fribidi-1.0.2-1.el7.1
エラータID: AXSA:2019-4416:01
リリース日:
2019/12/21 Saturday - 00:47
題名:
fribidi-1.0.2-1.el7.1
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- fribidiには、巧妙に細工されたテキスト内容を渡すことによって、
この内容がテキストのレイアウト計算のために fribidi を使うアプリケーション
によってレンダリングされたときに、バッファオーバーフローを起こすため、
攻撃者がサービス拒否攻撃や任意コード実行が可能な脆弱性があります。
(CVE-2019-18397)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-18397
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.
追加情報:
N/A
ダウンロード:
SRPMS
- fribidi-1.0.2-1.el7.1.src.rpm
MD5: f5c3f7cfa9a9caa6a5a7f1ae2e3d9701
SHA-256: 77b27dd840a9827f81bb88469545b2a73700b7e15f8a97bdc668cfc2791afd5a
Size: 1.33 MB
Asianux Server 7 for x86_64
- fribidi-1.0.2-1.el7.1.x86_64.rpm
MD5: 051e5d23d86d037aadfe3bc3d29d7f2c
SHA-256: ddeacc6a8536dff6dac6254487078daad96825c6b627e378bcc970f6ef8b0a35
Size: 78.55 kB - fribidi-devel-1.0.2-1.el7.1.x86_64.rpm
MD5: 5f4a2fa3b5cba5eb39bc573adb1eff1a
SHA-256: 0153841642d3f349be61b47af75e55d4309d7c4cd139f06041750a54ddc23677
Size: 23.77 kB - fribidi-1.0.2-1.el7.1.i686.rpm
MD5: 1e9f93c9aea0a5ad83e01e415967310c
SHA-256: 244f1cebeeb91539aeeeddc2591a483454875dc1df5f656e0f4d7bed532fd8b1
Size: 78.64 kB - fribidi-devel-1.0.2-1.el7.1.i686.rpm
MD5: 47b6019ea7d42f268930df04731d4919
SHA-256: ad2a79c2fb2755a687aae8e67c21a8c9d6294414509bd2eb0efcceab3605ad3a
Size: 23.81 kB