Ubuntu Security Notice 5957-1 - Cody Sixteen discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Lilith of Cisco Talos discovered that LibreCAD incorrectly handled memory when parsing DWG files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code.
35b7c93aae7d5f74307e9f519fbae61a8f696262b1f794b5aa9bd13b6f828db7
==========================================================================
Ubuntu Security Notice USN-5957-1
March 15, 2023
librecad vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in LibreCAD.
Software Description:
- librecad: Computer-aided design (CAD) system
Details:
Cody Sixteen discovered that LibreCAD incorrectly
handled memory when parsing DXF files. An attacker could
use this issue to cause LibreCAD to crash, leading to a
denial of service. This issue only affected
Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-19105)
Lilith of Cisco Talos discovered that LibreCAD incorrectly
handled memory when parsing DWG files. An attacker could
use this issue to cause LibreCAD to crash, leading to a
denial of service, or possibly execute arbitrary code.
(CVE-2021-21898, CVE-2021-21899)
Lilith of Cisco Talos discovered that LibreCAD incorrectly
handled memory when parsing DRW files. An attacker could
use this issue to cause LibreCAD to crash, leading to a
denial of service, or possibly execute arbitrary code.
(CVE-2021-21900)
Albin Eldstål-Ahrens discovered that LibreCAD incorrectly
handled memory when parsing JWW files. An attacker could
use this issue to cause LibreCAD to crash, leading to a
denial of service, or possibly execute arbitrary code.
(CVE-2021-45341, CVE-2021-45342)
Albin Eldstål-Ahrens discovered that LibreCAD incorrectly
handled memory when parsing DXF files. An attacker could
use this issue to cause LibreCAD to crash, leading to a
denial of service. (CVE-2021-45343)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
librecad 2.1.3-1.2+deb10u1build0.20.04.1
Ubuntu 18.04 LTS:
librecad 2.1.2-1ubuntu0.1~esm1
Ubuntu 16.04 ESM:
librecad 2.0.9-2ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5957-1
CVE-2018-19105, CVE-2021-21898, CVE-2021-21899, CVE-2021-21900,
CVE-2021-45341, CVE-2021-45342, CVE-2021-45343
Package Information:
https://launchpad.net/ubuntu/+source/librecad/2.1.3-1.2+deb10u1build0.20.04.1
https://launchpad.net/ubuntu/+source/librecad/2.1.2-1ubuntu0.1~esm1