad-parts-2.2.0~rc3-bp154.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6KTACJSABEKBQTYYPFKDEOPJ4JOG4FBE/ https://www.suse.com/security/cve/CVE-2021-45342.html CVE-2021-45342 https://bugzilla.suse.com/1195122 SUSE Bug 1195122