harfbuzz-1.7.5-4.el8

エラータID: AXSA:2024-8252:02

Release date: 
Saturday, June 15, 2024 - 06:11
Subject: 
harfbuzz-1.7.5-4.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

HarfBuzz is an implementation of the OpenType Layout engine.

Security Fix(es):

* harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.10 Release Notes linked from the References section.

CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

Solution: 

Update packages.

CVEs: 
CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
Additional Info: 

N/A

Download: 

SRPMS
  1. harfbuzz-1.7.5-4.el8.src.rpm
    MD5: 440e51a834a6f77c9cb0711463f5e71a
    SHA-256: 55aff09bd9e4776b8fd6ef38dae0b922d7a92902a9559cf3687e3997e1fcf66c
    Size: 2.23 MB

Asianux Server 8 for x86_64
  1. harfbuzz-1.7.5-4.el8.i686.rpm
    MD5: 0cc70f799ffb3186685d782a1fad69e4
    SHA-256: 8f1d9b1132799472ea57de758fe968e3a5691a3aeb325932033fa11aa9eb2176
    Size: 304.76 kB
  2. harfbuzz-1.7.5-4.el8.x86_64.rpm
    MD5: 9ac7715e74a1c3750edd54897917e6b1
    SHA-256: a2cf05fb71e42be5c65da12c944b484879ad5d97afadc4ef10919634835532cf
    Size: 294.56 kB
  3. harfbuzz-devel-1.7.5-4.el8.i686.rpm
    MD5: 047849a2ff18e549cc723f3ca37b0c6f
    SHA-256: a0da8875d48442f1eb1c02ed47056bc8f2ae8970dd6e5c3602d90588a2010185
    Size: 183.21 kB
  4. harfbuzz-devel-1.7.5-4.el8.x86_64.rpm
    MD5: 1aeebf21a0b1098f4d9f685138490f9c
    SHA-256: 5806d952d6b0cb5de99c4037cef30c3b969b00a75b18f36145bc48689dd7c619
    Size: 180.11 kB
  5. harfbuzz-icu-1.7.5-4.el8.i686.rpm
    MD5: 61781e08baa177ddae8a53b458b9dcad
    SHA-256: 2e7fcdf309ba5913fe26041f45400bf0db4ccc6e05df384c78d597936bcc9659
    Size: 23.04 kB
  6. harfbuzz-icu-1.7.5-4.el8.x86_64.rpm
    MD5: 0041f6227671dfe62a66fe30b36804aa
    SHA-256: ec4e8a7ecac4331e88fd9e1612ad576f00db1e83210461c61fbab70f0ffc6b75
    Size: 22.77 kB