Ubuntu Security Notice 6209-1 - Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to crash Gerbv , or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to disclose information, crash Gerbv , or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
ce1d7e9ba6dcfe4ff56f3cd3479422174560a0b89e92073d34445d03c1ecb1a5
==========================================================================
Ubuntu Security Notice USN-6209-1
July 07, 2023
Gerbv vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Gerbv could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- gerbv: Gerber file viewer for PCB design
Details:
Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber
files. An attacker could possibly use this issue to crash Gerbv (resulting
in a denial of service), or execute arbitrary code. This issue only
affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu
20.04 LTS. (CVE-2021-40391, CVE-2021-40394)
Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber
files. An attacker could possibly use this issue to disclose information,
crash Gerbv (resulting in a denial of service), or execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, and Ubuntu 20.04 LTS. (CVE-2021-40393)
Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber
files. An attacker could possibly use this issue to disclose information.
(CVE-2021-40400, CVE-2021-40403)
Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber
files. An attacker could possibly use this issue to disclose information,
crash Gerbv (resulting in a denial of service), or execute arbitrary code.
(CVE-2021-40401)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS (Available with Ubuntu Pro):
gerbv 2.8.2-1ubuntu0.1~esm1
Ubuntu 20.04 LTS:
gerbv 2.7.0-1ubuntu0.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
gerbv 2.6.1-3ubuntu0.1~esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
gerbv 2.6.0-1ubuntu0.16.04.1~esm1
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
gerbv 2.6.0-1ubuntu0.14.04.1~esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6209-1
CVE-2021-40391, CVE-2021-40393, CVE-2021-40394, CVE-2021-40400,
CVE-2021-40401, CVE-2021-40403
Package Information:
https://launchpad.net/ubuntu/+source/gerbv/2.7.0-1ubuntu0.1