Red Hat Product Errata RHSA-2024:2980 - Security Advisory
Issued:
2024-05-22
Updated:
2024-05-22

RHSA-2024:2980 - Security Advisory

Synopsis

Moderate: harfbuzz security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for harfbuzz is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

HarfBuzz is an implementation of the OpenType Layout engine.

Security Fix(es):

  • harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2167254 - CVE-2023-25193 harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks

Red Hat Enterprise Linux for x86_64 8

SRPM
harfbuzz-1.7.5-4.el8.src.rpm SHA-256: 8565e396a739dab2a3fb4f9a9372f8b16985d3e6342c9c8ae8b76c487e4e07b5
x86_64
harfbuzz-1.7.5-4.el8.i686.rpm SHA-256: 4cbe891f7851c7d168acafd67750d8c6edd46f1378a451e4fb39a5b15f5c41b1
harfbuzz-1.7.5-4.el8.x86_64.rpm SHA-256: 90a04d6a0c81f6d7f311a7dccba1b0d146f5db315e49d304f76f4e2fc768e0c2
harfbuzz-debuginfo-1.7.5-4.el8.i686.rpm SHA-256: 43c42e6a1eb9070bd59c985269a29f868d57a267ce1fff4147626cb42a77e8a7
harfbuzz-debuginfo-1.7.5-4.el8.x86_64.rpm SHA-256: 040b4828aaf5f19f84e990679ede37d87decdbee7e4d35121f43fffe2e1f1aa1
harfbuzz-debugsource-1.7.5-4.el8.i686.rpm SHA-256: 7dfe2033fae6ff054b12ba4eb26ff3e56b060829490d7f843c6e82c2706da53c
harfbuzz-debugsource-1.7.5-4.el8.x86_64.rpm SHA-256: 911d17ffa9442284997a471837d75b26d7e8e8660419d975d187e8ffcb302d9e
harfbuzz-devel-1.7.5-4.el8.i686.rpm SHA-256: 9539211266b69ef90903155140b6dc80ee209c1127cadd2053f2328ea1581f34
harfbuzz-devel-1.7.5-4.el8.x86_64.rpm SHA-256: 9974a0a2c0cc3e982d1dc2b1d618a801d2f94b52fb665d8cecddc6250e941039
harfbuzz-devel-debuginfo-1.7.5-4.el8.i686.rpm SHA-256: e531095f97f217492e1dc543350abb4bdd7ce542efc5f4e04f4b8105553eb361
harfbuzz-devel-debuginfo-1.7.5-4.el8.x86_64.rpm SHA-256: 1b15baae1563c6f74f4aff489bd6670c389a8636efd2df5b1f0f214f1e24fcc9
harfbuzz-icu-1.7.5-4.el8.i686.rpm SHA-256: 09a1699f0a34003126a7f628bc4d5afa0b1fc447d2b77e30058d715a4e52f084
harfbuzz-icu-1.7.5-4.el8.x86_64.rpm SHA-256: ffd0800fd5dc8372ed5aa78cc7123b39997a7c8e1aff605672f15e847deb3c30
harfbuzz-icu-debuginfo-1.7.5-4.el8.i686.rpm SHA-256: 24e5ff0d4f957c14515a76ab788a9af61c0a2b56707e2819ff5671f779818543
harfbuzz-icu-debuginfo-1.7.5-4.el8.x86_64.rpm SHA-256: ea6c207f2d9392aad3715363a41e9fb4a691d037df752a320cccdaec9d31cb34

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
harfbuzz-1.7.5-4.el8.src.rpm SHA-256: 8565e396a739dab2a3fb4f9a9372f8b16985d3e6342c9c8ae8b76c487e4e07b5
s390x
harfbuzz-1.7.5-4.el8.s390x.rpm SHA-256: 20b79d317a38e1e8dc3e2c3e879a1ca988b7ac6541668106bf713ce867017e04
harfbuzz-debuginfo-1.7.5-4.el8.s390x.rpm SHA-256: 4623939049c8d4fd08ae2d4a7fba6c19e42097dc268f2c637d4a12d49930ec9c
harfbuzz-debugsource-1.7.5-4.el8.s390x.rpm SHA-256: 3ce75d0847fe0e212584f2d599c970d4f2ed75504fa530a2aa961001fcf42683
harfbuzz-devel-1.7.5-4.el8.s390x.rpm SHA-256: 9a2df20a32db7e2099d4c664d017fdbda71d9df3166517e25405bd019d2846ca
harfbuzz-devel-debuginfo-1.7.5-4.el8.s390x.rpm SHA-256: f7024cd48e5f38718a07533ff601274a801eaad31a6f31dd648ee89be9973b68
harfbuzz-icu-1.7.5-4.el8.s390x.rpm SHA-256: 8f16a0f8ac862ed4853949d902584a913f27b2aceea1368fd04308bc70c8dcec
harfbuzz-icu-debuginfo-1.7.5-4.el8.s390x.rpm SHA-256: dcbc3296f26091169197068c41477f7bee2d086b4f4d882c6a7d16ddc70b010b

Red Hat Enterprise Linux for Power, little endian 8

SRPM
harfbuzz-1.7.5-4.el8.src.rpm SHA-256: 8565e396a739dab2a3fb4f9a9372f8b16985d3e6342c9c8ae8b76c487e4e07b5
ppc64le
harfbuzz-1.7.5-4.el8.ppc64le.rpm SHA-256: 619b87b0b60548bccd134c51a50de5483a40b70e561319ff22f22270351ea3fe
harfbuzz-debuginfo-1.7.5-4.el8.ppc64le.rpm SHA-256: 52b58f44ca61161bd539dfc705dbc99da29f559c45a48ea3ca01452871157c7c
harfbuzz-debugsource-1.7.5-4.el8.ppc64le.rpm SHA-256: a720c5a909d9bd84691cd5e4bea3867fc276b5e5d20c924f8cd0fe6bc9f229a7
harfbuzz-devel-1.7.5-4.el8.ppc64le.rpm SHA-256: 4a9a9e0319335aa7e03fe6789aef96b52c3b798e4cc98a8dc4d48aa893010685
harfbuzz-devel-debuginfo-1.7.5-4.el8.ppc64le.rpm SHA-256: 8b3dae40240a47704985bdbbc87a2f7a285c8b8554c99660a1bf9ba0e421b73c
harfbuzz-icu-1.7.5-4.el8.ppc64le.rpm SHA-256: e8940e5b596870a2de714cf234c8d773a5152839a98283f6daa79afdf8787ca6
harfbuzz-icu-debuginfo-1.7.5-4.el8.ppc64le.rpm SHA-256: 79732fd1c0d7901099caf0b1d2a86d766fd721c75ba79ab650c22f9b337ed190

Red Hat Enterprise Linux for ARM 64 8

SRPM
harfbuzz-1.7.5-4.el8.src.rpm SHA-256: 8565e396a739dab2a3fb4f9a9372f8b16985d3e6342c9c8ae8b76c487e4e07b5
aarch64
harfbuzz-1.7.5-4.el8.aarch64.rpm SHA-256: 439e04fee7ad92c917adae9c2720eb0ece1948b625ae6b2c67627413cbd76447
harfbuzz-debuginfo-1.7.5-4.el8.aarch64.rpm SHA-256: 591e894754ba2becf571c226f9912dec2730c38f38e3c72cabaf65fc0551f321
harfbuzz-debugsource-1.7.5-4.el8.aarch64.rpm SHA-256: fc69915cc605ebc46628dcad559fb6f91cf15318d71aff58355c0004831b9170
harfbuzz-devel-1.7.5-4.el8.aarch64.rpm SHA-256: 62d2536e18c6268a2191928dc40cb054f73247c95c566b6718d2a7dfca0125d5
harfbuzz-devel-debuginfo-1.7.5-4.el8.aarch64.rpm SHA-256: f57124daccdd9b21d625db22fe2de6b472757eb8fd4e53308f26e85724755175
harfbuzz-icu-1.7.5-4.el8.aarch64.rpm SHA-256: 5f1cb37ff8562b996ae1b0fc5d8e559a3011de120b3644925418c1f78e203791
harfbuzz-icu-debuginfo-1.7.5-4.el8.aarch64.rpm SHA-256: 18e6ab77dc097598a0b6ee558b29be2fa83447e8e0dcefa091e322244976620e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.