hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361
Created chromium tracking bugs for this issue: Affects: fedora-all [bug 2167630] Created harfbuzz tracking bugs for this issue: Affects: fedora-all [bug 2167631] Created mingw-harfbuzz tracking bugs for this issue: Affects: fedora-all [bug 2167632]
Created chromium tracking bugs for this issue: Affects: epel-8 [bug 2173489]
*** Bug 2221619 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4170 https://access.redhat.com/errata/RHSA-2023:4170
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4171 https://access.redhat.com/errata/RHSA-2023:4171
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:4165 https://access.redhat.com/errata/RHSA-2023:4165
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:4162 https://access.redhat.com/errata/RHSA-2023:4162
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4164 https://access.redhat.com/errata/RHSA-2023:4164
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4157 https://access.redhat.com/errata/RHSA-2023:4157
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4169 https://access.redhat.com/errata/RHSA-2023:4169
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4163 https://access.redhat.com/errata/RHSA-2023:4163
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.20 Via RHSA-2023:4161 https://access.redhat.com/errata/RHSA-2023:4161
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.20 Via RHSA-2023:4208 https://access.redhat.com/errata/RHSA-2023:4208
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.8 Via RHSA-2023:4210 https://access.redhat.com/errata/RHSA-2023:4210
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.8 Via RHSA-2023:4211 https://access.redhat.com/errata/RHSA-2023:4211
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4177 https://access.redhat.com/errata/RHSA-2023:4177
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4158 https://access.redhat.com/errata/RHSA-2023:4158
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4159 https://access.redhat.com/errata/RHSA-2023:4159
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4175 https://access.redhat.com/errata/RHSA-2023:4175
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-25193
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:4233 https://access.redhat.com/errata/RHSA-2023:4233
OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/63cb8a108659ec3ba97b2ff3c9267cb36c0a1d46 OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/f969f811a71603f39e4ab42f1362271b7a4d303d
Oracle CPU July 2023: https://www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA Fixed in Oracle Java SE 11.0.20, 17.0.8, 20.0.2. Release notes: https://www.oracle.com/java/technologies/javase/11-0-20-relnotes.html https://www.oracle.com/java/technologies/javase/17-0-8-relnotes.html https://www.oracle.com/java/technologies/javase/20-0-2-relnotes.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2410 https://access.redhat.com/errata/RHSA-2024:2410
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2980 https://access.redhat.com/errata/RHSA-2024:2980