USN-3067-1: HarfBuzz vulnerabilities
Medium
Canonical Ubuntu
Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8947)
It was discovered that HarfBuzz incorrectly handled certain length checks.A remote attacker could use this issue to cause HarfBuzz to crash,resulting in a denial of service, or possibly execute arbitrary code.This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2052)
_Severity is medium unless otherwise noted.
_
Users of affected versions should apply the following mitigation:
Kostya Serebryany