Monday, April 28, 2025

[USN-7466-1] KiCad vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmgPmoUFAwAAAAAACgkQyfW2m9Ldu6sv
ng/9EW4/Q7cFl6wpip7pt7ucTOiMl2s/Sjvx7p+UmBkL2ACzVj4bsubJYb421eV9B1Qd04g7fYSl
4j0zk7W/SaJErZVIKXHDughro0LCgL9Dp2ssFLSbHaZEwreHh6AXH6eowNmptk2ddRwSHzq9H6V4
/O1He2e+kDM6mNS7zhOMM51f+hTIV1u0R9J+iQVOZxZuDz4jqVjjUkF5gAA0WCm1sJX0Ci2RCHbB
czZGIMODlcGuoIfStZ7I+e+z9OUWMJVxm8OI3Mc6WA1zd+btQH6raAs6hC/JUmWUdtOhFASnxump
9NADl80gzV4xAJoJP7Irh3xynTZ7mYsLKDqBV1+bBfcbrlsUUvs2utEPmlJqDREAThUnWZIVUMXD
37AmUkNUvyTOh4yuUfNKs+T/YRY6ZB8ZJ42Q3WWoMyCjz4aQhpXmXnGh1vAANU3HK0UZslXH0IcK
GJYgK7yndw4cRfBLNpMkrb41axbbV9e/1Ka9hjwy/G1xW6mnYymyKsjIF6eED+FyK/rBY0Q5GAyz
xBwUs2tiDPIgHcP3bnHvY8JcSTWihZ4RvJ4CrFSDLP9hB9U2Yj5HftoDeRMiuLbCyX7tjJyIXS0P
bdCw304ym+GDkSZjPmnCKHfVXisJHCyV2HmD6cJC7DnvcLEl3lLB2l94pgST2ZHND815a44oT/HL
IGk=
=Xsx8
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7466-1
April 28, 2025

kicad vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

KiCad could be made to crash or run programs if it opened a specially
crafted file.

Software Description:
- kicad: Electronic schematic and PCB design software

Details:

It was discovered that KiCad incorrectly handled memory when opening
malicious files. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary commands.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  kicad                           5.1.5+dfsg1-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  kicad                           4.0.7+dfsg1-1ubuntu2+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7466-1
  CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947

No comments:

Post a Comment