fribidi security update

2022-11-1506:13:17

Rockylinux Product Errata

errata.rockylinux.org

fribidi library update

rocky linux 9

stack based buffer overflow

heap-buffer-overflow

segv

bidirectional scripts

security fix

cve-2022-25308

cve-2022-25309

cve-2022-25310

cvss score

release notes

unix

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

48.2%

JSON

An update is available for fribidi.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
FriBidi is a library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way, while the text data itself is always written in logical order.

Security Fix(es):

fribidi: Stack based buffer overflow (CVE-2022-25308)
fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode (CVE-2022-25309)
fribidi: SEGV in fribidi_remove_bidi_marks (CVE-2022-25310)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
rocky9x86_64fribidi< 1.0.10-6.el9.2fribidi-0:1.0.10-6.el9.2.x86_64.rpm
rocky9aarch64fribidi< 1.0.10-6.el9.2fribidi-0:1.0.10-6.el9.2.aarch64.rpm
rocky9i686fribidi< 1.0.10-6.el9.2fribidi-0:1.0.10-6.el9.2.i686.rpm
rocky9ppc64lefribidi< 1.0.10-6.el9.2fribidi-0:1.0.10-6.el9.2.ppc64le.rpm
rocky9s390xfribidi< 1.0.10-6.el9.2fribidi-0:1.0.10-6.el9.2.s390x.rpm
rocky9aarch64fribidi-debuginfo< 1.0.10-6.el9.2fribidi-debuginfo-0:1.0.10-6.el9.2.aarch64.rpm
rocky9ppc64lefribidi-debuginfo< 1.0.10-6.el9.2fribidi-debuginfo-0:1.0.10-6.el9.2.ppc64le.rpm
rocky9s390xfribidi-debuginfo< 1.0.10-6.el9.2fribidi-debuginfo-0:1.0.10-6.el9.2.s390x.rpm
rocky9x86_64fribidi-debuginfo< 1.0.10-6.el9.2fribidi-debuginfo-0:1.0.10-6.el9.2.x86_64.rpm
rocky9aarch64fribidi-debugsource< 1.0.10-6.el9.2fribidi-debugsource-0:1.0.10-6.el9.2.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	9	x86_64	fribidi	< 1.0.10-6.el9.2	fribidi-0:1.0.10-6.el9.2.x86_64.rpm
rocky	9	aarch64	fribidi	< 1.0.10-6.el9.2	fribidi-0:1.0.10-6.el9.2.aarch64.rpm
rocky	9	i686	fribidi	< 1.0.10-6.el9.2	fribidi-0:1.0.10-6.el9.2.i686.rpm
rocky	9	ppc64le	fribidi	< 1.0.10-6.el9.2	fribidi-0:1.0.10-6.el9.2.ppc64le.rpm
rocky	9	s390x	fribidi	< 1.0.10-6.el9.2	fribidi-0:1.0.10-6.el9.2.s390x.rpm
rocky	9	aarch64	fribidi-debuginfo	< 1.0.10-6.el9.2	fribidi-debuginfo-0:1.0.10-6.el9.2.aarch64.rpm
rocky	9	ppc64le	fribidi-debuginfo	< 1.0.10-6.el9.2	fribidi-debuginfo-0:1.0.10-6.el9.2.ppc64le.rpm
rocky	9	s390x	fribidi-debuginfo	< 1.0.10-6.el9.2	fribidi-debuginfo-0:1.0.10-6.el9.2.s390x.rpm
rocky	9	x86_64	fribidi-debuginfo	< 1.0.10-6.el9.2	fribidi-debuginfo-0:1.0.10-6.el9.2.x86_64.rpm
rocky	9	aarch64	fribidi-debugsource	< 1.0.10-6.el9.2	fribidi-debugsource-0:1.0.10-6.el9.2.aarch64.rpm