harfbuzz-2.7.4-10.el9

エラータID: AXSA:2024-7815:01

Release date: 
Wednesday, May 29, 2024 - 21:41
Subject: 
harfbuzz-2.7.4-10.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

HarfBuzz is an implementation of the OpenType Layout engine.

Security Fix(es):

* harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.4 Release Notes linked from the References section.

CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

Solution: 

Update packages.

CVEs: 
CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
Additional Info: 

N/A

Download: 

SRPMS
  1. harfbuzz-2.7.4-10.el9.src.rpm
    MD5: 295db021bb793bba3b188affa03812a5
    SHA-256: e6ebd53a64f8784ac3c167a3457184f3091f6dfdeb844c834879a96ba41436c6
    Size: 9.11 MB

Asianux Server 9 for x86_64
  1. harfbuzz-2.7.4-10.el9.i686.rpm
    MD5: f2512dde67bcd330a851cd18b3432c05
    SHA-256: f4a30efe14bdf574e3148fb4b5981f5a05a0249865d0567a9f12360c017ff669
    Size: 648.66 kB
  2. harfbuzz-2.7.4-10.el9.x86_64.rpm
    MD5: edddfb6ca2734e6add2239638ef27059
    SHA-256: c9d8ada803ff3de76472b00baf3912b1166d054c057f5faffb598e61e5ee62f0
    Size: 623.40 kB
  3. harfbuzz-devel-2.7.4-10.el9.i686.rpm
    MD5: 536f6869390d9c65282b934f3086c4f0
    SHA-256: b07017f000f20ae1ff5821c34aa5f19cfa9c00a3b75669794234092004bbd54f
    Size: 307.15 kB
  4. harfbuzz-devel-2.7.4-10.el9.x86_64.rpm
    MD5: 979383be03efcaa7f8f1e23009fdcc62
    SHA-256: 392b68a5a553e471a5f7effadf098377edb8bdd23d988c624affa3f751456ba4
    Size: 304.70 kB
  5. harfbuzz-icu-2.7.4-10.el9.i686.rpm
    MD5: 76d1f5d62730ea0023065143b757080e
    SHA-256: c1f8e37fd1f521ad561a50a8dca67bb1f8644d042aede1cc63fa97d8f391736f
    Size: 12.87 kB
  6. harfbuzz-icu-2.7.4-10.el9.x86_64.rpm
    MD5: 343a788fd0dcfcbf81fea1085b9cd690
    SHA-256: 4253cba80ff39e6f917fd94b6ea460dab67b63def5189dc41648f0dcb86feb13
    Size: 12.66 kB