Bug 1301553 - (CVE-2015-8947, CVE-2016-2052) CVE-2016-2052 CVE-2015-8947 chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
CVE-2016-2052 CVE-2015-8947 chromium-browser: Multiple unspecified vulnerabil...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20160124,repor...
: Reopened, Security
Depends On: 1358576 1301555 1301556 1358575 1358577
Blocks: 1301530
  Show dependency treegraph
 
Reported: 2016-01-25 06:31 EST by Adam Mariš
Modified: 2016-07-21 00:25 EDT (History)
2 users (show)

See Also:
Fixed In Version: chromium-browser 48.0.2564.82
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-01-28 00:19:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2016-01-25 06:31:38 EST
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6 were found, as used in Google Chrome before 48.0.2564.82, allowing attackers to cause a denial of service or possibly have other impact via unknown vectors.

Upstream tracking bug:

https://code.google.com/p/chromium/issues/detail?id=544270
Comment 2 errata-xmlrpc 2016-01-27 06:28:18 EST
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2016:0072 https://rhn.redhat.com/errata/RHSA-2016-0072.html
Comment 3 Huzaifa S. Sidhpurwala 2016-03-14 01:41:18 EDT
This CVE was assigned to "Update harfbuzz to 1.0.6" in chromium browser. (As referenced by the comment #0 above). When investigating this issue it seems all the issues fixed in 1.0.5 and subsequent 1.0.6 are linked to their fuzzing initiative as obvious from https://github.com/behdad/harfbuzz/issues/139.

Several flaws were fixed, which include:

Several heap-based buffer overflows at:
https://github.com/behdad/harfbuzz/issues/139#issuecomment-146984679
https://github.com/behdad/harfbuzz/issues/139#issuecomment-147616887
https://github.com/behdad/harfbuzz/issues/139#issuecomment-148289957
https://github.com/behdad/harfbuzz/issues/156

And a few other assorted flaws (some of them may have a non-security impact)
Comment 4 Huzaifa S. Sidhpurwala 2016-07-14 02:19:01 EDT
Send a CVE request to MITRE at:

http://www.openwall.com/lists/oss-security/2016/07/14/1
Comment 5 Adam Mariš 2016-07-19 06:55:45 EDT
CVE-2015-8947 was assigned by MITRE:

http://seclists.org/oss-sec/2016/q3/107

to issue fixed by following commit:

https://github.com/behdad/harfbuzz/commit/f96664974774bfeb237a7274f512f64aaafb201e
Comment 6 Huzaifa S. Sidhpurwala 2016-07-20 23:47:28 EDT
Further to comment #5, the following commit was assigned to CVE-2016-2052:

https://github.com/behdad/harfbuzz/commit/63ef0b41dc48d6112d1918c1b1de9de8ea90adb5

while CVE-2015-8947 has been assigned to:

https://github.com/behdad/harfbuzz/commit/f96664974774bfeb237a7274f512f64aaafb201e
Comment 7 Huzaifa S. Sidhpurwala 2016-07-20 23:54:02 EDT
Created mingw-harfbuzz tracking bugs for this issue:

Affects: fedora-all [bug 1358576]
Comment 8 Huzaifa S. Sidhpurwala 2016-07-20 23:54:14 EDT
Created harfbuzz tracking bugs for this issue:

Affects: fedora-all [bug 1358575]
Affects: epel-7 [bug 1358577]

Note You need to log in before you can comment on or make changes to this bug.