Lucene search
AlmaLinuxALSA-2024:2410HistoryApr 30, 2024 - 12:00 a.m.
Moderate: harfbuzz security update
2024-04-3000:00:00
errata.almalinux.org
11
harfbuzz
security update
o(n^2) growth
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.6%
HarfBuzz is an implementation of the OpenType Layout engine.
Security Fix(es):
- harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | i686 | harfbuzz-devel | < 2.7.4-10.el9 | harfbuzz-devel-2.7.4-10.el9.i686.rpm |
| almalinux | 9 | i686 | harfbuzz-icu | < 2.7.4-10.el9 | harfbuzz-icu-2.7.4-10.el9.i686.rpm |
| almalinux | 9 | ppc64le | harfbuzz-icu | < 2.7.4-10.el9 | harfbuzz-icu-2.7.4-10.el9.ppc64le.rpm |
| almalinux | 9 | ppc64le | harfbuzz-devel | < 2.7.4-10.el9 | harfbuzz-devel-2.7.4-10.el9.ppc64le.rpm |
| almalinux | 9 | x86_64 | harfbuzz-icu | < 2.7.4-10.el9 | harfbuzz-icu-2.7.4-10.el9.x86_64.rpm |
| almalinux | 9 | x86_64 | harfbuzz-devel | < 2.7.4-10.el9 | harfbuzz-devel-2.7.4-10.el9.x86_64.rpm |
| almalinux | 9 | aarch64 | harfbuzz-devel | < 2.7.4-10.el9 | harfbuzz-devel-2.7.4-10.el9.aarch64.rpm |
| almalinux | 9 | aarch64 | harfbuzz-icu | < 2.7.4-10.el9 | harfbuzz-icu-2.7.4-10.el9.aarch64.rpm |
| almalinux | 9 | i686 | harfbuzz | < 2.7.4-10.el9 | harfbuzz-2.7.4-10.el9.i686.rpm |
| almalinux | 9 | ppc64le | harfbuzz | < 2.7.4-10.el9 | harfbuzz-2.7.4-10.el9.ppc64le.rpm |
Related
alpinelinux
alpinelinux
CVE-2023-25193
2023-02-04 20:15:08
osv
osv
CVE-2023-25193
2023-02-04 20:15:08
Moderate: harfbuzz security update
2024-04-30 00:00:00
Moderate: harfbuzz security update
2024-05-22 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for harfbuzz (EulerOS-SA-2023-3129)
2023-11-09 00:00:00
Huawei EulerOS: Security Advisory for harfbuzz (EulerOS-SA-2023-3432)
2023-12-15 00:00:00
Huawei EulerOS: Security Advisory for harfbuzz (EulerOS-SA-2024-1652)
2024-05-16 00:00:00
nessus
nessus
RHEL 9 : harfbuzz (RHSA-2024:2410)
2024-04-30 00:00:00
EulerOS 2.0 SP10 : harfbuzz (EulerOS-SA-2023-1977)
2023-05-17 00:00:00
CentOS 8 : harfbuzz (CESA-2024:2980)
2024-05-22 00:00:00
cve
cve
CVE-2023-25193
2023-02-04 20:15:08
fedora
fedora
[SECURITY] Fedora 38 Update: harfbuzz-7.0.1-2.fc38
2023-03-14 03:31:51
[SECURITY] Fedora 38 Update: cairo-1.17.8-2.fc38
2023-03-14 03:31:48
[SECURITY] Fedora 38 Update: freetype-2.13.0-2.fc38
2023-03-14 03:31:50
cvelist
cvelist
CVE-2023-25193
2023-02-04 00:00:00
ubuntucve
ubuntucve
CVE-2023-25193
2023-02-04 00:00:00
f5
f5
K000135674 : HarfBuzz vulnerability CVE-2023-25193
2023-07-31 00:00:00
oraclelinux
oraclelinux
harfbuzz security update
2024-05-23 00:00:00
harfbuzz security update
2024-05-02 00:00:00
java-11-openjdk security and bug fix update
2023-07-28 00:00:00
nvd
nvd
CVE-2023-25193
2023-02-04 20:15:08
redos
redos
ROS-20240329-19
2024-03-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-25193 affecting package mozjs60 60.9.0-13
2024-06-19 15:17:25
CVE-2023-25193 affecting package harfbuzz 2.6.4-4
2023-03-16 03:40:02
CVE-2023-25193 affecting package harfbuzz for versions less than 3.4.0-3
2023-03-09 00:24:20
redhatcve
redhatcve
CVE-2023-25193
2023-02-06 04:26:12
veracode
veracode
Denial Of Service (DoS)
2023-02-09 17:06:41
redhat
redhat
(RHSA-2024:2410) Moderate: harfbuzz security update
2024-04-30 06:15:38
(RHSA-2024:2980) Moderate: harfbuzz security update
2024-05-22 06:35:15
(RHSA-2023:4175) Moderate: java-11-openjdk security and bug fix update
2023-07-20 11:24:08
debiancve
debiancve
CVE-2023-25193
2023-02-04 20:15:08
prion
prion
Code injection
2023-02-04 20:15:00
almalinux
almalinux
Moderate: harfbuzz security update
2024-05-22 00:00:00
Moderate: java-11-openjdk security and bug fix update
2023-07-20 00:00:00
Moderate: java-11-openjdk security and bug fix update
2023-07-20 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0339
2023-02-23 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0538
2023-02-26 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility
2023-06-12 22:12:59
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data
2023-09-08 08:48:17
Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime
2023-06-05 13:46:32
ubuntu
ubuntu
OpenJDK vulnerabilities
2023-08-01 00:00:00
OpenJDK regression
2023-08-30 00:00:00
OpenJDK 20 vulnerabilities
2023-08-03 00:00:00
amazon
amazon
Medium: java-11-amazon-corretto
2023-07-17 17:39:00
Medium: java-17-amazon-corretto
2023-07-17 17:39:00
Important: thunderbird
2023-03-02 22:36:00
kaspersky
kaspersky
KLA51006 Multiple vulnerabilities in Oracle Java SE and GraalVM
2023-07-18 00:00:00
mageia
mageia
Updated java packages fix security vulnerabilities
2023-09-30 22:15:40
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.6%
Related for ALSA-2024:2410