========================================================================== Ubuntu Security Notice USN-5922-1 March 06, 2023
fribidi vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in fribidi. Software Description: - fribidi: Free Implementation of the Unicode BiDi algorithm (utility) Details: It was discovered that FriBidi incorrectly handled the processing of input strings, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25308)It was discovered that FriBidi incorrectly validated input data to its CapRTL
unicode encoder, resulting in memory corruption. An attacker could possiblyuse this issue to cause FriBidi to crash, resulting in a denial of service, or
potentially execute arbitrary code. (CVE-2022-25309) It was discovered that FriBidi incorrectly handled empty input when removing marks from unicode strings. An attacker could possibly use this to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25310) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libfribidi-bin 0.19.7-1ubuntu0.1~esm1 libfribidi0 0.19.7-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5922-1 CVE-2022-25308, CVE-2022-25309, CVE-2022-25310
OpenPGP_signature
Description: OpenPGP digital signature
