Login
Newsletter
Werbung

Sicherheit: Zahlenüberlauf in pango
Aktuelle Meldungen Distributionen
Name: Zahlenüberlauf in pango
ID: MDVSA-2009:158-2
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0
Datum: Mo, 16. November 2009, 23:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194
https://qa.mandriva.com/55674
Applikationen: Pango

Originalnachricht

This is a multi-part message in MIME format...

------------=_1258410991-24326-668


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:158-2
http://www.mandriva.com/security/
_______________________________________________________________________

Package : pango
Date : November 16, 2009
Affected: Corporate 3.0
_______________________________________________________________________

Problem Description:

Integer overflow in the pango_glyph_string_set_size function in
pango/glyphstring.c in Pango before 1.24 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long glyph string that triggers a
heap-based buffer overflow.

This update corrects the issue.

Update:

pango for CS3 broke applications like MandrivaUpdate, mcc and so
on. This update corrects this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194
https://qa.mandriva.com/55674
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
88f18d174db6cdbca5895f8cb9e33b3d
corporate/3.0/i586/libpango1.0_0-1.2.5-3.2.C30mdk.i586.rpm
af0017f3187368902d5b1b6ef5aa8d69
corporate/3.0/i586/libpango1.0_0-devel-1.2.5-3.2.C30mdk.i586.rpm
f7693bae0804d325a562f6cb80665564
corporate/3.0/i586/pango-1.2.5-3.2.C30mdk.i586.rpm
5bd0f04432ef565d87bc31aa2f43c50d
corporate/3.0/SRPMS/pango-1.2.5-3.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
422881023439d37ad409a628851708ff
corporate/3.0/x86_64/lib64pango1.0_0-1.2.5-3.2.C30mdk.x86_64.rpm
8a85d32c500ee2092123f3a58132155f
corporate/3.0/x86_64/lib64pango1.0_0-devel-1.2.5-3.2.C30mdk.x86_64.rpm
ba8df6cf6cb3742cfcfb861179d6d28a
corporate/3.0/x86_64/pango-1.2.5-3.2.C30mdk.x86_64.rpm
5bd0f04432ef565d87bc31aa2f43c50d
corporate/3.0/SRPMS/pango-1.2.5-3.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLAailmqjQ0CJFipgRArSuAKDZGnETP1EfoNsRP66DTljSYjTOfgCfaY6d
uuTin56c9HJHDl524dcHBp0=
=1t2j
-----END PGP SIGNATURE-----


------------=_1258410991-24326-668
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1258410991-24326-668--
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung