Headline
Ubuntu Security Notice USN-6760-1
Ubuntu Security Notice 6760-1 - George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
==========================================================================
Ubuntu Security Notice USN-6760-1
April 30, 2024
gerbv vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Gerbv could be made to crash if it opened a specially crafted input file.
Software Description:
- gerbv: Gerber file viewer for PCB design
Details:
George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did
not properly initialize a data structure when parsing certain nested
RS-274X format files. If a user were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service (application crash).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10
gerbv 2.9.8-1ubuntu0.1
Ubuntu 22.04 LTS
gerbv 2.8.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
gerbv 2.7.0-1ubuntu0.2
Ubuntu 18.04 LTS
gerbv 2.6.1-3ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
gerbv 2.6.0-1ubuntu0.16.04.1~esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
gerbv 2.6.0-1ubuntu0.14.04.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6760-1
CVE-2023-4508
Package Information:
https://launchpad.net/ubuntu/+source/gerbv/2.9.8-1ubuntu0.1
https://launchpad.net/ubuntu/+source/gerbv/2.7.0-1ubuntu0.2
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETB/nIDy9nvCSgAUj3gXQmO/Tr3wFAmYxdyoACgkQ3gXQmO/T
r3yNiQ/+KvuxjndpQCm6GeS+17sRUl3W93JhcMAbai01bJN+5OttDZyqm0pP8d7t
i9ZYyPBV4buYjfKcx2X4yHXRjaer1vctmyy9zxA7hcJd5yTaXU2xH8ks0Ei4rFbg
DM1rl3470ifaGH4/NTnM2iberSrgG8fbeGGDb3IUpWIQpMZp13PlIQp5dG++4hI1
CY9d5jdbp/FEH4sVdCozJmDBoZ/tdd7vn3HGXH1Y3i7Pw3RcOUNeNvBALIx81TnS
JkuFl6ttT194rptxm2151ZFWPNS609kusUd0lUTDWdgQm9Macw7F4RtRLqVGdnHJ
SZMWbrjKRq/VS0oItBPnEcUGkQ88kEH7tMPfnYB8f9L17B6jMiEI6NM4IgMt8fgM
Al3Un5x6V/nrTo7jUum/zAS1Ru5iq1EoGK7d794iIH96d8VD9yDejQIZgL0mSsaP
UxPNelvedu/pGjwd2AUo8Dm5G76J/Ah0zXZrkWkP8Ex6mLkOGLSR5zsj8Joj0ZRt
5neI8EtWTzeSMTKA4qW9YyUgM4nqz0T2jPE9VsCzIThxZLp5WM3WtKPAwzi1ITNL
oRwPcfulKUQfLdszRAJyVX5/zP821wlapS4O6ZsDBk6y3g30j8J95OmS+qpwWS3G
jSssybjnxb7nt9qV3gK2jboEo0Mv/YEhI4tEsF1UaDjLSDtvKfA=
=8lge
-----END PGP SIGNATURE-----
Related news
A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.