Fedora has issued an advisory today (December 1): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/ The issues were fixed recently in upstream git. Mageia 8 is also affected. Fedora also rebuilt librecad against the updated library, but since we already switched to the 1.0.1 fork, we probably don't need to.
Whiteboard: (none) => MGA8TOO
Debian-LTS has issued an advisory for this today (December 3): https://www.debian.org/lts/security/2021/dla-2838
This SRPM is officially down to Jani, who has done recent work on it; so assigning to you.
Assignee: bugsquad => jani.valimaa
Fedora has issued an advisory on February 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/ They added one more security fix from upstream. Mageia 8 is also affected. There are also some needed security fixes in librecad (Bug 29996).
Summary: libdxfrw new security issues CVE-2021-21898, CVE-2021-21899, and CVE-2021-21900 => libdxfrw new security issues CVE-2021-21898, CVE-2021-21899, CVE-2021-21900, CVE-2021-45343Blocks: (none) => 29996
openSUSE has issued an advisory for the first three CVEs today (March 3): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6TWLTKRSHNPCLQL7UXQSITHNYJT5XSK5/
Suggested advisory: ======================== The updated packages fix security vulnerabilities: A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21898) A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21899) A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21900) In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. (CVE-2021-45343) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21898 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21899 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45343 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/ https://www.debian.org/lts/security/2021/dla-2838 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/ https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6TWLTKRSHNPCLQL7UXQSITHNYJT5XSK5/ ======================== Updated packages in core/updates_testing: ======================== dwg2dxf-1.0.1-1.1.mga8 lib(64)dxfrw1-1.0.1-1.1.mga8 lib(64)dxfrw-devel-1.0.1-1.1.mga8 from SRPM: libdxfrw-1.0.1-1.1.mga8.src.rpm
CC: (none) => nicolas.salgueroVersion: Cauldron => 8Status: NEW => ASSIGNEDAssignee: jani.valimaa => qa-bugsWhiteboard: MGA8TOO => (none)CVE: (none) => CVE-2021-21898, CVE-2021-21899, CVE-2021-21900, CVE-2021-45343
I have installed this and the update for libreCAD (Bug 29996), with no installation issues. I have next to no experience with libreCAD, but as far as basic function of some of the various tools is concerned, it appears to be OK. It would be better if someone with more experience could give them a look.
CC: (none) => andrewsfarm
Oking and validating as per bug 29996#c26
Whiteboard: (none) => MGA8-64-OKCC: (none) => davidwhodgins, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0151.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED