========================================================================== Ubuntu Security Notice USN-5922-1 March 06, 2023 fribidi vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in fribidi. Software Description: - fribidi: Free Implementation of the Unicode BiDi algorithm (utility) Details: It was discovered that FriBidi incorrectly handled the processing of input strings, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25308) It was discovered that FriBidi incorrectly validated input data to its CapRTL unicode encoder, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25309) It was discovered that FriBidi incorrectly handled empty input when removing marks from unicode strings. An attacker could possibly use this to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25310) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libfribidi-bin 0.19.7-1ubuntu0.1~esm1 libfribidi0 0.19.7-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5922-1 CVE-2022-25308, CVE-2022-25309, CVE-2022-25310
Ubuntu 5922-1: FriBidi vulnerabilities
March 6, 2023
Several security issues were fixed in fribidi.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in fribidi. Software Description: - fribidi: Free Implementation of the Unicode BiDi algorithm (utility) Details: It was discovered that FriBidi incorrectly handled the processing of input strings, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25308) It was discovered that FriBidi incorrectly validated input data to its CapRTL unicode encoder, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25309) It was discovered that FriBidi incorrectly handled empty input when removing marks from unicode strings. An attacker could possibly use this to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25310)
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libfribidi-bin 0.19.7-1ubuntu0.1~esm1 libfribidi0 0.19.7-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-5922-1
CVE-2022-25308, CVE-2022-25309, CVE-2022-25310
Severity
Ubuntu Security Notice USN-5922-1
Package Information
News
HOWTOs
Features
Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems
About Us
Powered By
