USN-5366-1 fixed several vulnerabilities in FriBidi. This update provides the
corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that FriBidi incorrectly handled processing of input strings
resulting in memory corruption. An attacker could use this issue to cause
FriBidi to crash, resulting in a denial of service, or potentially execute
arbitrary code. (CVE-2022-25308)

It was discovered that FriBidi incorrectly validated input data to its CapRTL
unicode encoder, resulting in memory corruption. An attacker could use this
issue to cause FriBidi to crash, resulting in a denial of service, or
potentially execute arbitrary code. (CVE-2022-25309)

It was discovered that FriBidi incorrectly handled empty input when removing
marks from unicode strings, resulting in a crash. An attacker could use this
to cause FriBidi to crash, resulting in a denial of service, or potentially
execute arbitrary code. (CVE-2022-25310)

Read More

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

Read More

FEDORA-2022-1b9f9b2993

Packages in this update:

suricata-6.0.5-1.fc35

Update description:

Various security, performance, accuracy and stability issues have been fixed.

Read More

FEDORA-2022-e7bc9caf04

Packages in this update:

suricata-6.0.5-1.fc36

Update description:

Various security, performance, accuracy and stability issues have been fixed.

Read More

FEDORA-2022-a2f0201723

Packages in this update:

suricata-6.0.5-1.fc34

Update description:

Various security, performance, accuracy and stability issues have been fixed.

Read More

FEDORA-EPEL-2022-667d59a6db

Packages in this update:

suricata-5.0.9-1.el8

Update description:

Various security, performance, accuracy and stability issues have been fixed.

Read More

FEDORA-EPEL-2022-1f9a7c822c

Packages in this update:

suricata-6.0.5-1.el9

Update description:

Various security, performance, accuracy and stability issues have been fixed.

Read More

A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..’.

Read More

Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files.

Read More

It was discovered that Libcroco was incorrectly accessing data structures when
reading bytes from memory, which could cause a heap buffer overflow. An attacker
could possibly use this issue to cause a denial of service. (CVE-2017-7960)

It was discovered that Libcroco was incorrectly handling invalid UTF-8 values
when processing CSS files. An attacker could possibly use this issue to cause
a denial of service. (CVE-2017-8834, CVE-2017-8871)

It was discovered that Libcroco was incorrectly implementing recursion in one
of its parsing functions, which could cause an infinite recursion loop and a
stack overflow due to stack consumption. An attacker could possibly use this
issue to cause a denial of service. (CVE-2020-12825)

Read More