harfbuzz-1.7.5-2.0.1.el7.AXS7

エラータID: AXSA:2024-8760:03

Release date: 
Wednesday, September 4, 2024 - 17:52
Subject: 
harfbuzz-1.7.5-2.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

HarfBuzz is an implementation of the OpenType Layout engine.

Security Fix(es):

* CVE-2023-25193: optimize looking back for base glyphs in
hb-ot-layout-gsubgpos-private.hh

CVE(s):
CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

Solution: 

Update packages.

CVEs: 
CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. harfbuzz-1.7.5-2.0.1.el7.AXS7.i686.rpm
    MD5: 4d143fc6a57807da0e4fc9ff20fc04ed
    SHA-256: 1e1b4e3cc4a362c486e602d62b816b4c2d08d337cd989ee01ff346aa07e3cbe6
    Size: 266.12 kB
  2. harfbuzz-1.7.5-2.0.1.el7.AXS7.x86_64.rpm
    MD5: 0a1aff475fc137131f8d5f022b699c5a
    SHA-256: b652241a55afd76338a3bb1a6fcb5b8291e4f8aff72dea40bee752a9efd48900
    Size: 267.66 kB
  3. harfbuzz-devel-1.7.5-2.0.1.el7.AXS7.i686.rpm
    MD5: 622ea3ebc14506532b7766fa4461e5c2
    SHA-256: 2844963cad5686b9e2f661102c6d9108b9999277309f0afa0892847d0df54ed8
    Size: 166.25 kB
  4. harfbuzz-devel-1.7.5-2.0.1.el7.AXS7.x86_64.rpm
    MD5: a1bb6e7a8531f32be5390f1b14283574
    SHA-256: 4782bd2b995ba56cda2c4060009440bbca193a6fd8352a4093af24ba5deb6dbd
    Size: 166.71 kB
  5. harfbuzz-icu-1.7.5-2.0.1.el7.AXS7.i686.rpm
    MD5: 988a7a75460f75693c9e97f7c9f2c3db
    SHA-256: 0017065cc650f4966baa8730ccc4e6736f0db52e18dbab6712d41e1a63271d9f
    Size: 11.44 kB
  6. harfbuzz-icu-1.7.5-2.0.1.el7.AXS7.x86_64.rpm
    MD5: c22e376d34be79124bf9807ed2712a0a
    SHA-256: 4a9ebe5f2fa9b7e833180ca5717de70a9fcc14fa622ae9e1380cea42874cf208
    Size: 11.30 kB