[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2974-1] fribidi security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2974-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
April 10, 2022                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : fribidi
Version        : 0.19.7-1+deb9u2
CVE ID         : CVE-2022-25308 CVE-2022-25309 CVE-2022-25310


Several issues have been found in fribidi, a free Implementation of the Unicode BiDi algorithm. The issues are related to stack-buffer-overflow, heap-buffer-overflow, and a SEGV.

CVE-2022-25308
     stack-buffer-overflow issue in main()

CVE-2022-25309
     heap-buffer-overflow issue in fribidi_cap_rtl_to_unicode()

CVE-2022-25310
     SEGV issue in fribidi_remove_bidi_marks()


For Debian 9 stretch, these problems have been fixed in version
0.19.7-1+deb9u2.

We recommend that you upgrade your fribidi packages.

For the detailed security status of fribidi please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/fribidi

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmJYTGVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd79Q/8DYl02kz57vsUm7vlBtsvZEZoQSo/jBIMmnqrTjyuDVhbrI5AOuHOi1J1
IwxtcZX5sVGku4a1vBkCKm3mzUKgFQ0v9T0jB20UMDlz+JqaB5+8+US3Vw1tHHSd
/eHfmMzTrQ3aZdDripFhI6Z1rbV/F65TAgNv2NfLXPmhof+rU9+bLX0KfxPlbvyC
sjIYxlois30Pm/TgGZXGSlH58ObjLMySPnw06DkG6UbDFp0kVQcdRJXw/pdzWe7r
pMMJT99L7mz7p+OQcMqMeKqg+YSdoV3Y08h9TwmpEXKShU66KgDyZcC+VdmLU0+W
0qNZr4F269TdaIrZzXTjZM6fUerZvmHikoskt4aj0IFLoSrmf4suEw3LfJ1r4sdZ
2WgsnQ9M6uQRHgNfBN4WucIjRNEs7uY9MwfWU2HBYuTlAEc/nja+Z2Pr9MRDJrRD
oAMc+g/mBS9y6VC0HeHLkksV/8U4Vd//gnYw9MaJ0NyiJi+1cs/wAvzCl+fFS5XT
dK5tJnvE682eeTQuSCBZ9vPoNdHWK2QfZfuh1SkEtag/pmRhzyjurCDYmvSNu2BE
RGNbMVKyIlz59avBXF1VnfY6ePjuoMZcwn0T2V3uIxjcGlcmbUUZ+RUvBZRh6uQp
mT3lx+7f/3JU5DgCAUddNekhuYeb0qNvWCH5vgGVSxtMEQhqHNw=
=x/SH
-----END PGP SIGNATURE-----


Reply to: