[USN-7214-1] HarfBuzz vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmeJPwAFAwAAAAAACgkQZWnYVadEvpOw
2A/8CR/dtvNfq3zqgMTJdMYvLHnIas2aM4eV3Hdjut6+tdEJGXJCHkFoiSFApZUvo6iVp943abYv
FaOcF9o6/k9/RF82W3QLrLRzrPJ41JE+sUaRvWDnZYOr6c8qcpijvqILP3Tg3+/eebj3Ixp7AaSh
uAw666DkCCv5jCDAgS9L7a1ZC//YORU4YRjd2j5rScdn4acUOUCD9Y5GfNwBZitgzYiDc1oLlK9d
Lu3Fpu24Aryut0t/pcTzH3iNYBiDw8dJz0Iti/OFBETnhSCjgU/hGCRzSWxq2cvShUqD12dOvGOe
N6f78H+QaQXSplxD8k2y0dNbh6/H2h8109fNEe3mE+MNJL1jaN41zUZPAA/xFLt28SpRfm+NY0YP
2dK6FzrkQxb4anFD/vOqh3vAYbEg/AcLENf0LpFa/OgoVyF+qbBq+mqh/BEBSATekVnhSMKJk9nn
hyDcJ4429jEYvAouXluQRaMBn5eP0XWzGggLxHpVbveSxfs/c/MaAkBt/TAIEbNL1TyyU/ENPqUC
BzJFfnIkacmg2L4tiHFNJ9m2O1FYJiIreeKP4Tt7D2x/8Uo0nSbBbHoMOOGJTE05tIct0srMcJsB
jkz8CQkKZfkhDNtBTs1lPX3wJJC7FoiINEaUgkfyyg60v1EmzA5Bo5nSUVnEHU1SqmrqJ8Nl7ofX
ro4=
=k2b3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7214-1
January 16, 2025

harfbuzz vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10

Summary:

HarfBuzz could be made to crash or run programs as your login if it opened
a specially crafted file.

Software Description:
- harfbuzz: OpenType text shaping engine

Details:

It was discovered that HarfBuzz incorrecty handled certain memory
operations. A remote attacker could use this issue to cause HarfBuzz to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
libharfbuzz-cairo0 9.0.0-1ubuntu0.1
libharfbuzz0b 9.0.0-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7214-1
CVE-2024-56732

Package Information:
https://launchpad.net/ubuntu/+source/harfbuzz/9.0.0-1ubuntu0.1