漏洞信息

It was discovered that HarfBuzz incorrectly handled memory.

It was discovered that HarfBuzz incorrectly handled certain length checks.

漏洞危害

A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8947)

A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2052)

解决方案

Refer to Ubuntu advisory USN-3067-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3067-1: 16.04 (Xenial) on src (libharfbuzz0b)

USN-3067-1: 14.04 (Kylin) on src (libharfbuzz0b)