lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OR5pS-0003dO-0B@titan.mandriva.com>
Date: Tue, 22 Jun 2010 17:56:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:121 ] pango


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:121
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pango
 Date    : June 22, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in pango:
 
 Array index error in the hb_ot_layout_build_glyph_classes function
 in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows
 context-dependent attackers to cause a denial of service (application
 crash) via a crafted font file, related to building a synthetic
 Glyph Definition (aka GDEF) table by using this font's charmap and
 the Unicode property database (CVE-2010-0421).
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0421
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 531ca422fc6a6777106d52a282ba6f3e  2008.0/i586/libpango1.0_0-1.18.2-1.2mdv2008.0.i586.rpm
 f23ea5bef4b70a102e857faa17bde950  2008.0/i586/libpango1.0_0-modules-1.18.2-1.2mdv2008.0.i586.rpm
 1c015751f614a1559636d91bf4dbf658  2008.0/i586/libpango1.0-devel-1.18.2-1.2mdv2008.0.i586.rpm
 327fa9bbc9553e8b6e32154d147ac9cd  2008.0/i586/pango-1.18.2-1.2mdv2008.0.i586.rpm
 b18559906ed0c756fd2232d7286ef3e9  2008.0/i586/pango-doc-1.18.2-1.2mdv2008.0.i586.rpm 
 199adcc22840415441eae58ab0d686f5  2008.0/SRPMS/pango-1.18.2-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 d4c104a71623556bfaae5b910d72d188  2008.0/x86_64/lib64pango1.0_0-1.18.2-1.2mdv2008.0.x86_64.rpm
 e019d97785600e3e4bfb5d0f9ab72b74  2008.0/x86_64/lib64pango1.0_0-modules-1.18.2-1.2mdv2008.0.x86_64.rpm
 21303d77e999fb7ea751c7e187a6ea89  2008.0/x86_64/lib64pango1.0-devel-1.18.2-1.2mdv2008.0.x86_64.rpm
 1a5f6892ee5e0bd5b17aaea3f05c07f3  2008.0/x86_64/pango-1.18.2-1.2mdv2008.0.x86_64.rpm
 844fed2ee045b84c34a7d24adcc0ca1b  2008.0/x86_64/pango-doc-1.18.2-1.2mdv2008.0.x86_64.rpm 
 199adcc22840415441eae58ab0d686f5  2008.0/SRPMS/pango-1.18.2-1.2mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 f818a1b8cf40a15ca6e7d4a578f858b0  2009.0/i586/libpango1.0_0-1.22.0-1.2mdv2009.0.i586.rpm
 dc25662f0d2b9d0b36597935d32cf0e0  2009.0/i586/libpango1.0_0-modules-1.22.0-1.2mdv2009.0.i586.rpm
 9de63eebb567bac21147c9a71929fa94  2009.0/i586/libpango1.0-devel-1.22.0-1.2mdv2009.0.i586.rpm
 5f2d9e530f510715ba9800da9132507c  2009.0/i586/pango-1.22.0-1.2mdv2009.0.i586.rpm
 54264e559ff61ea82ce0aaa10fcd7807  2009.0/i586/pango-doc-1.22.0-1.2mdv2009.0.i586.rpm 
 61b1e84d9e94441486739e706e5807aa  2009.0/SRPMS/pango-1.22.0-1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 d89182f1a67df154436f911ab49c998c  2009.0/x86_64/lib64pango1.0_0-1.22.0-1.2mdv2009.0.x86_64.rpm
 5128373e230e002664ac1ee89196b4c2  2009.0/x86_64/lib64pango1.0_0-modules-1.22.0-1.2mdv2009.0.x86_64.rpm
 bb99fd715de3806760035e88fcf54004  2009.0/x86_64/lib64pango1.0-devel-1.22.0-1.2mdv2009.0.x86_64.rpm
 ac258b1e139acc2ea92c208fdedcf008  2009.0/x86_64/pango-1.22.0-1.2mdv2009.0.x86_64.rpm
 b66f33df75d3889033d9331f4faa81e6  2009.0/x86_64/pango-doc-1.22.0-1.2mdv2009.0.x86_64.rpm 
 61b1e84d9e94441486739e706e5807aa  2009.0/SRPMS/pango-1.22.0-1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 e051fbe50943e1b8ff04e6bda1a6731e  2009.1/i586/libpango1.0_0-1.24.1-1.1mdv2009.1.i586.rpm
 d4004ac5c7b3554005acef696c95ed17  2009.1/i586/libpango1.0_0-modules-1.24.1-1.1mdv2009.1.i586.rpm
 1753030920b0dc28410ec500027f5fa8  2009.1/i586/libpango1.0-devel-1.24.1-1.1mdv2009.1.i586.rpm
 6d113a2583bf72252c6986d4161e30eb  2009.1/i586/pango-1.24.1-1.1mdv2009.1.i586.rpm
 9bb53788f7448ff149203a1ecc57d88b  2009.1/i586/pango-doc-1.24.1-1.1mdv2009.1.i586.rpm 
 19b1fd94242fe7477bfd3c9f332be5cb  2009.1/SRPMS/pango-1.24.1-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 96905bb1cb15f2f78eca3f1fc18a18ff  2009.1/x86_64/lib64pango1.0_0-1.24.1-1.1mdv2009.1.x86_64.rpm
 155f81e153d65cce320ad7b1038caccd  2009.1/x86_64/lib64pango1.0_0-modules-1.24.1-1.1mdv2009.1.x86_64.rpm
 6ccb79cec84f207d2bf032cec02fb828  2009.1/x86_64/lib64pango1.0-devel-1.24.1-1.1mdv2009.1.x86_64.rpm
 84a045a5db31ccf90df5910ad8908e93  2009.1/x86_64/pango-1.24.1-1.1mdv2009.1.x86_64.rpm
 d3b06564ce5342d98162e5b62fda7379  2009.1/x86_64/pango-doc-1.24.1-1.1mdv2009.1.x86_64.rpm 
 19b1fd94242fe7477bfd3c9f332be5cb  2009.1/SRPMS/pango-1.24.1-1.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 7aa21a2139fa09a02c3134d24df405c4  2010.0/i586/libpango1.0_0-1.26.1-1.2mdv2010.0.i586.rpm
 ba1ce579d66cad852f38dff557370a3a  2010.0/i586/libpango1.0_0-modules-1.26.1-1.2mdv2010.0.i586.rpm
 a96ce9eb840b45496004761a8bf0c685  2010.0/i586/libpango1.0-devel-1.26.1-1.2mdv2010.0.i586.rpm
 2c964e5dd3b3ac686fff3edc5bd7e712  2010.0/i586/pango-1.26.1-1.2mdv2010.0.i586.rpm
 6ef221cd2253d26187117ae4a7cb7dd9  2010.0/i586/pango-doc-1.26.1-1.2mdv2010.0.i586.rpm 
 08b72577a1117f4fc2f29f53f5edeaec  2010.0/SRPMS/pango-1.26.1-1.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 f4744cc096aac8bfd32240331881e99e  2010.0/x86_64/lib64pango1.0_0-1.26.1-1.2mdv2010.0.x86_64.rpm
 54919bd634eaa10ecbbcb5e140650973  2010.0/x86_64/lib64pango1.0_0-modules-1.26.1-1.2mdv2010.0.x86_64.rpm
 18bdc1b62b64ed3381e8bc98b8ec20ad  2010.0/x86_64/lib64pango1.0-devel-1.26.1-1.2mdv2010.0.x86_64.rpm
 2a6613f8941689eff8a3dd780cf04b11  2010.0/x86_64/pango-1.26.1-1.2mdv2010.0.x86_64.rpm
 c0a1406e8ed4096bf5481fe38837b6dc  2010.0/x86_64/pango-doc-1.26.1-1.2mdv2010.0.x86_64.rpm 
 08b72577a1117f4fc2f29f53f5edeaec  2010.0/SRPMS/pango-1.26.1-1.2mdv2010.0.src.rpm

 Mandriva Enterprise Server 5:
 d6decc56a38a11a5a13984fc83559385  mes5/i586/libpango1.0_0-1.22.0-1.2mdvmes5.1.i586.rpm
 e5d925f17dd0701cf3c49f08c29fe603  mes5/i586/libpango1.0_0-modules-1.22.0-1.2mdvmes5.1.i586.rpm
 17c7a506f6808b3ee9f5f6b75a5379fa  mes5/i586/libpango1.0-devel-1.22.0-1.2mdvmes5.1.i586.rpm
 0e5dd5095994251fde994f2fa26358e8  mes5/i586/pango-1.22.0-1.2mdvmes5.1.i586.rpm
 63a4f9187fe13157433ce165f4ef9efd  mes5/i586/pango-doc-1.22.0-1.2mdvmes5.1.i586.rpm 
 6425231a4d3181a952f1f5d16551ccd9  mes5/SRPMS/pango-1.22.0-1.2mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 116891a295279dba835c846c69dcfb93  mes5/x86_64/lib64pango1.0_0-1.22.0-1.2mdvmes5.1.x86_64.rpm
 9d75fb24121b6852985dd8be7edbe59b  mes5/x86_64/lib64pango1.0_0-modules-1.22.0-1.2mdvmes5.1.x86_64.rpm
 26bbb15efd26cdd94c9d8ee2e4a7278d  mes5/x86_64/lib64pango1.0-devel-1.22.0-1.2mdvmes5.1.x86_64.rpm
 4ea150efc21c643109197382c0c592f0  mes5/x86_64/pango-1.22.0-1.2mdvmes5.1.x86_64.rpm
 4dd5ce363b7eaa068cab0c387cc23230  mes5/x86_64/pango-doc-1.22.0-1.2mdvmes5.1.x86_64.rpm 
 6425231a4d3181a952f1f5d16551ccd9  mes5/SRPMS/pango-1.22.0-1.2mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMIKwSmqjQ0CJFipgRAsccAKC3/3dngpLvYeSYi8xMg6YC5HDXzQCg22P2
vb2+9XXDoWgnbqodhU1lexM=
=Ow3o
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ