Lucene search

AlmaLinuxALSA-2022:1808

HistoryMay 10, 2022 - 8:02 a.m.

Moderate: aspell security update

2022-05-1008:02:17

errata.almalinux.org

aspell

security update

spell checker

buffer overflow

cve-2019-25051

almalinux

unix

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.7%

JSON

GNU Aspell is a spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spell checker.

Security Fix(es):

aspell: Heap-buffer-overflow in acommon::ObjStack::dup_top (CVE-2019-25051)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8x86_64aspell-devel< 0.60.6.1-22.el8aspell-devel-0.60.6.1-22.el8.x86_64.rpm
almalinux8x86_64aspell-devel< 0.60.6.1-22.el8aspell-devel-0.60.6.1-22.el8.x86_64.rpm
almalinux8x86_64aspell< 0.60.6.1-22.el8aspell-0.60.6.1-22.el8.x86_64.rpm
almalinux8aarch64aspell-devel< 0.60.6.1-22.el8aspell-devel-0.60.6.1-22.el8.aarch64.rpm
almalinux8aarch64aspell< 0.60.6.1-22.el8aspell-0.60.6.1-22.el8.aarch64.rpm
almalinux8i686aspell< 0.60.6.1-22.el8aspell-0.60.6.1-22.el8.i686.rpm
almalinux8ppc64leaspell< 0.60.6.1-22.el8aspell-0.60.6.1-22.el8.ppc64le.rpm
almalinux8ppc64leaspell-devel< 0.60.6.1-22.el8aspell-devel-0.60.6.1-22.el8.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	x86_64	aspell-devel	< 0.60.6.1-22.el8	aspell-devel-0.60.6.1-22.el8.x86_64.rpm
almalinux	8	x86_64	aspell-devel	< 0.60.6.1-22.el8	aspell-devel-0.60.6.1-22.el8.x86_64.rpm
almalinux	8	x86_64	aspell	< 0.60.6.1-22.el8	aspell-0.60.6.1-22.el8.x86_64.rpm
almalinux	8	aarch64	aspell-devel	< 0.60.6.1-22.el8	aspell-devel-0.60.6.1-22.el8.aarch64.rpm
almalinux	8	aarch64	aspell	< 0.60.6.1-22.el8	aspell-0.60.6.1-22.el8.aarch64.rpm
almalinux	8	i686	aspell	< 0.60.6.1-22.el8	aspell-0.60.6.1-22.el8.i686.rpm
almalinux	8	ppc64le	aspell	< 0.60.6.1-22.el8	aspell-0.60.6.1-22.el8.ppc64le.rpm
almalinux	8	ppc64le	aspell-devel	< 0.60.6.1-22.el8	aspell-devel-0.60.6.1-22.el8.ppc64le.rpm