Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 16 articles for you...
172

Ubuntu 16.04 ESM: 5922-1 Critical: FriBidi Denial Of Service

Several security issues were fixed in fribidi.. =========================================================================Ubuntu Security Notice USN-5922-1 March 06, 2023 fribidi vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in fribidi. Software Description: - fribidi: Free Implementation of the Unicode BiDi algorithm (utility) Details: It was discovered that FriBidi incorrectly handled the processing of input strings, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25308) It was discovered that FriBidi incorrectly validated input data to its CapRTL unicode encoder, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25309) It was discovered that FriBidi incorrectly handled empty input when removing marks from unicode strings. An attacker could possibly use this to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25310) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libfribidi-bin 0.19.7-1ubuntu0.1~esm1 libfribidi0 0.19.7-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5922-1 CVE-2022-25308, CVE-2022-25309, CVE-2022-25310 . Multiple vulnerabilities addressed in fribidi for Ubuntu. Make sure to install the latest updates to avoid possible system failures.. Ubuntu Security, FriBidi Issues, System Update. .LinuxSecurity.com Team

Calendar%202 Mar 06, 2023 Ubuntu
98

Red Hat Enterprise Linux 9: RHSA-2022-8011-01 Moderate: Fribidi Security

An update for fribidi is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: fribidi security update Advisory ID: RHSA-2022:8011-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8011 Issue date: 2022-11-15 CVE Names: CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 ==================================================================== 1. Summary: An update for fribidi is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: FriBidi is a library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way, while the text data itself is always written in logical order. Security Fix(es): * fribidi: Stack based buffer overflow (CVE-2022-25308) * fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode (CVE-2022-25309) * fribidi: SEGV in fribidi_remove_bidi_marks (CVE-2022-25310) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Noteslinked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2047890 - CVE-2022-25308 fribidi: Stack based buffer overflow 2047896 - CVE-2022-25309 fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode 2047923 - CVE-2022-25310 fribidi: SEGV in fribidi_remove_bidi_marks 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: fribidi-1.0.10-6.el9.2.src.rpm aarch64: fribidi-1.0.10-6.el9.2.aarch64.rpm fribidi-debuginfo-1.0.10-6.el9.2.aarch64.rpm fribidi-debugsource-1.0.10-6.el9.2.aarch64.rpm fribidi-devel-1.0.10-6.el9.2.aarch64.rpm ppc64le: fribidi-1.0.10-6.el9.2.ppc64le.rpm fribidi-debuginfo-1.0.10-6.el9.2.ppc64le.rpm fribidi-debugsource-1.0.10-6.el9.2.ppc64le.rpm fribidi-devel-1.0.10-6.el9.2.ppc64le.rpm s390x: fribidi-1.0.10-6.el9.2.s390x.rpm fribidi-debuginfo-1.0.10-6.el9.2.s390x.rpm fribidi-debugsource-1.0.10-6.el9.2.s390x.rpm fribidi-devel-1.0.10-6.el9.2.s390x.rpm x86_64: fribidi-1.0.10-6.el9.2.i686.rpm fribidi-1.0.10-6.el9.2.x86_64.rpm fribidi-debuginfo-1.0.10-6.el9.2.i686.rpm fribidi-debuginfo-1.0.10-6.el9.2.x86_64.rpm fribidi-debugsource-1.0.10-6.el9.2.i686.rpm fribidi-debugsource-1.0.10-6.el9.2.x86_64.rpm fribidi-devel-1.0.10-6.el9.2.i686.rpm fribidi-devel-1.0.10-6.el9.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-25308 https://access.redhat.com/security/cve/CVE-2022-25309 https://access.redhat.com/security/cve/CVE-2022-25310 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.1_release_notes/index 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY3OMdtzjgjWX9erEAQiawBAAhv67WtXYKZVF00wsIwbaDm55oz1dHi+R TzmJ5fIwJQ6PTl9Yai+9vlVIRJ6v3CJGvQkhzKL2ajua4XWPEKOuxNgGWuXe07DY A3IMmpSGcu4Xjbi827k0aDs1DHUcrfSbNe6J41Tsk2QceNXjkuaxfS8wr5jBXc94 T1yTKxaKCXuBhZNXjYhPXqyjdCcKvw625aRYmPnk3y2Ogt+Kr5eNqRogTQgg9qzn YEb0ysLVGf3DzmO8x5AvPbgwMiS/WsX+P12eF747kyHjzC8oONN1qyCZ02L1yudq CvGww/rxyKlzfAmhMqJDlta7ADIzTdiw6KN5h189esPpL0KK1qMDb50xCNmmx4Yx U7N3ScfBSP+Ws/JHTRLjbKUsCKkUm/8SH60eBkzMOwOnAZL+1dsVYxTonOpBX3gD CD9+6N9YmZGfcp4wnEEDNYafChJezwnrs/sAPLWvMkE7GvplKkue12fbPKI+yXdZ JPhY4A6XlYBuw0kXuwQCcCJ2BtwVyW8rWVSRj0YSXtNRjrrHsZTZlLSkIw4PaWn8 lzsp4RzRxlfJRRbwfs4AGwMpDjNHDdGa3Onnp8kbpHtfFA21D4tj2/tfzUJ+IZeW I2V/9ZAj9i8qjGBsaNYonj/qXl04i6VZCxb/5W6wQoSXDxUyagRovmYxx+CD5Iu3 nCBmB26imLw=553+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . An incremental fribidi upgrade for Red Hat Enterprise Linux 9 tackles buffer overflow vulnerabilities while reinforcing security protocols.. Fribidi Security Update, Red Hat Security Advisory, Moderate Impact, Linux Security Update, Buffer Overflow Fix. . LinuxSecurity.com Team

Calendar%202 Nov 15, 2022 Red Hat
98

Red Hat 8 RHSA-2022-7514-01 Moderate: Fribidi Buffer Overflow Fix

An update for fribidi is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: fribidi security update Advisory ID: RHSA-2022:7514-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7514 Issue date: 2022-11-08 CVE Names: CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 ==================================================================== 1. Summary: An update for fribidi is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: FriBidi is a library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way, while the text data itself is always written in logical order. Security Fix(es): * fribidi: Stack based buffer overflow (CVE-2022-25308) * fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode (CVE-2022-25309) * fribidi: SEGV in fribidi_remove_bidi_marks (CVE-2022-25310) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Noteslinked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2047890 - CVE-2022-25308 fribidi: Stack based buffer overflow 2047896 - CVE-2022-25309 fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode 2047923 - CVE-2022-25310 fribidi: SEGV in fribidi_remove_bidi_marks 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: fribidi-1.0.4-9.el8.src.rpm aarch64: fribidi-1.0.4-9.el8.aarch64.rpm fribidi-debuginfo-1.0.4-9.el8.aarch64.rpm fribidi-debugsource-1.0.4-9.el8.aarch64.rpm fribidi-devel-1.0.4-9.el8.aarch64.rpm ppc64le: fribidi-1.0.4-9.el8.ppc64le.rpm fribidi-debuginfo-1.0.4-9.el8.ppc64le.rpm fribidi-debugsource-1.0.4-9.el8.ppc64le.rpm fribidi-devel-1.0.4-9.el8.ppc64le.rpm s390x: fribidi-1.0.4-9.el8.s390x.rpm fribidi-debuginfo-1.0.4-9.el8.s390x.rpm fribidi-debugsource-1.0.4-9.el8.s390x.rpm fribidi-devel-1.0.4-9.el8.s390x.rpm x86_64: fribidi-1.0.4-9.el8.i686.rpm fribidi-1.0.4-9.el8.x86_64.rpm fribidi-debuginfo-1.0.4-9.el8.i686.rpm fribidi-debuginfo-1.0.4-9.el8.x86_64.rpm fribidi-debugsource-1.0.4-9.el8.i686.rpm fribidi-debugsource-1.0.4-9.el8.x86_64.rpm fribidi-devel-1.0.4-9.el8.i686.rpm fribidi-devel-1.0.4-9.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-25308 https://access.redhat.com/security/cve/CVE-2022-25309 https://access.redhat.com/security/cve/CVE-2022-25310 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.7_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGPSIGNATURE----- Version: GnuPG v1 iQIVAwUBY2pSl9zjgjWX9erEAQjiCQ//c3fOFXaSK86vN6LQtZQDtRb4lY3e8LA/ YuAXQrtQzoaXiPGgYv/NBgKdngKAAKdj+NCMZMweNor7s6O5oi6n+YhC8FI0imz+ enbnrhsbRcOHXq9F1bD7t6mg0/91vbH+risyqJ7A5mG3LH7ZqCs2PJ7WErGCCU5A N/PDESAIr80F5+oW2poS++sWbUhzYht4cGSRP1haPAVKCb1r7RSk9o2HXSaYkdRQ EBLeuxmBW5Zb/VxWdCdWhCyz/bWjAEHkLdTjBYvSq97kZyH0OIWPhJptg5Sg3afI U8VQQjE80F/uMpNAZOej7TawV+JmpPrNkOTcmVw3G6BeggMGNmz8gTKZ7TbnAZxl XWq4VYUHHAuKZi4WQ8e9E8P8GSa1+aDSCmRk2D/UJy+TboVEmhW9hyYOvy0NZq34 idsr81JdwHx2NxhkBpu6tNA4pONgmPUs8O117tO0+gaxw0TgkquQh760mRqyUf4i I+1PPEWfBFMYLGc7wyMGNZXatBTJsvUiIxgZHFf2uZivbf7s5qe6RiR0fLKc0DC3 MFAmaeO6QinyZ0LHlPBcjySXzGQsfJfWAkrFYHCFC1luGz8dUgki9xLOu2nE21aB 1QwsE8g4AWRPPl+afFB1/GCT5/mYuSqJx+tY+zXFNuTJWlp6a+SgR2LSYvOeZTen ANw5l8k4X3w=7Fsn -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A critical fribidi patch for Red Hat Enterprise Linux 8 addresses vulnerabilities related to stack and heap overflows, enhancing system security.. fribidi Update, Red Hat Security, Linux AppStream, Risk Management. . LinuxSecurity.com Team

Calendar%202 Nov 08, 2022 Red Hat
100

SUSE Linux 15 Moderate: Update for Fribidi Security Issues

An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for fribidi ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2029-1 Rating: moderate References: #1196147 #1196148 #1196150 Cross-References: CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVSS scores: CVE-2022-25308 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVE-2022-25309 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-25310 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147). - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148). - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypperpatch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2029=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2029=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2029=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2029=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2029=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2029=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2029=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2029=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2029=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2029=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server forSAP 15 (ppc64le x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 - SUSE Enterprise Storage 6 (x86_64): libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 - SUSE CaaS Platform 4.0 (x86_64): fribidi-0.19.6-150000.3.3.1 fribidi-debuginfo-0.19.6-150000.3.3.1 fribidi-debugsource-0.19.6-150000.3.3.1 fribidi-devel-0.19.6-150000.3.3.1 libfribidi0-0.19.6-150000.3.3.1 libfribidi0-32bit-0.19.6-150000.3.3.1 libfribidi0-32bit-debuginfo-0.19.6-150000.3.3.1 libfribidi0-debuginfo-0.19.6-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-25308.html https://www.suse.com/security/cve/CVE-2022-25309.html https://www.suse.com/security/cve/CVE-2022-25310.html https://bugzilla.suse.com/1196147 https://bugzilla.suse.com/1196148 https://bugzilla.suse.com/1196150 . SUSE Security Update for libtiff addresses four security vulnerabilities and includes guidance for patching impacted systems.. SUSE Update, Fribidi Fixes, Patch Instructions. . LinuxSecurity.com Team

Calendar%202 Jun 09, 2022 SuSE
100

SUSE: 2022:1898-1 Moderate: Fribidi Stack and Heap Issues

An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for fribidi ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1898-1 Rating: moderate References: #1196147 #1196148 #1196150 Cross-References: CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVSS scores: CVE-2022-25308 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVE-2022-25309 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-25310 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147). - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148). - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1898=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patchSUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1898=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1898=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): fribidi-1.0.10-150400.3.3.1 fribidi-debuginfo-1.0.10-150400.3.3.1 fribidi-debugsource-1.0.10-150400.3.3.1 fribidi-devel-1.0.10-150400.3.3.1 libfribidi0-1.0.10-150400.3.3.1 libfribidi0-debuginfo-1.0.10-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): libfribidi0-32bit-1.0.10-150400.3.3.1 libfribidi0-32bit-debuginfo-1.0.10-150400.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (x86_64): fribidi-debugsource-1.0.10-150400.3.3.1 libfribidi0-32bit-1.0.10-150400.3.3.1 libfribidi0-32bit-debuginfo-1.0.10-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): fribidi-1.0.10-150400.3.3.1 fribidi-debuginfo-1.0.10-150400.3.3.1 fribidi-debugsource-1.0.10-150400.3.3.1 fribidi-devel-1.0.10-150400.3.3.1 libfribidi0-1.0.10-150400.3.3.1 libfribidi0-debuginfo-1.0.10-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-25308.html https://www.suse.com/security/cve/CVE-2022-25309.html https://www.suse.com/security/cve/CVE-2022-25310.html https://bugzilla.suse.com/1196147 https://bugzilla.suse.com/1196148 https://bugzilla.suse.com/1196150 . SUSE Security Patch for fribidi: moderate classification dealing with various vulnerabilities, particularly stack and heap overflow concerns.. Suse Linux, Security Update, Fribidi Fixes, Patch Instructions, Vulnerability Management. . LinuxSecurity.com Team

Calendar%202 May 31, 2022 SuSE
100

SUSE Security Update 2022:1845-1 for Fribidi: Moderate Severity

An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for fribidi ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1845-1 Rating: moderate References: #1196147 #1196148 #1196150 Cross-References: CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVSS scores: CVE-2022-25308 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVE-2022-25309 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-25310 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147). - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148). - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1845=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1845=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): fribidi-debuginfo-0.19.2-14.3.1 fribidi-debugsource-0.19.2-14.3.1 fribidi-devel-0.19.2-14.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): fribidi-0.19.2-14.3.1 fribidi-debuginfo-0.19.2-14.3.1 fribidi-debugsource-0.19.2-14.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): fribidi-32bit-0.19.2-14.3.1 fribidi-debuginfo-32bit-0.19.2-14.3.1 References: https://www.suse.com/security/cve/CVE-2022-25308.html https://www.suse.com/security/cve/CVE-2022-25309.html https://www.suse.com/security/cve/CVE-2022-25310.html https://bugzilla.suse.com/1196147 https://bugzilla.suse.com/1196148 https://bugzilla.suse.com/1196150 . SUSE Security Advisory for fribidi, addressing a range of moderate risk vulnerabilities with recommended remediation procedures.. SUSE Linux Enterprise, Fribidi Fix, Security Update. . LinuxSecurity.com Team

Calendar%202 May 25, 2022 SuSE
100

SUSE: 2022:1844-1 Moderate: Fribidi Buffer Overflow and Dereference Issues

An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for fribidi ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1844-1 Rating: moderate References: #1196147 #1196148 #1196150 Cross-References: CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVSS scores: CVE-2022-25308 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVE-2022-25309 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-25310 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147). - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148). - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1844=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1844=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1844=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1844=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): fribidi-1.0.5-150200.3.6.1 fribidi-debuginfo-1.0.5-150200.3.6.1 fribidi-debugsource-1.0.5-150200.3.6.1 fribidi-devel-1.0.5-150200.3.6.1 libfribidi0-1.0.5-150200.3.6.1 libfribidi0-debuginfo-1.0.5-150200.3.6.1 - openSUSE Leap 15.3 (x86_64): libfribidi0-32bit-1.0.5-150200.3.6.1 libfribidi0-32bit-debuginfo-1.0.5-150200.3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): fribidi-debugsource-1.0.5-150200.3.6.1 libfribidi0-32bit-1.0.5-150200.3.6.1 libfribidi0-32bit-debuginfo-1.0.5-150200.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): fribidi-1.0.5-150200.3.6.1 fribidi-debuginfo-1.0.5-150200.3.6.1 fribidi-debugsource-1.0.5-150200.3.6.1 fribidi-devel-1.0.5-150200.3.6.1 libfribidi0-1.0.5-150200.3.6.1 libfribidi0-debuginfo-1.0.5-150200.3.6.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): fribidi-debuginfo-1.0.5-150200.3.6.1 fribidi-debugsource-1.0.5-150200.3.6.1 libfribidi0-1.0.5-150200.3.6.1 libfribidi0-debuginfo-1.0.5-150200.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-25308.html https://www.suse.com/security/cve/CVE-2022-25309.html https://www.suse.com/security/cve/CVE-2022-25310.html https://bugzilla.suse.com/1196147 https://bugzilla.suse.com/1196148 https://bugzilla.suse.com/1196150 . SUSE's security advisory 2022:1844-1 addresses fribidi vulnerabilities, ratedmoderate in severity. Users should verify their systems and apply updates promptly to enhance security.. SUSE Security Update, fribidi issues, patch instructions. . LinuxSecurity.com Team

Calendar%202 May 25, 2022 SuSE
89

Fedora 36: 2022-x410c36d19 Major: Harfbuzz Memory Leak Resolution

This release contains security fixes.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-d294f36c15 2022-05-07 04:08:14.309968 --------------------------------------------------------------------------------Name : fribidi Product : Fedora 36 Version : 1.0.11 Release : 3.fc36 URL : https://github.com/fribidi/fribidi/ Summary : Library implementing the Unicode Bidirectional Algorithm Description : A library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way; while the text data itself is always written in logical order. --------------------------------------------------------------------------------Update Information: This release contains security fixes. --------------------------------------------------------------------------------ChangeLog: * Fri Apr 1 2022 Akira TAGOH - 1.0.11-3 - Fix security issues, CVE-2022-25308, CVE-2022-25309, CVE-2022-25310. Resolves: rhbz#2067039, rhbz#2067043, rhbz#2067045 --------------------------------------------------------------------------------References: [ 1 ] Bug #2067039 - CVE-2022-25308 fribidi: Stack based buffer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2067039 [ 2 ] Bug #2067043 - CVE-2022-25309 fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2067043 [ 3 ] Bug #2067045 - CVE-2022-25310 fribidi: SEGV in fribidi_remove_bidi_marks [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2067045 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-d294f36c15' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signedwith the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Major patch for Fedora 36 fribidi resolves urgent vulnerabilities, bolstering defenses against possible risks.. Fedora Security Fixes, Fribidi Library, Security Updates, Fedora Advisory. . LinuxSecurity.com Team

Calendar%202 May 07, 2022 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200