漏洞信息
It was discovered that HarfBuzz incorrectly handled memory.
It was discovered that HarfBuzz incorrectly handled certain length checks.
漏洞危害
A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8947)
A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2052)
解決方案
Refer to Ubuntu advisory USN-3067-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3067-1: 16.04 (Xenial) on src (libharfbuzz0b)
USN-3067-1: 14.04 (Kylin) on src (libharfbuzz0b)