Lucene search

DebianDEBIAN:DSA-4561-1:56D39

HistoryNov 08, 2019 - 4:50 a.m.

[SECURITY] [DSA 4561-1] fribidi security update

2019-11-0804:50:08

lists.debian.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

58.9%

JSON

Debian Security Advisory DSA-4561-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
November 08, 2019 https://www.debian.org/security/faq

Package : fribidi
CVE ID : CVE-2019-18397
Debian Bug : 944327

Alex Murray discovered a stack-based buffer overflow vulnerability in
fribidi, an implementation of the Unicode Bidirectional Algorithm
algorithm, which could result in denial of service or potentially the
execution of arbitrary code, when processing a large number of unicode
isolate directional characters.

For the stable distribution (buster), this problem has been fixed in
version 1.0.5-3.1+deb10u1.

We recommend that you upgrade your fribidi packages.

For the detailed security status of fribidi please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/fribidi

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10mipslibfribidi0-dbgsym< 1.0.5-3.1+deb10u1libfribidi0-dbgsym_1.0.5-3.1+deb10u1_mips.deb
Debian10arm64libfribidi-bin-dbgsym< 1.0.5-3.1+deb10u1libfribidi-bin-dbgsym_1.0.5-3.1+deb10u1_arm64.deb
Debian10i386libfribidi-dev< 1.0.5-3.1+deb10u1libfribidi-dev_1.0.5-3.1+deb10u1_i386.deb
Debian10s390xlibfribidi0-udeb< 1.0.5-3.1+deb10u1libfribidi0-udeb_1.0.5-3.1+deb10u1_s390x.deb
Debian10armhflibfribidi0-dbgsym< 1.0.5-3.1+deb10u1libfribidi0-dbgsym_1.0.5-3.1+deb10u1_armhf.deb
Debian10amd64libfribidi0-dbgsym< 1.0.5-3.1+deb10u1libfribidi0-dbgsym_1.0.5-3.1+deb10u1_amd64.deb
Debian10s390xlibfribidi-dev< 1.0.5-3.1+deb10u1libfribidi-dev_1.0.5-3.1+deb10u1_s390x.deb
Debian10armhflibfribidi-dev< 1.0.5-3.1+deb10u1libfribidi-dev_1.0.5-3.1+deb10u1_armhf.deb
Debian10armellibfribidi-dev< 1.0.5-3.1+deb10u1libfribidi-dev_1.0.5-3.1+deb10u1_armel.deb
Debian10mips64ellibfribidi-dev< 1.0.5-3.1+deb10u1libfribidi-dev_1.0.5-3.1+deb10u1_mips64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	mips	libfribidi0-dbgsym	< 1.0.5-3.1+deb10u1	libfribidi0-dbgsym_1.0.5-3.1+deb10u1_mips.deb
Debian	10	arm64	libfribidi-bin-dbgsym	< 1.0.5-3.1+deb10u1	libfribidi-bin-dbgsym_1.0.5-3.1+deb10u1_arm64.deb
Debian	10	i386	libfribidi-dev	< 1.0.5-3.1+deb10u1	libfribidi-dev_1.0.5-3.1+deb10u1_i386.deb
Debian	10	s390x	libfribidi0-udeb	< 1.0.5-3.1+deb10u1	libfribidi0-udeb_1.0.5-3.1+deb10u1_s390x.deb
Debian	10	armhf	libfribidi0-dbgsym	< 1.0.5-3.1+deb10u1	libfribidi0-dbgsym_1.0.5-3.1+deb10u1_armhf.deb
Debian	10	amd64	libfribidi0-dbgsym	< 1.0.5-3.1+deb10u1	libfribidi0-dbgsym_1.0.5-3.1+deb10u1_amd64.deb
Debian	10	s390x	libfribidi-dev	< 1.0.5-3.1+deb10u1	libfribidi-dev_1.0.5-3.1+deb10u1_s390x.deb
Debian	10	armhf	libfribidi-dev	< 1.0.5-3.1+deb10u1	libfribidi-dev_1.0.5-3.1+deb10u1_armhf.deb
Debian	10	armel	libfribidi-dev	< 1.0.5-3.1+deb10u1	libfribidi-dev_1.0.5-3.1+deb10u1_armel.deb
Debian	10	mips64el	libfribidi-dev	< 1.0.5-3.1+deb10u1	libfribidi-dev_1.0.5-3.1+deb10u1_mips64el.deb