Fedora 38: 2023-a48406ecd2 Critical: HarfBuzz DoS Threat

Cairo is a 2D graphics library designed to provide high-quality display

and print output. Currently supported output targets include the X Window

System, in-memory image buffers, and image files (PDF, PostScript, and SVG).

Cairo is designed to produce consistent output on all output media while

taking advantage of display hardware acceleration when available.

Security fix for CVE-2023-25193 Update of HarfBuzz to 7.0.1 version (#2169172)

Update of freetype to 2.13.0 version (#2168496) ---- Security fix for

CVE-2023-25193, Update to 7.0.1 version (#2169172)

* Sun Feb 26 2023 Marek Kasik - 1.17.8-2

- Rebuild for freetype-2.13.0

[ 1 ] Bug #2167254 - CVE-2023-25193 harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks

https://bugzilla.redhat.com/show_bug.cgi?id=2167254

su -c 'dnf upgrade --advisory FEDORA-2023-a48406ecd2' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: