Alex Murray

**Name of the Vulnerable Software and Affected Versions** snap (affected versions not specified) **Description** A malicious snap could inject contents into the input of the controlling terminal using the TIOCLINUX ioctl request, allowing it to execute arbitrary commands outside of the snap sandbox after the snap exits. This issue can only be exploited when snaps are run on a virtual console, and graphical terminal emulators like xterm and gnome-terminal are not affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU FriBidi versions 1.0.7 and earlier **Description** A buffer overflow in the `fribidi get par embedding levels ex()` function allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user. This issue affects applications that use FriBidi for text layout calculations, such as GNOME or GTK+ based applications that use Pango for text layout. Examples of exploitation include constructing a crafted text file to be opened in GEdit or a crafted IRC message to be viewed in HexChat. **Recommendations** For GNU FriBidi versions 1.0.7 and earlier, consider updating to a version later than 1.0.7 to resolve the issue. As a temporary workaround, consider restricting the use of the `fribidi get par embedding levels ex()` function until a patch is available. Avoid using applications that rely on FriBidi for text layout calculations with untrusted text content until the issue is resolved.