[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NGMo4-0005hG-5k@titan.mandriva.com>
Date: Fri, 04 Dec 2009 02:18:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:158-3 ] pango
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:158-3
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pango
Date : December 3, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Integer overflow in the pango_glyph_string_set_size function in
pango/glyphstring.c in Pango before 1.24 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long glyph string that triggers a
heap-based buffer overflow.
This update corrects the issue.
Update:
Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
5fa3cde904bb3471f2808597d4495a90 2008.0/i586/libpango1.0_0-1.18.2-1.1mdv2008.0.i586.rpm
70cd4862c5bc27ff2548ea082ef2562b 2008.0/i586/libpango1.0_0-modules-1.18.2-1.1mdv2008.0.i586.rpm
06a9a5a78ffa999cb12bd5de367789cc 2008.0/i586/libpango1.0-devel-1.18.2-1.1mdv2008.0.i586.rpm
77ca034f4f673aef5ef9a147e7fd6b10 2008.0/i586/pango-1.18.2-1.1mdv2008.0.i586.rpm
d57f4104fd1607dca80c7d4e8d775ae7 2008.0/i586/pango-doc-1.18.2-1.1mdv2008.0.i586.rpm
1d01963df79f7762776dc35e4023ea5b 2008.0/SRPMS/pango-1.18.2-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
1fdf6ef81c94fee53da3c154709483ad 2008.0/x86_64/lib64pango1.0_0-1.18.2-1.1mdv2008.0.x86_64.rpm
2a5831a2e8bdc4dcce62f8ecbe9f1dfd 2008.0/x86_64/lib64pango1.0_0-modules-1.18.2-1.1mdv2008.0.x86_64.rpm
18803302ca6edff9c50f9bb66e095e80 2008.0/x86_64/lib64pango1.0-devel-1.18.2-1.1mdv2008.0.x86_64.rpm
56a5dff6f3dc09912b22ea955970ae1c 2008.0/x86_64/pango-1.18.2-1.1mdv2008.0.x86_64.rpm
2b2fc7e5a1c7597dead4d6138089f7c3 2008.0/x86_64/pango-doc-1.18.2-1.1mdv2008.0.x86_64.rpm
1d01963df79f7762776dc35e4023ea5b 2008.0/SRPMS/pango-1.18.2-1.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLGDftmqjQ0CJFipgRAuWMAJ4/ig6FYR6485O/yz4etEfyCTIySgCghpQU
pNTF7F5vkWFvFfi8GU78a0E=
=sn6S
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists