Cloud Foundry Logo

USN-3067-1: HarfBuzz vulnerabilities

By: | December 19, 2016

Share

USN-3067-1: HarfBuzz vulnerabilities

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Ubuntu 14.04 LTS

Description

Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8947)

It was discovered that HarfBuzz incorrectly handled certain length checks.A remote attacker could use this issue to cause HarfBuzz to crash,resulting in a denial of service, or possibly execute arbitrary code.This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2052)

Affected Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs2 prior to v.1.78.0

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.78.0 or later versions

Credit

Kostya Serebryany

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES