AXSA:2019-4416:01

リリース日: 
2019/12/20 Friday - 23:47
題名: 
fribidi-1.0.2-1.el7.1
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

A library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way, while the text data itself is always written in logical order.

Security Fix(es):

* fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib/fribidi-bidi.c leading to denial of service and possible code execution (CVE-2019-18397)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-18397
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. fribidi-1.0.2-1.el7.1.src.rpm
    MD5: f5c3f7cfa9a9caa6a5a7f1ae2e3d9701
    SHA-256: 77b27dd840a9827f81bb88469545b2a73700b7e15f8a97bdc668cfc2791afd5a
    Size: 1.33 MB

Asianux Server 7 for x86_64
  1. fribidi-1.0.2-1.el7.1.x86_64.rpm
    MD5: 051e5d23d86d037aadfe3bc3d29d7f2c
    SHA-256: ddeacc6a8536dff6dac6254487078daad96825c6b627e378bcc970f6ef8b0a35
    Size: 78.55 kB
  2. fribidi-devel-1.0.2-1.el7.1.x86_64.rpm
    MD5: 5f4a2fa3b5cba5eb39bc573adb1eff1a
    SHA-256: 0153841642d3f349be61b47af75e55d4309d7c4cd139f06041750a54ddc23677
    Size: 23.77 kB
  3. fribidi-1.0.2-1.el7.1.i686.rpm
    MD5: 1e9f93c9aea0a5ad83e01e415967310c
    SHA-256: 244f1cebeeb91539aeeeddc2591a483454875dc1df5f656e0f4d7bed532fd8b1
    Size: 78.64 kB
  4. fribidi-devel-1.0.2-1.el7.1.i686.rpm
    MD5: 47b6019ea7d42f268930df04731d4919
    SHA-256: ad2a79c2fb2755a687aae8e67c21a8c9d6294414509bd2eb0efcceab3605ad3a
    Size: 23.81 kB
Copyright© 2007-2015 Asianux. All rights reserved.