Bug 1301553 (CVE-2015-8947, CVE-2016-2052) - CVE-2016-2052 CVE-2015-8947 chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
Summary: CVE-2016-2052 CVE-2015-8947 chromium-browser: Multiple unspecified vulnerabil...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-8947, CVE-2016-2052
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Engineering1301555 Engineering1301556 1358575 1358576 1358577
Blocks: Embargoed1301530
TreeView+ depends on / blocked
 
Reported: 2016-01-25 11:31 UTC by Adam Mariš
Modified: 2019-09-29 13:42 UTC (History)
2 users (show)

Fixed In Version: chromium-browser 48.0.2564.82
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 02:47:41 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0072 0 normal SHIPPED_LIVE Important: chromium-browser security update 2016-01-27 16:26:55 UTC

Description Adam Mariš 2016-01-25 11:31:38 UTC 
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6 were found, as used in Google Chrome before 48.0.2564.82, allowing attackers to cause a denial of service or possibly have other impact via unknown vectors.

Upstream tracking bug:

https://code.google.com/p/chromium/issues/detail?id=544270
Comment 2 errata-xmlrpc 2016-01-27 11:28:18 UTC 
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2016:0072 https://rhn.redhat.com/errata/RHSA-2016-0072.html
Comment 3 Huzaifa S. Sidhpurwala 2016-03-14 05:41:18 UTC 
This CVE was assigned to "Update harfbuzz to 1.0.6" in chromium browser. (As referenced by the comment #0 above). When investigating this issue it seems all the issues fixed in 1.0.5 and subsequent 1.0.6 are linked to their fuzzing initiative as obvious from https://github.com/behdad/harfbuzz/issues/139.

Several flaws were fixed, which include:

Several heap-based buffer overflows at:
https://github.com/behdad/harfbuzz/issues/139#issuecomment-146984679
https://github.com/behdad/harfbuzz/issues/139#issuecomment-147616887
https://github.com/behdad/harfbuzz/issues/139#issuecomment-148289957
https://github.com/behdad/harfbuzz/issues/156

And a few other assorted flaws (some of them may have a non-security impact)
Comment 4 Huzaifa S. Sidhpurwala 2016-07-14 06:19:01 UTC 
Send a CVE request to MITRE at:

http://www.openwall.com/lists/oss-security/2016/07/14/1
Comment 5 Adam Mariš 2016-07-19 10:55:45 UTC 
CVE-2015-8947 was assigned by MITRE:

http://seclists.org/oss-sec/2016/q3/107

to issue fixed by following commit:

https://github.com/behdad/harfbuzz/commit/f96664974774bfeb237a7274f512f64aaafb201e
Comment 6 Huzaifa S. Sidhpurwala 2016-07-21 03:47:28 UTC 
Further to comment #5, the following commit was assigned to CVE-2016-2052:

https://github.com/behdad/harfbuzz/commit/63ef0b41dc48d6112d1918c1b1de9de8ea90adb5

while CVE-2015-8947 has been assigned to:

https://github.com/behdad/harfbuzz/commit/f96664974774bfeb237a7274f512f64aaafb201e
Comment 7 Huzaifa S. Sidhpurwala 2016-07-21 03:54:02 UTC 
Created mingw-harfbuzz tracking bugs for this issue:

Affects: fedora-all [bug 1358576]
Comment 8 Huzaifa S. Sidhpurwala 2016-07-21 03:54:14 UTC 
Created harfbuzz tracking bugs for this issue:

Affects: fedora-all [bug 1358575]
Affects: epel-7 [bug 1358577]
Note You need to log in before you can comment on or make changes to this bug.