USN-3067-1: HarfBuzz vulnerabilities<\/p>\n
24th August, 2016<\/em><\/p>\n A security issue affects these releases of Ubuntu and its HarfBuzz could be made to crash or run programs as your login if it Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A It was discovered that HarfBuzz incorrectly handled certain length checks. The problem can be corrected by updating your system to the following To update your system, please follow these instructions: After a standard system update you need to restart your session to make CVE-2015-8947<\/a>, <\/p>\n CVE-2016-2052<\/a><\/p>\n Source: USN-3067-1: HarfBuzz vulnerabilities<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" USN-3067-1: HarfBuzz vulnerabilities Ubuntu Security Notice USN-3067-1 24th August, 2016 harfbuzz vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary HarfBuzz could be made to crash or run programs as your login if it processed specially crafted data. Software description harfbuzz – OpenType text shaping engine Details Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. Aremote attacker could use this issue to cause HarfBuzz to crash, resultingin a denial of service, or possibly execute arbitrary code. (CVE-2015-8947) It was discovered that HarfBuzz incorrectly handled certain length checks.A remote attacker could use this issue to cause HarfBuzz to crash,resulting in a denial of service, or possibly execute arbitrary code.This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2052) Update instructions The problem can be corrected by updating your system to the following [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-9666","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/9666","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=9666"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/9666\/revisions"}],"predecessor-version":[{"id":9667,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/9666\/revisions\/9667"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=9666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=9666"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=9666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}harfbuzz vulnerabilities<\/h3>\n
\n derivatives:<\/p>\n\n
Summary<\/h3>\n
\nprocessed specially crafted data.\n<\/p>\nSoftware description<\/h3>\n
\n
\n – OpenType text shaping engine<\/p>\n<\/li>\n<\/ul>\nDetails<\/h3>\n
remote attacker could use this issue to cause HarfBuzz to crash, resulting
in a denial of service, or possibly execute arbitrary code. (CVE-2015-8947<\/a>)<\/p>\n
A remote attacker could use this issue to cause HarfBuzz to crash,
resulting in a denial of service, or possibly execute arbitrary code.
This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2052<\/a>)<\/p>\nUpdate instructions<\/h3>\n
\npackage version:<\/p>\n\n
\n
\n 1.0.1-1ubuntu0.1<\/a>
\n <\/span>\n <\/dd>\n
\n
\n 0.9.27-1ubuntu1.1<\/a>
\n <\/span>\n <\/dd>\n<\/dl>\n
\nhttps:\/\/wiki.ubuntu.com\/Security\/Upgrades<\/a>.\n<\/p>\n
all the necessary changes.<\/p>\nReferences<\/h3>\n