(RHSA-2019:4361) Important: fribidi security update

2019-12-2309:03:01

access.redhat.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.9%

JSON

A library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way, while the text data itself is always written in logical order.

Security Fix(es):

fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib/fribidi-bidi.c leading to denial of service and possible code execution (CVE-2019-18397)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8i686fribidi-debuginfo< 1.0.4-7.el8_1fribidi-debuginfo-1.0.4-7.el8_1.i686.rpm
RedHat8aarch64fribidi-debuginfo< 1.0.4-7.el8_1fribidi-debuginfo-1.0.4-7.el8_1.aarch64.rpm
RedHat8i686fribidi< 1.0.4-7.el8_1fribidi-1.0.4-7.el8_1.i686.rpm
RedHat8i686fribidi-debugsource< 1.0.4-7.el8_1fribidi-debugsource-1.0.4-7.el8_1.i686.rpm
RedHat8x86_64fribidi-debuginfo< 1.0.4-7.el8_1fribidi-debuginfo-1.0.4-7.el8_1.x86_64.rpm
RedHat8ppc64lefribidi-devel< 1.0.4-7.el8_1fribidi-devel-1.0.4-7.el8_1.ppc64le.rpm
RedHat8s390xfribidi< 1.0.4-7.el8_1fribidi-1.0.4-7.el8_1.s390x.rpm
RedHat8aarch64fribidi-debugsource< 1.0.4-7.el8_1fribidi-debugsource-1.0.4-7.el8_1.aarch64.rpm
RedHat8x86_64fribidi-devel< 1.0.4-7.el8_1fribidi-devel-1.0.4-7.el8_1.x86_64.rpm
RedHat8aarch64fribidi< 1.0.4-7.el8_1fribidi-1.0.4-7.el8_1.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	i686	fribidi-debuginfo	< 1.0.4-7.el8_1	fribidi-debuginfo-1.0.4-7.el8_1.i686.rpm
RedHat	8	aarch64	fribidi-debuginfo	< 1.0.4-7.el8_1	fribidi-debuginfo-1.0.4-7.el8_1.aarch64.rpm
RedHat	8	i686	fribidi	< 1.0.4-7.el8_1	fribidi-1.0.4-7.el8_1.i686.rpm
RedHat	8	i686	fribidi-debugsource	< 1.0.4-7.el8_1	fribidi-debugsource-1.0.4-7.el8_1.i686.rpm
RedHat	8	x86_64	fribidi-debuginfo	< 1.0.4-7.el8_1	fribidi-debuginfo-1.0.4-7.el8_1.x86_64.rpm
RedHat	8	ppc64le	fribidi-devel	< 1.0.4-7.el8_1	fribidi-devel-1.0.4-7.el8_1.ppc64le.rpm
RedHat	8	s390x	fribidi	< 1.0.4-7.el8_1	fribidi-1.0.4-7.el8_1.s390x.rpm
RedHat	8	aarch64	fribidi-debugsource	< 1.0.4-7.el8_1	fribidi-debugsource-1.0.4-7.el8_1.aarch64.rpm
RedHat	8	x86_64	fribidi-devel	< 1.0.4-7.el8_1	fribidi-devel-1.0.4-7.el8_1.x86_64.rpm
RedHat	8	aarch64	fribidi	< 1.0.4-7.el8_1	fribidi-1.0.4-7.el8_1.aarch64.rpm