Bugzilla – Bug 1196148
VUL-0: CVE-2022-25309: fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode
Last modified: 2022-06-09 13:23:21 UTC
rh#2047896 A heap based buffer overflow was found in fribidi_cap_rtl_to_unicode. References: https://bugzilla.redhat.com/show_bug.cgi?id=2047896 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25309 https://github.com/fribidi/fribidi/issues/182
Affected: - SUSE:SLE-11:Update - SUSE:SLE-12:Update - SUSE:SLE-15:Update - SUSE:SLE-15-SP2:Update - SUSE:SLE-15-SP4:Update - openSUSE:Factory Fix PR: https://github.com/fribidi/fribidi/pull/185
Fixed in: https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3
SUSE-SU-2022:1844-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1196147,1196148,1196150 CVE References: CVE-2022-25308,CVE-2022-25309,CVE-2022-25310 JIRA References: Sources used: openSUSE Leap 15.3 (src): fribidi-1.0.5-150200.3.6.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): fribidi-1.0.5-150200.3.6.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): fribidi-1.0.5-150200.3.6.1 SUSE Linux Enterprise Micro 5.2 (src): fribidi-1.0.5-150200.3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1845-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1196147,1196148,1196150 CVE References: CVE-2022-25308,CVE-2022-25309,CVE-2022-25310 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): fribidi-0.19.2-14.3.1 SUSE Linux Enterprise Server 12-SP5 (src): fribidi-0.19.2-14.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1898-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1196147,1196148,1196150 CVE References: CVE-2022-25308,CVE-2022-25309,CVE-2022-25310 JIRA References: Sources used: openSUSE Leap 15.4 (src): fribidi-1.0.10-150400.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): fribidi-1.0.10-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): fribidi-1.0.10-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2029-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1196147,1196148,1196150 CVE References: CVE-2022-25308,CVE-2022-25309,CVE-2022-25310 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): fribidi-0.19.6-150000.3.3.1 SUSE Linux Enterprise Server for SAP 15 (src): fribidi-0.19.6-150000.3.3.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): fribidi-0.19.6-150000.3.3.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): fribidi-0.19.6-150000.3.3.1 SUSE Linux Enterprise Server 15-LTSS (src): fribidi-0.19.6-150000.3.3.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): fribidi-0.19.6-150000.3.3.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): fribidi-0.19.6-150000.3.3.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): fribidi-0.19.6-150000.3.3.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): fribidi-0.19.6-150000.3.3.1 SUSE Enterprise Storage 6 (src): fribidi-0.19.6-150000.3.3.1 SUSE CaaS Platform 4.0 (src): fribidi-0.19.6-150000.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.