[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OR5pS-0003dO-0B@titan.mandriva.com>
Date: Tue, 22 Jun 2010 17:56:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:121 ] pango
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:121
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pango
Date : June 22, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in pango:
Array index error in the hb_ot_layout_build_glyph_classes function
in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows
context-dependent attackers to cause a denial of service (application
crash) via a crafted font file, related to building a synthetic
Glyph Definition (aka GDEF) table by using this font's charmap and
the Unicode property database (CVE-2010-0421).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0421
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
531ca422fc6a6777106d52a282ba6f3e 2008.0/i586/libpango1.0_0-1.18.2-1.2mdv2008.0.i586.rpm
f23ea5bef4b70a102e857faa17bde950 2008.0/i586/libpango1.0_0-modules-1.18.2-1.2mdv2008.0.i586.rpm
1c015751f614a1559636d91bf4dbf658 2008.0/i586/libpango1.0-devel-1.18.2-1.2mdv2008.0.i586.rpm
327fa9bbc9553e8b6e32154d147ac9cd 2008.0/i586/pango-1.18.2-1.2mdv2008.0.i586.rpm
b18559906ed0c756fd2232d7286ef3e9 2008.0/i586/pango-doc-1.18.2-1.2mdv2008.0.i586.rpm
199adcc22840415441eae58ab0d686f5 2008.0/SRPMS/pango-1.18.2-1.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
d4c104a71623556bfaae5b910d72d188 2008.0/x86_64/lib64pango1.0_0-1.18.2-1.2mdv2008.0.x86_64.rpm
e019d97785600e3e4bfb5d0f9ab72b74 2008.0/x86_64/lib64pango1.0_0-modules-1.18.2-1.2mdv2008.0.x86_64.rpm
21303d77e999fb7ea751c7e187a6ea89 2008.0/x86_64/lib64pango1.0-devel-1.18.2-1.2mdv2008.0.x86_64.rpm
1a5f6892ee5e0bd5b17aaea3f05c07f3 2008.0/x86_64/pango-1.18.2-1.2mdv2008.0.x86_64.rpm
844fed2ee045b84c34a7d24adcc0ca1b 2008.0/x86_64/pango-doc-1.18.2-1.2mdv2008.0.x86_64.rpm
199adcc22840415441eae58ab0d686f5 2008.0/SRPMS/pango-1.18.2-1.2mdv2008.0.src.rpm
Mandriva Linux 2009.0:
f818a1b8cf40a15ca6e7d4a578f858b0 2009.0/i586/libpango1.0_0-1.22.0-1.2mdv2009.0.i586.rpm
dc25662f0d2b9d0b36597935d32cf0e0 2009.0/i586/libpango1.0_0-modules-1.22.0-1.2mdv2009.0.i586.rpm
9de63eebb567bac21147c9a71929fa94 2009.0/i586/libpango1.0-devel-1.22.0-1.2mdv2009.0.i586.rpm
5f2d9e530f510715ba9800da9132507c 2009.0/i586/pango-1.22.0-1.2mdv2009.0.i586.rpm
54264e559ff61ea82ce0aaa10fcd7807 2009.0/i586/pango-doc-1.22.0-1.2mdv2009.0.i586.rpm
61b1e84d9e94441486739e706e5807aa 2009.0/SRPMS/pango-1.22.0-1.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
d89182f1a67df154436f911ab49c998c 2009.0/x86_64/lib64pango1.0_0-1.22.0-1.2mdv2009.0.x86_64.rpm
5128373e230e002664ac1ee89196b4c2 2009.0/x86_64/lib64pango1.0_0-modules-1.22.0-1.2mdv2009.0.x86_64.rpm
bb99fd715de3806760035e88fcf54004 2009.0/x86_64/lib64pango1.0-devel-1.22.0-1.2mdv2009.0.x86_64.rpm
ac258b1e139acc2ea92c208fdedcf008 2009.0/x86_64/pango-1.22.0-1.2mdv2009.0.x86_64.rpm
b66f33df75d3889033d9331f4faa81e6 2009.0/x86_64/pango-doc-1.22.0-1.2mdv2009.0.x86_64.rpm
61b1e84d9e94441486739e706e5807aa 2009.0/SRPMS/pango-1.22.0-1.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
e051fbe50943e1b8ff04e6bda1a6731e 2009.1/i586/libpango1.0_0-1.24.1-1.1mdv2009.1.i586.rpm
d4004ac5c7b3554005acef696c95ed17 2009.1/i586/libpango1.0_0-modules-1.24.1-1.1mdv2009.1.i586.rpm
1753030920b0dc28410ec500027f5fa8 2009.1/i586/libpango1.0-devel-1.24.1-1.1mdv2009.1.i586.rpm
6d113a2583bf72252c6986d4161e30eb 2009.1/i586/pango-1.24.1-1.1mdv2009.1.i586.rpm
9bb53788f7448ff149203a1ecc57d88b 2009.1/i586/pango-doc-1.24.1-1.1mdv2009.1.i586.rpm
19b1fd94242fe7477bfd3c9f332be5cb 2009.1/SRPMS/pango-1.24.1-1.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
96905bb1cb15f2f78eca3f1fc18a18ff 2009.1/x86_64/lib64pango1.0_0-1.24.1-1.1mdv2009.1.x86_64.rpm
155f81e153d65cce320ad7b1038caccd 2009.1/x86_64/lib64pango1.0_0-modules-1.24.1-1.1mdv2009.1.x86_64.rpm
6ccb79cec84f207d2bf032cec02fb828 2009.1/x86_64/lib64pango1.0-devel-1.24.1-1.1mdv2009.1.x86_64.rpm
84a045a5db31ccf90df5910ad8908e93 2009.1/x86_64/pango-1.24.1-1.1mdv2009.1.x86_64.rpm
d3b06564ce5342d98162e5b62fda7379 2009.1/x86_64/pango-doc-1.24.1-1.1mdv2009.1.x86_64.rpm
19b1fd94242fe7477bfd3c9f332be5cb 2009.1/SRPMS/pango-1.24.1-1.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
7aa21a2139fa09a02c3134d24df405c4 2010.0/i586/libpango1.0_0-1.26.1-1.2mdv2010.0.i586.rpm
ba1ce579d66cad852f38dff557370a3a 2010.0/i586/libpango1.0_0-modules-1.26.1-1.2mdv2010.0.i586.rpm
a96ce9eb840b45496004761a8bf0c685 2010.0/i586/libpango1.0-devel-1.26.1-1.2mdv2010.0.i586.rpm
2c964e5dd3b3ac686fff3edc5bd7e712 2010.0/i586/pango-1.26.1-1.2mdv2010.0.i586.rpm
6ef221cd2253d26187117ae4a7cb7dd9 2010.0/i586/pango-doc-1.26.1-1.2mdv2010.0.i586.rpm
08b72577a1117f4fc2f29f53f5edeaec 2010.0/SRPMS/pango-1.26.1-1.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
f4744cc096aac8bfd32240331881e99e 2010.0/x86_64/lib64pango1.0_0-1.26.1-1.2mdv2010.0.x86_64.rpm
54919bd634eaa10ecbbcb5e140650973 2010.0/x86_64/lib64pango1.0_0-modules-1.26.1-1.2mdv2010.0.x86_64.rpm
18bdc1b62b64ed3381e8bc98b8ec20ad 2010.0/x86_64/lib64pango1.0-devel-1.26.1-1.2mdv2010.0.x86_64.rpm
2a6613f8941689eff8a3dd780cf04b11 2010.0/x86_64/pango-1.26.1-1.2mdv2010.0.x86_64.rpm
c0a1406e8ed4096bf5481fe38837b6dc 2010.0/x86_64/pango-doc-1.26.1-1.2mdv2010.0.x86_64.rpm
08b72577a1117f4fc2f29f53f5edeaec 2010.0/SRPMS/pango-1.26.1-1.2mdv2010.0.src.rpm
Mandriva Enterprise Server 5:
d6decc56a38a11a5a13984fc83559385 mes5/i586/libpango1.0_0-1.22.0-1.2mdvmes5.1.i586.rpm
e5d925f17dd0701cf3c49f08c29fe603 mes5/i586/libpango1.0_0-modules-1.22.0-1.2mdvmes5.1.i586.rpm
17c7a506f6808b3ee9f5f6b75a5379fa mes5/i586/libpango1.0-devel-1.22.0-1.2mdvmes5.1.i586.rpm
0e5dd5095994251fde994f2fa26358e8 mes5/i586/pango-1.22.0-1.2mdvmes5.1.i586.rpm
63a4f9187fe13157433ce165f4ef9efd mes5/i586/pango-doc-1.22.0-1.2mdvmes5.1.i586.rpm
6425231a4d3181a952f1f5d16551ccd9 mes5/SRPMS/pango-1.22.0-1.2mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
116891a295279dba835c846c69dcfb93 mes5/x86_64/lib64pango1.0_0-1.22.0-1.2mdvmes5.1.x86_64.rpm
9d75fb24121b6852985dd8be7edbe59b mes5/x86_64/lib64pango1.0_0-modules-1.22.0-1.2mdvmes5.1.x86_64.rpm
26bbb15efd26cdd94c9d8ee2e4a7278d mes5/x86_64/lib64pango1.0-devel-1.22.0-1.2mdvmes5.1.x86_64.rpm
4ea150efc21c643109197382c0c592f0 mes5/x86_64/pango-1.22.0-1.2mdvmes5.1.x86_64.rpm
4dd5ce363b7eaa068cab0c387cc23230 mes5/x86_64/pango-doc-1.22.0-1.2mdvmes5.1.x86_64.rpm
6425231a4d3181a952f1f5d16551ccd9 mes5/SRPMS/pango-1.22.0-1.2mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMIKwSmqjQ0CJFipgRAsccAKC3/3dngpLvYeSYi8xMg6YC5HDXzQCg22P2
vb2+9XXDoWgnbqodhU1lexM=
=Ow3o
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists