SUSE-SU-2022:2029-1

Опубликовано: 09 июн. 2022

Источник: suse-cvrf

Описание

Security update for fribidi

This update for fribidi fixes the following issues:

CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147).
CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148).
CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150).

Список пакетов

SUSE Enterprise Storage 6

fribidi-0.19.6-150000.3.3.1

fribidi-devel-0.19.6-150000.3.3.1

libfribidi0-0.19.6-150000.3.3.1

libfribidi0-32bit-0.19.6-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

fribidi-0.19.6-150000.3.3.1

fribidi-devel-0.19.6-150000.3.3.1

libfribidi0-0.19.6-150000.3.3.1

libfribidi0-32bit-0.19.6-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

fribidi-0.19.6-150000.3.3.1

fribidi-devel-0.19.6-150000.3.3.1

libfribidi0-0.19.6-150000.3.3.1

libfribidi0-32bit-0.19.6-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

fribidi-0.19.6-150000.3.3.1

fribidi-devel-0.19.6-150000.3.3.1

libfribidi0-0.19.6-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

fribidi-0.19.6-150000.3.3.1

fribidi-devel-0.19.6-150000.3.3.1

libfribidi0-0.19.6-150000.3.3.1

SUSE Linux Enterprise Server 15 SP1-BCL

fribidi-0.19.6-150000.3.3.1

fribidi-devel-0.19.6-150000.3.3.1

libfribidi0-0.19.6-150000.3.3.1

libfribidi0-32bit-0.19.6-150000.3.3.1

SUSE Linux Enterprise Server 15 SP1-LTSS

fribidi-0.19.6-150000.3.3.1

fribidi-devel-0.19.6-150000.3.3.1

libfribidi0-0.19.6-150000.3.3.1

libfribidi0-32bit-0.19.6-150000.3.3.1

SUSE Linux Enterprise Server 15-LTSS

fribidi-0.19.6-150000.3.3.1

fribidi-devel-0.19.6-150000.3.3.1

libfribidi0-0.19.6-150000.3.3.1

libfribidi0-32bit-0.19.6-150000.3.3.1

SUSE Linux Enterprise Server for SAP Applications 15

fribidi-0.19.6-150000.3.3.1

fribidi-devel-0.19.6-150000.3.3.1

libfribidi0-0.19.6-150000.3.3.1

libfribidi0-32bit-0.19.6-150000.3.3.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

fribidi-0.19.6-150000.3.3.1

fribidi-devel-0.19.6-150000.3.3.1

libfribidi0-0.19.6-150000.3.3.1

libfribidi0-32bit-0.19.6-150000.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20222029-1/
Link for SUSE-SU-2022:2029-1
https://lists.suse.com/pipermail/sle-security-updates/2022-June/011256.html
E-Mail link for SUSE-SU-2022:2029-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1196147
SUSE Bug 1196147
https://bugzilla.suse.com/1196148
SUSE Bug 1196148
https://bugzilla.suse.com/1196150
SUSE Bug 1196150
https://www.suse.com/security/cve/CVE-2022-25308/
SUSE CVE CVE-2022-25308 page
https://www.suse.com/security/cve/CVE-2022-25309/
SUSE CVE CVE-2022-25309 page
https://www.suse.com/security/cve/CVE-2022-25310/
SUSE CVE CVE-2022-25310 page

Описание

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.

Затронутые продукты

SUSE Enterprise Storage 6:fribidi-0.19.6-150000.3.3.1

SUSE Enterprise Storage 6:fribidi-devel-0.19.6-150000.3.3.1

SUSE Enterprise Storage 6:libfribidi0-0.19.6-150000.3.3.1

SUSE Enterprise Storage 6:libfribidi0-32bit-0.19.6-150000.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-25308.html
CVE-2022-25308
https://bugzilla.suse.com/1196147
SUSE Bug 1196147

Описание

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.

Затронутые продукты

SUSE Enterprise Storage 6:fribidi-0.19.6-150000.3.3.1

SUSE Enterprise Storage 6:fribidi-devel-0.19.6-150000.3.3.1

SUSE Enterprise Storage 6:libfribidi0-0.19.6-150000.3.3.1

SUSE Enterprise Storage 6:libfribidi0-32bit-0.19.6-150000.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-25309.html
CVE-2022-25309
https://bugzilla.suse.com/1196148
SUSE Bug 1196148

Описание

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.

Затронутые продукты

SUSE Enterprise Storage 6:fribidi-0.19.6-150000.3.3.1

SUSE Enterprise Storage 6:fribidi-devel-0.19.6-150000.3.3.1

SUSE Enterprise Storage 6:libfribidi0-0.19.6-150000.3.3.1

SUSE Enterprise Storage 6:libfribidi0-32bit-0.19.6-150000.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-25310.html
CVE-2022-25310
https://bugzilla.suse.com/1196150
SUSE Bug 1196150

SUSE-SU-2022:2029-1

Описание

Список пакетов

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Server 15 SP1-BCL

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

SUSE Linux Enterprise Server for SAP Applications 15 SP1

Ссылки

Уязвимость: CVE-2022-25308

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-25309

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-25310

Описание

Затронутые продукты

Ссылки