Login
Newsletter
Werbung
Sicherheit: Denial of Service in Pango
Aktuelle Meldungen Distributionen
Name: Denial of Service in Pango
ID: MDVSA-2010:121
Distribution: Mandriva
Plattformen: Mandriva 2008.0, Mandriva 2009.0, Mandriva 2009.1, Mandriva Enterprise Server 5.0, Mandriva 2010.0
Datum: Di, 22. Juni 2010, 18:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0421
Applikationen: Pango

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1277222233-18587-116


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:121
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pango
 Date    : June 22, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in pango:
 
 Array index error in the hb_ot_layout_build_glyph_classes function
 in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows
 context-dependent attackers to cause a denial of service (application
 crash) via a crafted font file, related to building a synthetic
 Glyph Definition (aka GDEF) table by using this font's charmap and
 the Unicode property database (CVE-2010-0421).
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0421
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 531ca422fc6a6777106d52a282ba6f3e 
 2008.0/i586/libpango1.0_0-1.18.2-1.2mdv2008.0.i586.rpm
 f23ea5bef4b70a102e857faa17bde950 
 2008.0/i586/libpango1.0_0-modules-1.18.2-1.2mdv2008.0.i586.rpm
 1c015751f614a1559636d91bf4dbf658 
 2008.0/i586/libpango1.0-devel-1.18.2-1.2mdv2008.0.i586.rpm
 327fa9bbc9553e8b6e32154d147ac9cd 
 2008.0/i586/pango-1.18.2-1.2mdv2008.0.i586.rpm
 b18559906ed0c756fd2232d7286ef3e9 
 2008.0/i586/pango-doc-1.18.2-1.2mdv2008.0.i586.rpm 
 199adcc22840415441eae58ab0d686f5 
 2008.0/SRPMS/pango-1.18.2-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 d4c104a71623556bfaae5b910d72d188 
 2008.0/x86_64/lib64pango1.0_0-1.18.2-1.2mdv2008.0.x86_64.rpm
 e019d97785600e3e4bfb5d0f9ab72b74 
 2008.0/x86_64/lib64pango1.0_0-modules-1.18.2-1.2mdv2008.0.x86_64.rpm
 21303d77e999fb7ea751c7e187a6ea89 
 2008.0/x86_64/lib64pango1.0-devel-1.18.2-1.2mdv2008.0.x86_64.rpm
 1a5f6892ee5e0bd5b17aaea3f05c07f3 
 2008.0/x86_64/pango-1.18.2-1.2mdv2008.0.x86_64.rpm
 844fed2ee045b84c34a7d24adcc0ca1b 
 2008.0/x86_64/pango-doc-1.18.2-1.2mdv2008.0.x86_64.rpm 
 199adcc22840415441eae58ab0d686f5 
 2008.0/SRPMS/pango-1.18.2-1.2mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 f818a1b8cf40a15ca6e7d4a578f858b0 
 2009.0/i586/libpango1.0_0-1.22.0-1.2mdv2009.0.i586.rpm
 dc25662f0d2b9d0b36597935d32cf0e0 
 2009.0/i586/libpango1.0_0-modules-1.22.0-1.2mdv2009.0.i586.rpm
 9de63eebb567bac21147c9a71929fa94 
 2009.0/i586/libpango1.0-devel-1.22.0-1.2mdv2009.0.i586.rpm
 5f2d9e530f510715ba9800da9132507c 
 2009.0/i586/pango-1.22.0-1.2mdv2009.0.i586.rpm
 54264e559ff61ea82ce0aaa10fcd7807 
 2009.0/i586/pango-doc-1.22.0-1.2mdv2009.0.i586.rpm 
 61b1e84d9e94441486739e706e5807aa 
 2009.0/SRPMS/pango-1.22.0-1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 d89182f1a67df154436f911ab49c998c 
 2009.0/x86_64/lib64pango1.0_0-1.22.0-1.2mdv2009.0.x86_64.rpm
 5128373e230e002664ac1ee89196b4c2 
 2009.0/x86_64/lib64pango1.0_0-modules-1.22.0-1.2mdv2009.0.x86_64.rpm
 bb99fd715de3806760035e88fcf54004 
 2009.0/x86_64/lib64pango1.0-devel-1.22.0-1.2mdv2009.0.x86_64.rpm
 ac258b1e139acc2ea92c208fdedcf008 
 2009.0/x86_64/pango-1.22.0-1.2mdv2009.0.x86_64.rpm
 b66f33df75d3889033d9331f4faa81e6 
 2009.0/x86_64/pango-doc-1.22.0-1.2mdv2009.0.x86_64.rpm 
 61b1e84d9e94441486739e706e5807aa 
 2009.0/SRPMS/pango-1.22.0-1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 e051fbe50943e1b8ff04e6bda1a6731e 
 2009.1/i586/libpango1.0_0-1.24.1-1.1mdv2009.1.i586.rpm
 d4004ac5c7b3554005acef696c95ed17 
 2009.1/i586/libpango1.0_0-modules-1.24.1-1.1mdv2009.1.i586.rpm
 1753030920b0dc28410ec500027f5fa8 
 2009.1/i586/libpango1.0-devel-1.24.1-1.1mdv2009.1.i586.rpm
 6d113a2583bf72252c6986d4161e30eb 
 2009.1/i586/pango-1.24.1-1.1mdv2009.1.i586.rpm
 9bb53788f7448ff149203a1ecc57d88b 
 2009.1/i586/pango-doc-1.24.1-1.1mdv2009.1.i586.rpm 
 19b1fd94242fe7477bfd3c9f332be5cb 
 2009.1/SRPMS/pango-1.24.1-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 96905bb1cb15f2f78eca3f1fc18a18ff 
 2009.1/x86_64/lib64pango1.0_0-1.24.1-1.1mdv2009.1.x86_64.rpm
 155f81e153d65cce320ad7b1038caccd 
 2009.1/x86_64/lib64pango1.0_0-modules-1.24.1-1.1mdv2009.1.x86_64.rpm
 6ccb79cec84f207d2bf032cec02fb828 
 2009.1/x86_64/lib64pango1.0-devel-1.24.1-1.1mdv2009.1.x86_64.rpm
 84a045a5db31ccf90df5910ad8908e93 
 2009.1/x86_64/pango-1.24.1-1.1mdv2009.1.x86_64.rpm
 d3b06564ce5342d98162e5b62fda7379 
 2009.1/x86_64/pango-doc-1.24.1-1.1mdv2009.1.x86_64.rpm 
 19b1fd94242fe7477bfd3c9f332be5cb 
 2009.1/SRPMS/pango-1.24.1-1.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 7aa21a2139fa09a02c3134d24df405c4 
 2010.0/i586/libpango1.0_0-1.26.1-1.2mdv2010.0.i586.rpm
 ba1ce579d66cad852f38dff557370a3a 
 2010.0/i586/libpango1.0_0-modules-1.26.1-1.2mdv2010.0.i586.rpm
 a96ce9eb840b45496004761a8bf0c685 
 2010.0/i586/libpango1.0-devel-1.26.1-1.2mdv2010.0.i586.rpm
 2c964e5dd3b3ac686fff3edc5bd7e712 
 2010.0/i586/pango-1.26.1-1.2mdv2010.0.i586.rpm
 6ef221cd2253d26187117ae4a7cb7dd9 
 2010.0/i586/pango-doc-1.26.1-1.2mdv2010.0.i586.rpm 
 08b72577a1117f4fc2f29f53f5edeaec 
 2010.0/SRPMS/pango-1.26.1-1.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 f4744cc096aac8bfd32240331881e99e 
 2010.0/x86_64/lib64pango1.0_0-1.26.1-1.2mdv2010.0.x86_64.rpm
 54919bd634eaa10ecbbcb5e140650973 
 2010.0/x86_64/lib64pango1.0_0-modules-1.26.1-1.2mdv2010.0.x86_64.rpm
 18bdc1b62b64ed3381e8bc98b8ec20ad 
 2010.0/x86_64/lib64pango1.0-devel-1.26.1-1.2mdv2010.0.x86_64.rpm
 2a6613f8941689eff8a3dd780cf04b11 
 2010.0/x86_64/pango-1.26.1-1.2mdv2010.0.x86_64.rpm
 c0a1406e8ed4096bf5481fe38837b6dc 
 2010.0/x86_64/pango-doc-1.26.1-1.2mdv2010.0.x86_64.rpm 
 08b72577a1117f4fc2f29f53f5edeaec 
 2010.0/SRPMS/pango-1.26.1-1.2mdv2010.0.src.rpm

 Mandriva Enterprise Server 5:
 d6decc56a38a11a5a13984fc83559385 
 mes5/i586/libpango1.0_0-1.22.0-1.2mdvmes5.1.i586.rpm
 e5d925f17dd0701cf3c49f08c29fe603 
 mes5/i586/libpango1.0_0-modules-1.22.0-1.2mdvmes5.1.i586.rpm
 17c7a506f6808b3ee9f5f6b75a5379fa 
 mes5/i586/libpango1.0-devel-1.22.0-1.2mdvmes5.1.i586.rpm
 0e5dd5095994251fde994f2fa26358e8  mes5/i586/pango-1.22.0-1.2mdvmes5.1.i586.rpm
 63a4f9187fe13157433ce165f4ef9efd 
 mes5/i586/pango-doc-1.22.0-1.2mdvmes5.1.i586.rpm 
 6425231a4d3181a952f1f5d16551ccd9  mes5/SRPMS/pango-1.22.0-1.2mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 116891a295279dba835c846c69dcfb93 
 mes5/x86_64/lib64pango1.0_0-1.22.0-1.2mdvmes5.1.x86_64.rpm
 9d75fb24121b6852985dd8be7edbe59b 
 mes5/x86_64/lib64pango1.0_0-modules-1.22.0-1.2mdvmes5.1.x86_64.rpm
 26bbb15efd26cdd94c9d8ee2e4a7278d 
 mes5/x86_64/lib64pango1.0-devel-1.22.0-1.2mdvmes5.1.x86_64.rpm
 4ea150efc21c643109197382c0c592f0 
 mes5/x86_64/pango-1.22.0-1.2mdvmes5.1.x86_64.rpm
 4dd5ce363b7eaa068cab0c387cc23230 
 mes5/x86_64/pango-doc-1.22.0-1.2mdvmes5.1.x86_64.rpm 
 6425231a4d3181a952f1f5d16551ccd9  mes5/SRPMS/pango-1.22.0-1.2mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMIKwSmqjQ0CJFipgRAsccAKC3/3dngpLvYeSYi8xMg6YC5HDXzQCg22P2
vb2+9XXDoWgnbqodhU1lexM=
=Ow3o
-----END PGP SIGNATURE-----


------------=_1277222233-18587-116
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1277222233-18587-116--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung