lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MU9KK-0003ly-OX@titan.mandriva.com>
Date: Fri, 24 Jul 2009 03:12:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVA-2009:158 ] pango


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                          MDVA-2009:158
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pango
 Date    : July 23, 2009
 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Integer overflow in the pango_glyph_string_set_size function in
 pango/glyphstring.c in Pango before 1.24 allows context-dependent
 attackers to cause a denial of service (application crash) or possibly
 execute arbitrary code via a long glyph string that triggers a
 heap-based buffer overflow. This update corrects the issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 8ed2ac52ac18fa8debe4cf0d19e497c7  2008.1/i586/libpango1.0_0-1.20.0-1.1mdv2008.1.i586.rpm
 430718c1ceb4b769a64aef5bd95a60b0  2008.1/i586/libpango1.0_0-modules-1.20.0-1.1mdv2008.1.i586.rpm
 90e14f60562814605b6884021ae4e8eb  2008.1/i586/libpango1.0-devel-1.20.0-1.1mdv2008.1.i586.rpm
 86f789f5f599d31da2dba3f5a4d457eb  2008.1/i586/pango-1.20.0-1.1mdv2008.1.i586.rpm
 c7f57b7106f2affcfa9833f90a11edfb  2008.1/i586/pango-doc-1.20.0-1.1mdv2008.1.i586.rpm 
 1f6ea21816580571f4404a5b49b843ea  2008.1/SRPMS/pango-1.20.0-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 67b5cc0b18d59f082cf2fbb9a4cf2153  2008.1/x86_64/lib64pango1.0_0-1.20.0-1.1mdv2008.1.x86_64.rpm
 3a9e41e784c5807196ea290aa14458c6  2008.1/x86_64/lib64pango1.0_0-modules-1.20.0-1.1mdv2008.1.x86_64.rpm
 8a2dbf2550af4653900562b368d84415  2008.1/x86_64/lib64pango1.0-devel-1.20.0-1.1mdv2008.1.x86_64.rpm
 fc58e14c4df213c0bf693558782216d3  2008.1/x86_64/pango-1.20.0-1.1mdv2008.1.x86_64.rpm
 69b9d122c29a07261bf12dd96d34acd5  2008.1/x86_64/pango-doc-1.20.0-1.1mdv2008.1.x86_64.rpm 
 1f6ea21816580571f4404a5b49b843ea  2008.1/SRPMS/pango-1.20.0-1.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 f220768c739dc9cae9f71de3cb43996e  2009.0/i586/libpango1.0_0-1.22.0-1.1mdv2009.0.i586.rpm
 013fc29cec91e9b215394d00db29b1e7  2009.0/i586/libpango1.0_0-modules-1.22.0-1.1mdv2009.0.i586.rpm
 b0bcd8e080aafd56a8e1f79f4fff96fe  2009.0/i586/libpango1.0-devel-1.22.0-1.1mdv2009.0.i586.rpm
 b5d939dfca4c10eab1c1f9b2fb20f4a1  2009.0/i586/pango-1.22.0-1.1mdv2009.0.i586.rpm
 d969812c6a1ad44513f0d6b7d65633c5  2009.0/i586/pango-doc-1.22.0-1.1mdv2009.0.i586.rpm 
 9babd2521bb72bd3db9020ebf3468a23  2009.0/SRPMS/pango-1.22.0-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 7b0fe4350cd4eaf9721c5ef651a3a7f7  2009.0/x86_64/lib64pango1.0_0-1.22.0-1.1mdv2009.0.x86_64.rpm
 4a4705192e1c5c52b7ad38bd3fe8bdbb  2009.0/x86_64/lib64pango1.0_0-modules-1.22.0-1.1mdv2009.0.x86_64.rpm
 09f7b36c23d737eb664b002940759285  2009.0/x86_64/lib64pango1.0-devel-1.22.0-1.1mdv2009.0.x86_64.rpm
 770f30616e2b5347cb2fdcfeedc4a9e2  2009.0/x86_64/pango-1.22.0-1.1mdv2009.0.x86_64.rpm
 e018b02b91e86cfb5dee7956a8cedf73  2009.0/x86_64/pango-doc-1.22.0-1.1mdv2009.0.x86_64.rpm 
 9babd2521bb72bd3db9020ebf3468a23  2009.0/SRPMS/pango-1.22.0-1.1mdv2009.0.src.rpm

 Corporate 3.0:
 fe6b828f9488f85f080869c42d380803  corporate/3.0/i586/libpango1.0_0-1.2.5-3.1.C30mdk.i586.rpm
 67cf76c4f817b91e985053093ec0fc8a  corporate/3.0/i586/libpango1.0_0-devel-1.2.5-3.1.C30mdk.i586.rpm
 ef94bdec5331c62a74567633278bce54  corporate/3.0/i586/pango-1.2.5-3.1.C30mdk.i586.rpm 
 567cb4d9dd07d90ec17f736fcc3acb16  corporate/3.0/SRPMS/pango-1.2.5-3.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 f0fb3f936e0d42cbb8bf4dd9113d7832  corporate/3.0/x86_64/lib64pango1.0_0-1.2.5-3.1.C30mdk.x86_64.rpm
 51004f18ca85021b81671ccd0b0f0e43  corporate/3.0/x86_64/lib64pango1.0_0-devel-1.2.5-3.1.C30mdk.x86_64.rpm
 bc25d953caf5c64455d6b9f21407eb5c  corporate/3.0/x86_64/pango-1.2.5-3.1.C30mdk.x86_64.rpm 
 567cb4d9dd07d90ec17f736fcc3acb16  corporate/3.0/SRPMS/pango-1.2.5-3.1.C30mdk.src.rpm

 Corporate 4.0:
 d05ac0d15b5f6aa0ccae2e9138cbd32a  corporate/4.0/i586/libpango1.0_0-1.10.0-3.1.20060mlcs4.i586.rpm
 ecbc51723ca7d5ca22873589e6540d0e  corporate/4.0/i586/libpango1.0_0-devel-1.10.0-3.1.20060mlcs4.i586.rpm
 6c95ac70dddcca56dec35ffcbe4adde8  corporate/4.0/i586/libpango1.0_0-modules-1.10.0-3.1.20060mlcs4.i586.rpm
 94bb1b067bf1f8b0afb5a019f6f83597  corporate/4.0/i586/pango-1.10.0-3.1.20060mlcs4.i586.rpm 
 7572845f90416d883d47b3681ccf5451  corporate/4.0/SRPMS/pango-1.10.0-3.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 ab4a921995dd9c8833e78448e7ef43c4  corporate/4.0/x86_64/lib64pango1.0_0-1.10.0-3.1.20060mlcs4.x86_64.rpm
 dee3544eb5186529e4d4029acd027281  corporate/4.0/x86_64/lib64pango1.0_0-devel-1.10.0-3.1.20060mlcs4.x86_64.rpm
 f4393cfae3d426fe0338c54ef6efef87  corporate/4.0/x86_64/lib64pango1.0_0-modules-1.10.0-3.1.20060mlcs4.x86_64.rpm
 d159dc502f3b50ac6d3cbb6445e6bfdb  corporate/4.0/x86_64/pango-1.10.0-3.1.20060mlcs4.x86_64.rpm 
 7572845f90416d883d47b3681ccf5451  corporate/4.0/SRPMS/pango-1.10.0-3.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKaNzHmqjQ0CJFipgRAjr/AKCWWtP6sYotwbQucYFZr/KIXUasGQCfbC5Q
CIw1m2fY+cFmwVvxR/A1JLk=
=3XE/
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ