Sicherheit: Zahlenüberlauf in pango

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1259889690-24326-1589

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:158-3
http://www.mandriva.com/security/
_______________________________________________________________________

Package : pango
Date : December 3, 2009
Affected: 2008.0
_______________________________________________________________________

Problem Description:

Integer overflow in the pango_glyph_string_set_size function in
pango/glyphstring.c in Pango before 1.24 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long glyph string that triggers a
heap-based buffer overflow.

This update corrects the issue.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
5fa3cde904bb3471f2808597d4495a90
2008.0/i586/libpango1.0_0-1.18.2-1.1mdv2008.0.i586.rpm
70cd4862c5bc27ff2548ea082ef2562b
2008.0/i586/libpango1.0_0-modules-1.18.2-1.1mdv2008.0.i586.rpm
06a9a5a78ffa999cb12bd5de367789cc
2008.0/i586/libpango1.0-devel-1.18.2-1.1mdv2008.0.i586.rpm
77ca034f4f673aef5ef9a147e7fd6b10
2008.0/i586/pango-1.18.2-1.1mdv2008.0.i586.rpm
d57f4104fd1607dca80c7d4e8d775ae7
2008.0/i586/pango-doc-1.18.2-1.1mdv2008.0.i586.rpm
1d01963df79f7762776dc35e4023ea5b
2008.0/SRPMS/pango-1.18.2-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
1fdf6ef81c94fee53da3c154709483ad
2008.0/x86_64/lib64pango1.0_0-1.18.2-1.1mdv2008.0.x86_64.rpm
2a5831a2e8bdc4dcce62f8ecbe9f1dfd
2008.0/x86_64/lib64pango1.0_0-modules-1.18.2-1.1mdv2008.0.x86_64.rpm
18803302ca6edff9c50f9bb66e095e80
2008.0/x86_64/lib64pango1.0-devel-1.18.2-1.1mdv2008.0.x86_64.rpm
56a5dff6f3dc09912b22ea955970ae1c
2008.0/x86_64/pango-1.18.2-1.1mdv2008.0.x86_64.rpm
2b2fc7e5a1c7597dead4d6138089f7c3
2008.0/x86_64/pango-doc-1.18.2-1.1mdv2008.0.x86_64.rpm
1d01963df79f7762776dc35e4023ea5b
2008.0/SRPMS/pango-1.18.2-1.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLGDftmqjQ0CJFipgRAuWMAJ4/ig6FYR6485O/yz4etEfyCTIySgCghpQU
pNTF7F5vkWFvFfi8GU78a0E=
=sn6S
-----END PGP SIGNATURE-----

------------=_1259889690-24326-1589
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1259889690-24326-1589--