[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MU9KK-0003ly-OX@titan.mandriva.com>
Date: Fri, 24 Jul 2009 03:12:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVA-2009:158 ] pango
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVA-2009:158
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pango
Date : July 23, 2009
Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Integer overflow in the pango_glyph_string_set_size function in
pango/glyphstring.c in Pango before 1.24 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long glyph string that triggers a
heap-based buffer overflow. This update corrects the issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
8ed2ac52ac18fa8debe4cf0d19e497c7 2008.1/i586/libpango1.0_0-1.20.0-1.1mdv2008.1.i586.rpm
430718c1ceb4b769a64aef5bd95a60b0 2008.1/i586/libpango1.0_0-modules-1.20.0-1.1mdv2008.1.i586.rpm
90e14f60562814605b6884021ae4e8eb 2008.1/i586/libpango1.0-devel-1.20.0-1.1mdv2008.1.i586.rpm
86f789f5f599d31da2dba3f5a4d457eb 2008.1/i586/pango-1.20.0-1.1mdv2008.1.i586.rpm
c7f57b7106f2affcfa9833f90a11edfb 2008.1/i586/pango-doc-1.20.0-1.1mdv2008.1.i586.rpm
1f6ea21816580571f4404a5b49b843ea 2008.1/SRPMS/pango-1.20.0-1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
67b5cc0b18d59f082cf2fbb9a4cf2153 2008.1/x86_64/lib64pango1.0_0-1.20.0-1.1mdv2008.1.x86_64.rpm
3a9e41e784c5807196ea290aa14458c6 2008.1/x86_64/lib64pango1.0_0-modules-1.20.0-1.1mdv2008.1.x86_64.rpm
8a2dbf2550af4653900562b368d84415 2008.1/x86_64/lib64pango1.0-devel-1.20.0-1.1mdv2008.1.x86_64.rpm
fc58e14c4df213c0bf693558782216d3 2008.1/x86_64/pango-1.20.0-1.1mdv2008.1.x86_64.rpm
69b9d122c29a07261bf12dd96d34acd5 2008.1/x86_64/pango-doc-1.20.0-1.1mdv2008.1.x86_64.rpm
1f6ea21816580571f4404a5b49b843ea 2008.1/SRPMS/pango-1.20.0-1.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
f220768c739dc9cae9f71de3cb43996e 2009.0/i586/libpango1.0_0-1.22.0-1.1mdv2009.0.i586.rpm
013fc29cec91e9b215394d00db29b1e7 2009.0/i586/libpango1.0_0-modules-1.22.0-1.1mdv2009.0.i586.rpm
b0bcd8e080aafd56a8e1f79f4fff96fe 2009.0/i586/libpango1.0-devel-1.22.0-1.1mdv2009.0.i586.rpm
b5d939dfca4c10eab1c1f9b2fb20f4a1 2009.0/i586/pango-1.22.0-1.1mdv2009.0.i586.rpm
d969812c6a1ad44513f0d6b7d65633c5 2009.0/i586/pango-doc-1.22.0-1.1mdv2009.0.i586.rpm
9babd2521bb72bd3db9020ebf3468a23 2009.0/SRPMS/pango-1.22.0-1.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
7b0fe4350cd4eaf9721c5ef651a3a7f7 2009.0/x86_64/lib64pango1.0_0-1.22.0-1.1mdv2009.0.x86_64.rpm
4a4705192e1c5c52b7ad38bd3fe8bdbb 2009.0/x86_64/lib64pango1.0_0-modules-1.22.0-1.1mdv2009.0.x86_64.rpm
09f7b36c23d737eb664b002940759285 2009.0/x86_64/lib64pango1.0-devel-1.22.0-1.1mdv2009.0.x86_64.rpm
770f30616e2b5347cb2fdcfeedc4a9e2 2009.0/x86_64/pango-1.22.0-1.1mdv2009.0.x86_64.rpm
e018b02b91e86cfb5dee7956a8cedf73 2009.0/x86_64/pango-doc-1.22.0-1.1mdv2009.0.x86_64.rpm
9babd2521bb72bd3db9020ebf3468a23 2009.0/SRPMS/pango-1.22.0-1.1mdv2009.0.src.rpm
Corporate 3.0:
fe6b828f9488f85f080869c42d380803 corporate/3.0/i586/libpango1.0_0-1.2.5-3.1.C30mdk.i586.rpm
67cf76c4f817b91e985053093ec0fc8a corporate/3.0/i586/libpango1.0_0-devel-1.2.5-3.1.C30mdk.i586.rpm
ef94bdec5331c62a74567633278bce54 corporate/3.0/i586/pango-1.2.5-3.1.C30mdk.i586.rpm
567cb4d9dd07d90ec17f736fcc3acb16 corporate/3.0/SRPMS/pango-1.2.5-3.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
f0fb3f936e0d42cbb8bf4dd9113d7832 corporate/3.0/x86_64/lib64pango1.0_0-1.2.5-3.1.C30mdk.x86_64.rpm
51004f18ca85021b81671ccd0b0f0e43 corporate/3.0/x86_64/lib64pango1.0_0-devel-1.2.5-3.1.C30mdk.x86_64.rpm
bc25d953caf5c64455d6b9f21407eb5c corporate/3.0/x86_64/pango-1.2.5-3.1.C30mdk.x86_64.rpm
567cb4d9dd07d90ec17f736fcc3acb16 corporate/3.0/SRPMS/pango-1.2.5-3.1.C30mdk.src.rpm
Corporate 4.0:
d05ac0d15b5f6aa0ccae2e9138cbd32a corporate/4.0/i586/libpango1.0_0-1.10.0-3.1.20060mlcs4.i586.rpm
ecbc51723ca7d5ca22873589e6540d0e corporate/4.0/i586/libpango1.0_0-devel-1.10.0-3.1.20060mlcs4.i586.rpm
6c95ac70dddcca56dec35ffcbe4adde8 corporate/4.0/i586/libpango1.0_0-modules-1.10.0-3.1.20060mlcs4.i586.rpm
94bb1b067bf1f8b0afb5a019f6f83597 corporate/4.0/i586/pango-1.10.0-3.1.20060mlcs4.i586.rpm
7572845f90416d883d47b3681ccf5451 corporate/4.0/SRPMS/pango-1.10.0-3.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
ab4a921995dd9c8833e78448e7ef43c4 corporate/4.0/x86_64/lib64pango1.0_0-1.10.0-3.1.20060mlcs4.x86_64.rpm
dee3544eb5186529e4d4029acd027281 corporate/4.0/x86_64/lib64pango1.0_0-devel-1.10.0-3.1.20060mlcs4.x86_64.rpm
f4393cfae3d426fe0338c54ef6efef87 corporate/4.0/x86_64/lib64pango1.0_0-modules-1.10.0-3.1.20060mlcs4.x86_64.rpm
d159dc502f3b50ac6d3cbb6445e6bfdb corporate/4.0/x86_64/pango-1.10.0-3.1.20060mlcs4.x86_64.rpm
7572845f90416d883d47b3681ccf5451 corporate/4.0/SRPMS/pango-1.10.0-3.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKaNzHmqjQ0CJFipgRAjr/AKCWWtP6sYotwbQucYFZr/KIXUasGQCfbC5Q
CIw1m2fY+cFmwVvxR/A1JLk=
=3XE/
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists