Advisories » MGASA-2019-0325

Updated fribidi packages fix security vulnerability

Publication date: 14 Nov 2019
Modification date: 14 Nov 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-18397

Description

Updated fribidi packages fix security vulnerability:

A stack buffer overflow in the fribidi_get_par_embedding_levels_ex()
function in lib/fribidi-bidi.c of GNU FriBidi 1.0.0 through 1.0.7 allows
an attacker to cause a denial of service or possibly execute arbitrary
code by delivering crafted text content to a user, when this content is
then rendered by an  application that uses FriBidi for text layout
calculations (CVE-2019-18397).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25673
• https://www.openwall.com/lists/oss-security/2019/11/08/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18397

SRPMS

7/core

• fribidi-1.0.5-2.1.mga7