[ALSA-2022:8011] Moderate: fribidi security update
Type:
security
Severity:
moderate
Release date:
2022-11-18
Description:
FriBidi is a library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way, while the text data itself is always written in logical order. Security Fix(es): * fribidi: Stack based buffer overflow (CVE-2022-25308) * fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode (CVE-2022-25309) * fribidi: SEGV in fribidi_remove_bidi_marks (CVE-2022-25310) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 fribidi-1.0.10-6.el9.2.aarch64.rpm 3178621f3860aca5918ae3c6e1ad56b00d7acac96a7f207953dde664a67a61fc
aarch64 fribidi-devel-1.0.10-6.el9.2.aarch64.rpm f954b65faa4f3e9d10938fb2aba0c490bcf7af9b1196be21e43327d05857f5a4
i686 fribidi-devel-1.0.10-6.el9.2.i686.rpm 3f5e63cdc922a7f3170c0388a468f598e6b514e94a408f295f971c93c1f57bb3
i686 fribidi-1.0.10-6.el9.2.i686.rpm 75f808f0f5f93aceb4e477aa5f302edbed07a605a0644f0ea929d4ea609e36a0
ppc64le fribidi-devel-1.0.10-6.el9.2.ppc64le.rpm 43e536ead328c5d0654147a8c9878a51cde4511a6bb189be32376a8c2ebb5a24
ppc64le fribidi-1.0.10-6.el9.2.ppc64le.rpm 8cdbe41a002edd6a57c51a06f23449c98f78dcb027845bb028d35892a3cc415d
s390x fribidi-devel-1.0.10-6.el9.2.s390x.rpm 660912a3044253e97aca9d9f7219f4343ba3fe0d0e632de881c70539ab34e2cd
s390x fribidi-1.0.10-6.el9.2.s390x.rpm 7013b1a3add62222f2fabebf5c1e99780979f8b2c6ee5c53971815066dae49af
x86_64 fribidi-1.0.10-6.el9.2.x86_64.rpm b4763ca410f8479b2775efb55ba09e6722948af7526180a56309e3e090c27010
x86_64 fribidi-devel-1.0.10-6.el9.2.x86_64.rpm e25eb68a0a64e26411a270c935c08d2121a51c8f17a7926508ad9e631b009437
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.