USN-3067-1 HarfBuzz vulnerabilities
Severity
Medium
References
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Vulnerable cflinuxfs2 versions listed here.
- PCF Elastic Runtime:
- 1.6.x versions prior to 1.6.58
- 1.7.x versions prior to 1.7.39
- 1.8.x versions prior to 1.8.20
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading to cflinuxfs2 versions listed here.
- Upgrade Pivotal products using older cflinuxfs2 versions to new versions mentioned above. On the Pivotal Network product page for each release, check the Depends On section and/or Release Notes for this information.
- Upgrade PCF Elastic Runtime:
- Upgrade all lower versions of 1.6.x to 1.6.58
- Upgrade all lower versions of 1.7.x to 1.7.39
- Upgrade all lower versions of 1.8.x to 1.8.20