[USN-6760-1] Gerbv vulnerability

Chris Kim chris.kim at canonical.com
Tue Apr 30 22:59:08 UTC 2024


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

==========================================================================
Ubuntu Security Notice USN-6760-1
April 30, 2024

gerbv vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- - Ubuntu 23.10
- - Ubuntu 22.04 LTS
- - Ubuntu 20.04 LTS
- - Ubuntu 18.04 LTS
- - Ubuntu 16.04 LTS
- - Ubuntu 14.04 LTS

Summary:

Gerbv could be made to crash if it opened a specially crafted input file.

Software Description:
- - gerbv: Gerber file viewer for PCB design

Details:

George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did
not properly initialize a data structure when parsing certain nested
RS-274X format files. If a user were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service (application crash).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10
  gerbv                           2.9.8-1ubuntu0.1

Ubuntu 22.04 LTS
  gerbv                           2.8.2-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  gerbv                           2.7.0-1ubuntu0.2

Ubuntu 18.04 LTS
  gerbv                           2.6.1-3ubuntu0.1~esm2
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  gerbv                           2.6.0-1ubuntu0.16.04.1~esm2
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  gerbv                           2.6.0-1ubuntu0.14.04.1~esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6760-1
  CVE-2023-4508

Package Information:
  https://launchpad.net/ubuntu/+source/gerbv/2.9.8-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/gerbv/2.7.0-1ubuntu0.2

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETB/nIDy9nvCSgAUj3gXQmO/Tr3wFAmYxdyoACgkQ3gXQmO/T
r3yNiQ/+KvuxjndpQCm6GeS+17sRUl3W93JhcMAbai01bJN+5OttDZyqm0pP8d7t
i9ZYyPBV4buYjfKcx2X4yHXRjaer1vctmyy9zxA7hcJd5yTaXU2xH8ks0Ei4rFbg
DM1rl3470ifaGH4/NTnM2iberSrgG8fbeGGDb3IUpWIQpMZp13PlIQp5dG++4hI1
CY9d5jdbp/FEH4sVdCozJmDBoZ/tdd7vn3HGXH1Y3i7Pw3RcOUNeNvBALIx81TnS
JkuFl6ttT194rptxm2151ZFWPNS609kusUd0lUTDWdgQm9Macw7F4RtRLqVGdnHJ
SZMWbrjKRq/VS0oItBPnEcUGkQ88kEH7tMPfnYB8f9L17B6jMiEI6NM4IgMt8fgM
Al3Un5x6V/nrTo7jUum/zAS1Ru5iq1EoGK7d794iIH96d8VD9yDejQIZgL0mSsaP
UxPNelvedu/pGjwd2AUo8Dm5G76J/Ah0zXZrkWkP8Ex6mLkOGLSR5zsj8Joj0ZRt
5neI8EtWTzeSMTKA4qW9YyUgM4nqz0T2jPE9VsCzIThxZLp5WM3WtKPAwzi1ITNL
oRwPcfulKUQfLdszRAJyVX5/zP821wlapS4O6ZsDBk6y3g30j8J95OmS+qpwWS3G
jSssybjnxb7nt9qV3gK2jboEo0Mv/YEhI4tEsF1UaDjLSDtvKfA=
=8lge
-----END PGP SIGNATURE-----



More information about the ubuntu-security-announce mailing list