SUSE Security Update: Security update for fribidi
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1845-1
Rating: moderate
References: #1196147 #1196148 #1196150
Cross-References: CVE-2022-25308 CVE-2022-25309 CVE-2022-25310
CVSS scores:
CVE-2022-25308 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CVE-2022-25309 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CVE-2022-25310 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for fribidi fixes the following issues:
- CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147).
- CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode
(bsc#1196148).
- CVE-2022-25310: Fixed NULL pointer dereference in
fribidi_remove_bidi_marks (bsc#1196150).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1845=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1845=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
fribidi-debuginfo-0.19.2-14.3.1
fribidi-debugsource-0.19.2-14.3.1
fribidi-devel-0.19.2-14.3.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
fribidi-0.19.2-14.3.1
fribidi-debuginfo-0.19.2-14.3.1
fribidi-debugsource-0.19.2-14.3.1
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
fribidi-32bit-0.19.2-14.3.1
fribidi-debuginfo-32bit-0.19.2-14.3.1
References:
https://www.suse.com/security/cve/CVE-2022-25308.html
https://www.suse.com/security/cve/CVE-2022-25309.html
https://www.suse.com/security/cve/CVE-2022-25310.html
https://bugzilla.suse.com/1196147
https://bugzilla.suse.com/1196148
https://bugzilla.suse.com/1196150
SUSE: 2022:1845-1 moderate: fribidi
May 25, 2022
An update that fixes three vulnerabilities is now available
Summary
This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147). - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148). - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1845=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1845=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): fribidi-debuginfo-0.19.2-14.3.1 fribidi-debugsource-0.19.2-14.3.1 fribidi-devel-0.19.2-14.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): fribidi-0.19.2-14.3.1 fribidi-debuginfo-0.19.2-14.3.1 fribidi-debugsource-0.19.2-14.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): fribidi-32bit-0.19.2-14.3.1 fribidi-debuginfo-32bit-0.19.2-14.3.1
References
#1196147 #1196148 #1196150
Cross- CVE-2022-25308 CVE-2022-25309 CVE-2022-25310
CVSS scores:
CVE-2022-25308 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CVE-2022-25309 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CVE-2022-25310 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
https://www.suse.com/security/cve/CVE-2022-25308.html
https://www.suse.com/security/cve/CVE-2022-25309.html
https://www.suse.com/security/cve/CVE-2022-25310.html
https://bugzilla.suse.com/1196147
https://bugzilla.suse.com/1196148
https://bugzilla.suse.com/1196150
Severity
Announcement ID: SUSE-SU-2022:1845-1
Rating: moderate
News
HOWTOs
Features
How to Spend Less Time on Web and API Security
Guide to Web Application Penetration Testing
Thank You for Participating in Our Security Dashboard Redesign Survey
Web App Vs. Progressive Web App: How Are They Different?
Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
About Us
Powered By
