An update that solves 17 vulnerabilities and has one errata
is now available.
Description:
This update for libredwg fixes the following issues:
libredwg was updated to release 0.9.3:
- Added the -x,–extnames option to dwglayers for r13-r14 DWGs.
- Fixed some leaks: SORTENTSTABLE, PROXY_ENTITY.ownerhandle for r13.
- Add DICTIONARY.itemhandles[] for r13 and r14.
- Fixed some dwglayers null pointer derefs, and flush its output for each
layer.
- Added several overflow checks from fuzzing [CVE-2019-20010,
boo#1159825], [CVE-2019-20011, boo#1159826], [CVE-2019-20012,
boo#1159827], [CVE-2019-20013, boo#1159828], [CVE-2019-20014,
boo#1159831], [CVE-2019-20015, boo#1159832]
- Disallow illegal SPLINE scenarios [CVE-2019-20009, boo#1159824]
Update to release 0.9.1:
- Fixed more null pointer dereferences, overflows, hangs and memory leaks
for fuzzed (i.e. illegal) DWGs.
Update to release 0.9 [boo#1154080]:
- Added the DXF importer, using the new dynapi and the r2000 encoder. Only
for r2000 DXFs.
- Added utf8text conversion functions to the dynapi.
- Added 3DSOLID encoder.
- Added APIs to find handles for names, searching in tables and dicts.
- API breaking changes - see NEWS file in package.
- Fixed null pointer dereferences, and memory leaks (except DXF importer)
[boo#1129868, CVE-2019-9779] [boo#1129869, CVE-2019-9778] [boo#1129870,
CVE-2019-9777] [boo#1129873, CVE-2019-9776] [boo#1129874, CVE-2019-9773]
[boo#1129875, CVE-2019-9772] [boo#1129876, CVE-2019-9771] [boo#1129878,
CVE-2019-9775] [boo#1129879, CVE-2019-9774] [boo#1129881, CVE-2019-9770]
Update to 0.8:
- add a new dynamic API, read and write all header and object fields by
name
- API breaking changes
- Fix many errors in DXF output
- Fix JSON output
- Many more bug fixes to handle specific object types
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: