Lucene search

K
cloudfoundryCloud FoundryCFOUNDRY:C56ECBDA617677ED21A0A38AF5AA46D7
HistoryDec 19, 2016 - 12:00 a.m.

USN-3067-1: HarfBuzz vulnerabilities | Cloud Foundry

2016-12-1900:00:00
Cloud Foundry
www.cloudfoundry.org
16

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.039 Low

EPSS

Percentile

91.7%

USN-3067-1: HarfBuzz vulnerabilities

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Ubuntu 14.04 LTS

Description

Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8947)

It was discovered that HarfBuzz incorrectly handled certain length checks.A remote attacker could use this issue to cause HarfBuzz to crash,resulting in a denial of service, or possibly execute arbitrary code.This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2052)

Affected Products and Versions

_Severity is medium unless otherwise noted.
_

  • All versions of Cloud Foundry cflinuxfs2 prior to v.1.78.0

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.78.0 or later versions

Credit

Kostya Serebryany

References

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.039 Low

EPSS

Percentile

91.7%

Related for CFOUNDRY:C56ECBDA617677ED21A0A38AF5AA46D7