lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100320094128.GA9925@SD6-Casa.iuculano.it>
Date: Sat, 20 Mar 2010 10:41:28 +0100
From: Giuseppe Iuculano <iuculano@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA-2019-1] New pango1.0 packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2019-1                  security@...ian.org
http://www.debian.org/security/                        Giuseppe Iuculano
March 20, 2010                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : pango1.0
Vulnerability  : missing input sanitization
Problem type   : local
Debian-specific: no
CVE Id         : CVE-2010-0421
Debian Bug     : 574021


Marc Schoenefeld discovered an improper input sanitization in Pango, a library
for layout and rendering of text, leading to array indexing error.
If a local user was tricked into loading a specially-crafted font file in an
application, using the Pango font rendering library, it could lead to denial
of service (application crash).


For the stable distribution (lenny), this problem has been fixed in
version 1.20.5-5+lenny1.

For the testing distribution (squeeze), and the unstable distribution (sid),
this problem will be fixed soon.


We recommend that you upgrade your pango1.0 package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-5+lenny1.diff.gz
    Size/MD5 checksum:    30609 59b83220ce8e5663d1576c9c62cda04f
  http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5.orig.tar.gz
    Size/MD5 checksum:  2071747 e0fac4c2c99d903fdec3f8db60107f36
  http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-5+lenny1.dsc
    Size/MD5 checksum:     1647 65108152472b632d5214ba3eed1191f9

Architecture independent packages:

  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-doc_1.20.5-5+lenny1_all.deb
    Size/MD5 checksum:   286750 df6f2e6739297305f301a9b21519d32c
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-common_1.20.5-5+lenny1_all.deb
    Size/MD5 checksum:    64556 b50adb928602040044cc0469b210dc16

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_alpha.deb
    Size/MD5 checksum:   745248 61d6362508bd71cd4b004a738e4c31ca
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_alpha.deb
    Size/MD5 checksum:   330236 6be814261efaebc114e24c0d24c13961
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_alpha.deb
    Size/MD5 checksum:   482252 250d036225f0491603ba626c616ca417
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_alpha.udeb
    Size/MD5 checksum:   248888 d30040b2adc49c49d4b5fb717bd2d6e7

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_amd64.deb
    Size/MD5 checksum:   313884 c5cd8547145346dd056bce5f92c81239
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_amd64.udeb
    Size/MD5 checksum:   231696 b66e53a57fb589206d9f37639483598f
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_amd64.deb
    Size/MD5 checksum:   773310 4dd3cabefa6f6b2e8b6e34cb045c4195
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_amd64.deb
    Size/MD5 checksum:   391668 53fbb1fcaf8cb934b91721e4d667655c

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_arm.deb
    Size/MD5 checksum:   353604 6269283d3ac3b7ecce8b62fa613f9378
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_arm.udeb
    Size/MD5 checksum:   201398 0b0d5213871ca9c32b29e16622d73f5b
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_arm.deb
    Size/MD5 checksum:   729718 1d6768b00081c9ef41c11b8552829b66
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_arm.deb
    Size/MD5 checksum:   275910 97b80dfc9c2f89e3e857fa9947c55c1c

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_armel.udeb
    Size/MD5 checksum:   206934 d9859806eea30ada69030c58d50fac03
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_armel.deb
    Size/MD5 checksum:   285434 d8d6084f4c48aed618e724d4d4ed4e2f
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_armel.deb
    Size/MD5 checksum:   358140 d27e89870f2d1873f90bf7d554e1f66a
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_armel.deb
    Size/MD5 checksum:   733654 8f21507434bda7f6d77b2c879be87851

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_hppa.udeb
    Size/MD5 checksum:   237174 1b4117c68966b0335ad3dfa7b4cad6fb
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_hppa.deb
    Size/MD5 checksum:   322832 4699f185ec14679e626c4311a8f591ff
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_hppa.deb
    Size/MD5 checksum:   741646 d78cb359694f7e8544e9fb6d41ed09f2
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_hppa.deb
    Size/MD5 checksum:   415350 d2760ef481ab68c38a1e40a8e5c49dc8

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
    Size/MD5 checksum:   213822 0a8a83f93880866b00af792b415ac977
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_i386.deb
    Size/MD5 checksum:   350456 a0dd849fc1ff64d445b04e8f2e936872
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_i386.deb
    Size/MD5 checksum:   285456 9347047a1ea7fda4d856670254c3c31c
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
    Size/MD5 checksum:   719590 8991fef0ff79ca19bac8094d1bc2b3c8

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_ia64.deb
    Size/MD5 checksum:   725572 674109bd5c337f54eeef5ed226cb7bb2
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_ia64.deb
    Size/MD5 checksum:   540052 6cbf68b7abe09595b653fc435b5823cc
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_ia64.deb
    Size/MD5 checksum:   423908 ece61c77baafe5d2ba730d2e7ccb342b
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_ia64.udeb
    Size/MD5 checksum:   323424 7b692636369cb651bd796a9f07cfc8d0

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_mipsel.udeb
    Size/MD5 checksum:   215044 b9ca98745c44500b220a4df6b024a735
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_mipsel.deb
    Size/MD5 checksum:   290142 20abb28e302f0bcc696dd904cba6bbfb
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_mipsel.deb
    Size/MD5 checksum:   413216 f184df8b21ea183093695de21f4cd804
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_mipsel.deb
    Size/MD5 checksum:   757834 b4aa292a5b00dc66ec4d490c8a486a95

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_powerpc.deb
    Size/MD5 checksum:   306284 9da4961c23dcc088d429db3a7149c3bb
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_powerpc.deb
    Size/MD5 checksum:   776236 1442d9e2bacafc9cd7c6301a0d350361
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_powerpc.udeb
    Size/MD5 checksum:   225654 982535d3252489c7304019d1c53484c5
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_powerpc.deb
    Size/MD5 checksum:   399104 a0926ea49cffad1bef68a4ffd95bd44f

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_s390.deb
    Size/MD5 checksum:   763014 9a698aa59795b72bfeb4e18f55d64d4b
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_s390.udeb
    Size/MD5 checksum:   238214 012b5bf4741bbf1c72666fcaf0d41b9f
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_s390.deb
    Size/MD5 checksum:   318132 1697771a8463f4ab5f152283d2480037
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_s390.deb
    Size/MD5 checksum:   385170 5e936bd520668b79ccac11c20fe3623c

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_sparc.deb
    Size/MD5 checksum:   366686 8be8cc5efb6a65243e84d86beae4af33
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_sparc.deb
    Size/MD5 checksum:   282678 6e4007c50b7f735ee638529e0996bebc
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_sparc.udeb
    Size/MD5 checksum:   206320 e6a428677a9786050b3f100a0567009f
  http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_sparc.deb
    Size/MD5 checksum:   682854 e20b63f8654edf23739af8f352590683


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkukmEgACgkQNxpp46476ar0WgCeOZys7vC0Rj94v6g+9q7f+uYf
6A0An3oVkkTzlrTq3l6mPH83IvoTXpym
=grc1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ