Bug 1301553 (CVE-2015-8947, CVE-2016-2052)

Summary: CVE-2016-2052 CVE-2015-8947 chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: slawomir, tpopela
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20160124,reported=20160125,source=cve,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-6/chromium-browser=affected,rhel-7/harfbuzz=wontfix,fedora-all/harfbuzz=affected,fedora-all/mingw-harfbuzz=affected,epel-7/harfbuzz=affected
Fixed In Version: chromium-browser 48.0.2564.82 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:47:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1358576, 1301555, 1301556, 1358575, 1358577    
Bug Blocks: 1301530    

Description Adam Mariš 2016-01-25 11:31:38 UTC
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6 were found, as used in Google Chrome before 48.0.2564.82, allowing attackers to cause a denial of service or possibly have other impact via unknown vectors.

Upstream tracking bug:

https://code.google.com/p/chromium/issues/detail?id=544270

Comment 2 errata-xmlrpc 2016-01-27 11:28:18 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2016:0072 https://rhn.redhat.com/errata/RHSA-2016-0072.html

Comment 3 Huzaifa S. Sidhpurwala 2016-03-14 05:41:18 UTC
This CVE was assigned to "Update harfbuzz to 1.0.6" in chromium browser. (As referenced by the comment #0 above). When investigating this issue it seems all the issues fixed in 1.0.5 and subsequent 1.0.6 are linked to their fuzzing initiative as obvious from https://github.com/behdad/harfbuzz/issues/139.

Several flaws were fixed, which include:

Several heap-based buffer overflows at:
https://github.com/behdad/harfbuzz/issues/139#issuecomment-146984679
https://github.com/behdad/harfbuzz/issues/139#issuecomment-147616887
https://github.com/behdad/harfbuzz/issues/139#issuecomment-148289957
https://github.com/behdad/harfbuzz/issues/156

And a few other assorted flaws (some of them may have a non-security impact)

Comment 4 Huzaifa S. Sidhpurwala 2016-07-14 06:19:01 UTC
Send a CVE request to MITRE at:

http://www.openwall.com/lists/oss-security/2016/07/14/1

Comment 5 Adam Mariš 2016-07-19 10:55:45 UTC
CVE-2015-8947 was assigned by MITRE:

http://seclists.org/oss-sec/2016/q3/107

to issue fixed by following commit:

https://github.com/behdad/harfbuzz/commit/f96664974774bfeb237a7274f512f64aaafb201e

Comment 6 Huzaifa S. Sidhpurwala 2016-07-21 03:47:28 UTC
Further to comment #5, the following commit was assigned to CVE-2016-2052:

https://github.com/behdad/harfbuzz/commit/63ef0b41dc48d6112d1918c1b1de9de8ea90adb5

while CVE-2015-8947 has been assigned to:

https://github.com/behdad/harfbuzz/commit/f96664974774bfeb237a7274f512f64aaafb201e

Comment 7 Huzaifa S. Sidhpurwala 2016-07-21 03:54:02 UTC
Created mingw-harfbuzz tracking bugs for this issue:

Affects: fedora-all [bug 1358576]

Comment 8 Huzaifa S. Sidhpurwala 2016-07-21 03:54:14 UTC
Created harfbuzz tracking bugs for this issue:

Affects: fedora-all [bug 1358575]
Affects: epel-7 [bug 1358577]