advisories/25673.adv

type: security
subject: Updated fribidi packages fix security vulnerability
CVE:
 - CVE-2019-18397
src:
  7:
   core:
     - fribidi-1.0.5-2.1.mga7
description: |
  Updated fribidi packages fix security vulnerability:

  A stack buffer overflow in the fribidi_get_par_embedding_levels_ex()
  function in lib/fribidi-bidi.c of GNU FriBidi 1.0.0 through 1.0.7 allows
  an attacker to cause a denial of service or possibly execute arbitrary
  code by delivering crafted text content to a user, when this content is
  then rendered by an  application that uses FriBidi for text layout
  calculations (CVE-2019-18397).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=25673
 - https://www.openwall.com/lists/oss-security/2019/11/08/5
ID: MGASA-2019-0325
1	type: security
2	subject: Updated fribidi packages fix security vulnerability
3	CVE:
4	- CVE-2019-18397
5	src:
6	7:
7	core:
8	- fribidi-1.0.5-2.1.mga7
9	description: \|
10	Updated fribidi packages fix security vulnerability:
11
12	A stack buffer overflow in the fribidi_get_par_embedding_levels_ex()
13	function in lib/fribidi-bidi.c of GNU FriBidi 1.0.0 through 1.0.7 allows
14	an attacker to cause a denial of service or possibly execute arbitrary
15	code by delivering crafted text content to a user, when this content is
16	then rendered by an application that uses FriBidi for text layout
17	calculations (CVE-2019-18397).
18	references:
19	- https://bugs.mageia.org/show_bug.cgi?id=25673
20	- https://www.openwall.com/lists/oss-security/2019/11/08/5
21	ID: MGASA-2019-0325