Exploit/Advisories no image

Published on May 1st, 2024 📆 | 5062 Views ⚑

0

Ubuntu Security Notice USN-6760-1 – Torchsec


Text to Voice

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

==========================================================================
Ubuntu Security Notice USN-6760-1
April 30, 2024

gerbv vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- - Ubuntu 23.10
- - Ubuntu 22.04 LTS
- - Ubuntu 20.04 LTS
- - Ubuntu 18.04 LTS
- - Ubuntu 16.04 LTS
- - Ubuntu 14.04 LTS

Summary:

Gerbv could be made to crash if it opened a specially crafted input file.

Software Description:
- - gerbv: Gerber file viewer for PCB design

Details:

George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did
not properly initialize a data structure when parsing certain nested
RS-274X format files. If a user were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service (application crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:





Ubuntu 23.10
gerbv 2.9.8-1ubuntu0.1

Ubuntu 22.04 LTS
gerbv 2.8.2-1ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 20.04 LTS
gerbv 2.7.0-1ubuntu0.2

Ubuntu 18.04 LTS
gerbv 2.6.1-3ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
gerbv 2.6.0-1ubuntu0.16.04.1~esm2
Available with Ubuntu Pro

Ubuntu 14.04 LTS
gerbv 2.6.0-1ubuntu0.14.04.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6760-1
CVE-2023-4508

Package Information:
https://launchpad.net/ubuntu/+source/gerbv/2.9.8-1ubuntu0.1
https://launchpad.net/ubuntu/+source/gerbv/2.7.0-1ubuntu0.2

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETB/nIDy9nvCSgAUj3gXQmO/Tr3wFAmYxdyoACgkQ3gXQmO/T
r3yNiQ/+KvuxjndpQCm6GeS+17sRUl3W93JhcMAbai01bJN+5OttDZyqm0pP8d7t
i9ZYyPBV4buYjfKcx2X4yHXRjaer1vctmyy9zxA7hcJd5yTaXU2xH8ks0Ei4rFbg
DM1rl3470ifaGH4/NTnM2iberSrgG8fbeGGDb3IUpWIQpMZp13PlIQp5dG++4hI1
CY9d5jdbp/FEH4sVdCozJmDBoZ/tdd7vn3HGXH1Y3i7Pw3RcOUNeNvBALIx81TnS
JkuFl6ttT194rptxm2151ZFWPNS609kusUd0lUTDWdgQm9Macw7F4RtRLqVGdnHJ
SZMWbrjKRq/VS0oItBPnEcUGkQ88kEH7tMPfnYB8f9L17B6jMiEI6NM4IgMt8fgM
Al3Un5x6V/nrTo7jUum/zAS1Ru5iq1EoGK7d794iIH96d8VD9yDejQIZgL0mSsaP
UxPNelvedu/pGjwd2AUo8Dm5G76J/Ah0zXZrkWkP8Ex6mLkOGLSR5zsj8Joj0ZRt
5neI8EtWTzeSMTKA4qW9YyUgM4nqz0T2jPE9VsCzIThxZLp5WM3WtKPAwzi1ITNL
oRwPcfulKUQfLdszRAJyVX5/zP821wlapS4O6ZsDBk6y3g30j8J95OmS+qpwWS3G
jSssybjnxb7nt9qV3gK2jboEo0Mv/YEhI4tEsF1UaDjLSDtvKfA=
=8lge
-----END PGP SIGNATURE-----

Source link

Tagged with:



Leave a Reply

Your email address will not be published.