LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 27th, 2014
Linux Advisory Watch: October 24th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Pango vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Will Drewry discovered that Pango incorrectly handled rendering text with long glyphstrings. If a user were tricked into displaying specially crafted data with applications linked against Pango, such as Firefox, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
===========================================================
Ubuntu Security Notice USN-773-1               May 07, 2009
pango1.0 vulnerability
CVE-2009-1194
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libpango1.0-0                   1.12.3-0ubuntu3.1

Ubuntu 8.04 LTS:
  libpango1.0-0                   1.20.5-0ubuntu1.1

Ubuntu 8.10:
  libpango1.0-0                   1.22.2-0ubuntu1.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Will Drewry discovered that Pango incorrectly handled rendering text with
long glyphstrings. If a user were tricked into displaying specially crafted
data with applications linked against Pango, such as Firefox, an attacker
could cause a denial of service or execute arbitrary code with privileges
of the user invoking the program.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.12.3-0ubuntu3.1.diff.gz
      Size/MD5:     4500 b522e8ff79f686ff3fdd493e8542349e
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.12.3-0ubuntu3.1.dsc
      Size/MD5:     1910 c8c30bddff7defeeee80a3610405df05
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.12.3.orig.tar.gz
      Size/MD5:  1707615 9abcbd996cdb1fcb6737100384a55be8

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-doc_1.12.3-0ubuntu3.1_all.deb
      Size/MD5:   205394 a80e88128fd7115254e3d5133987d4ee

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.12.3-0ubuntu3.1_amd64.deb
      Size/MD5:   677312 ecf591534d852001624f8435ede14209
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.12.3-0ubuntu3.1_amd64.deb
      Size/MD5:   315888 0073f3bd9ede36fdfa03dc1f607d03cb
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-common_1.12.3-0ubuntu3.1_amd64.deb
      Size/MD5:    35248 bb15526175751e55282920738df947e9
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.12.3-0ubuntu3.1_amd64.deb
      Size/MD5:   348382 001c8a9bfe194656728952d4a611e623
    http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.12.3-0ubuntu3.1_amd64.udeb
      Size/MD5:   211678 37d27b670d2b6015ce58678356544370

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.12.3-0ubuntu3.1_i386.deb
      Size/MD5:   575498 85a732fe93794bde88a169cbe4fad19f
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.12.3-0ubuntu3.1_i386.deb
      Size/MD5:   281538 4bd301b06894d6cd4e1be81678b4be2c
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-common_1.12.3-0ubuntu3.1_i386.deb
      Size/MD5:    32432 7723b32675d6ad213e825e98287c7069
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.12.3-0ubuntu3.1_i386.deb
      Size/MD5:   300604 9ce8e8ef85c82cabaf4e8b7bfb801c05
    http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.12.3-0ubuntu3.1_i386.udeb
      Size/MD5:   185128 15dfeed6702d8913ee23a9b89daaa27a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.12.3-0ubuntu3.1_powerpc.deb
      Size/MD5:   684284 3820ab5752792a0554d032237c6d049f
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.12.3-0ubuntu3.1_powerpc.deb
      Size/MD5:   296486 cf4c37e916fabb50bf1f9d6563cc3086
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-common_1.12.3-0ubuntu3.1_powerpc.deb
      Size/MD5:    36960 4711e9a7c92f656280145e09fabc54aa
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.12.3-0ubuntu3.1_powerpc.deb
      Size/MD5:   350058 c872e045849b8f4b34c90a44b7cbb08b
    http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.12.3-0ubuntu3.1_powerpc.udeb
      Size/MD5:   194288 9b65d99b129b9fc4189432fb3b686398

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.12.3-0ubuntu3.1_sparc.deb
      Size/MD5:   590364 bb12fd807bbe366bba5cb51a73ac2e86
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.12.3-0ubuntu3.1_sparc.deb
      Size/MD5:   285696 9e21a78eac3650c6382b56366e5c24da
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-common_1.12.3-0ubuntu3.1_sparc.deb
      Size/MD5:    32880 018271c1cffb4d64b6fb236f44dfba21
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.12.3-0ubuntu3.1_sparc.deb
      Size/MD5:   321630 ba578e44ca29ff4e09f091c0cbc4d710
    http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.12.3-0ubuntu3.1_sparc.udeb
      Size/MD5:   184978 8e97c008133b2cf71c2db6734894bb5e

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.20.5-0ubuntu1.1.diff.gz
      Size/MD5:    28413 491d5425656032d156d4060f2708ac5b
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.20.5-0ubuntu1.1.dsc
      Size/MD5:     1327 8ad3e3939c92ab1511ac0f701438b23b
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.20.5.orig.tar.gz
      Size/MD5:  2071747 e0fac4c2c99d903fdec3f8db60107f36

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-common_1.20.5-0ubuntu1.1_all.deb
      Size/MD5:    63608 04b86269a4399c5cdf19db8c720e9a83
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-doc_1.20.5-0ubuntu1.1_all.deb
      Size/MD5:   277850 b35ee97b0108333b156c64b5a85f3bf0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-0ubuntu1.1_amd64.deb
      Size/MD5:   721712 5624508e825bbe5fd64de4716f6f3875
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.20.5-0ubuntu1.1_amd64.deb
      Size/MD5:   305670 2a54d8c485987a212e57f45252d5f27d
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.20.5-0ubuntu1.1_amd64.deb
      Size/MD5:   387426 601d99e237fb3b42f23703aebecd7c2e
    http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.20.5-0ubuntu1.1_amd64.udeb
      Size/MD5:   225982 24eab50f837e4df93c626e7c7704dbed

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-0ubuntu1.1_i386.deb
      Size/MD5:   683650 c81d2a42d181a27706d664c18930ba16
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.20.5-0ubuntu1.1_i386.deb
      Size/MD5:   283686 fc1ad92f46f1f2bf6da1b3c64ec1d96c
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.20.5-0ubuntu1.1_i386.deb
      Size/MD5:   348082 05b8b3b76d2765abc8bf57decd719f2b
    http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.20.5-0ubuntu1.1_i386.udeb
      Size/MD5:   209962 6054d5233f46eb1441a082e032b95f6b

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-0ubuntu1.1_lpia.deb
      Size/MD5:   690498 b545625f176093f2319029b0150343f0
    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.20.5-0ubuntu1.1_lpia.deb
      Size/MD5:   281986 1689efa64b09f912c5dc7bd748c20198
    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.20.5-0ubuntu1.1_lpia.deb
      Size/MD5:   349140 0f04a29b457b62fc8a47a69cd7e7a17b
    http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.20.5-0ubuntu1.1_lpia.udeb
      Size/MD5:   209410 d07b5a41402030be7a48708052f44ae6

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-0ubuntu1.1_powerpc.deb
      Size/MD5:   734052 afe9bf600732f91f80d53ab81e3b3bc2
    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.20.5-0ubuntu1.1_powerpc.deb
      Size/MD5:   299506 7705155e437bcc8b6a45e22ea1b6cf28
    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.20.5-0ubuntu1.1_powerpc.deb
      Size/MD5:   394560 62cab62f7bcc2b2b938f093a3208241c
    http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.20.5-0ubuntu1.1_powerpc.udeb
      Size/MD5:   221120 e913027b850970dce415b863cd46e37b

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-0ubuntu1.1_sparc.deb
      Size/MD5:   656344 ce4cdf162e3d048722308ed068d67bbb
    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.20.5-0ubuntu1.1_sparc.deb
      Size/MD5:   276904 b732040e5ee1ba793858b6f62613447d
    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.20.5-0ubuntu1.1_sparc.deb
      Size/MD5:   361848 3b315e7cf8b0df498c022d3a9bc648d4
    http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.20.5-0ubuntu1.1_sparc.udeb
      Size/MD5:   201780 714d774a93755adeb322ad4f5f241a6d

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.22.2-0ubuntu1.1.diff.gz
      Size/MD5:    29604 806703705b7572b9f8dca8d1acc5e290
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.22.2-0ubuntu1.1.dsc
      Size/MD5:     1821 a5c848d38d53c249bd7d234aaf3a2495
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.22.2.orig.tar.gz
      Size/MD5:  2129352 ac0187a02e34dd546f73647a7bc9d946

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-common_1.22.2-0ubuntu1.1_all.deb
      Size/MD5:    66420 80863edb6443bb20ce85e2669fa344db
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-doc_1.22.2-0ubuntu1.1_all.deb
      Size/MD5:   283724 7ebe97434d68260a1c60b8c336733578

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.22.2-0ubuntu1.1_amd64.deb
      Size/MD5:   784366 c32ef609c6f1f36ca64ed0a4fe7e52de
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.22.2-0ubuntu1.1_amd64.deb
      Size/MD5:   318300 a9ab95a8373d1a4ea5098c3ef617fee5
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.22.2-0ubuntu1.1_amd64.deb
      Size/MD5:   403124 39853f549a42966a5bdaa2eb990d681f
    http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.22.2-0ubuntu1.1_amd64.udeb
      Size/MD5:   237932 ae0fc762a8d1cdaad163d7ad03518bfe

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.22.2-0ubuntu1.1_i386.deb
      Size/MD5:   732012 d3edc099dadae3d1c4a73d43c1ce1ef2
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.22.2-0ubuntu1.1_i386.deb
      Size/MD5:   292710 0adfe076b366794ccc98b0937df79435
    http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.22.2-0ubuntu1.1_i386.deb
      Size/MD5:   361702 a94869f26a32f8cf4ec0e70c66fc0421
    http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.22.2-0ubuntu1.1_i386.udeb
      Size/MD5:   220458 92a7ba465b1339115ecbc7e5179aa586

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.22.2-0ubuntu1.1_lpia.deb
      Size/MD5:   739278 f7b7bf341c5356184876d8a2fc9bca88
    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.22.2-0ubuntu1.1_lpia.deb
      Size/MD5:   291002 3a21b8d4e5173b754c3c7d4e83dd3d8e
    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.22.2-0ubuntu1.1_lpia.deb
      Size/MD5:   363694 d34b04083a45a6fec0d1ad03faf682c5
    http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.22.2-0ubuntu1.1_lpia.udeb
      Size/MD5:   219562 3d4d190806c912cd36240ce0b3a5ff4d

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.22.2-0ubuntu1.1_powerpc.deb
      Size/MD5:   785118 942bf391454fe269082057ddfba3f55d
    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.22.2-0ubuntu1.1_powerpc.deb
      Size/MD5:   313364 74f49a139cfa99944281c39a92716f49
    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.22.2-0ubuntu1.1_powerpc.deb
      Size/MD5:   410838 286c7f55c0a2a134d716385b9ca766c9
    http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.22.2-0ubuntu1.1_powerpc.udeb
      Size/MD5:   231958 4360108ddedf88938459fbd34975195c

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.22.2-0ubuntu1.1_sparc.deb
      Size/MD5:   698562 5f196f28580241385bd77acd0cd72aad
    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.22.2-0ubuntu1.1_sparc.deb
      Size/MD5:   289512 e7580d801de9a0532730a3ef1d315417
    http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.22.2-0ubuntu1.1_sparc.deb
      Size/MD5:   376752 bcde95529c4e80a6f0aa140e40316fd3
    http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.22.2-0ubuntu1.1_sparc.udeb
      Size/MD5:   212532 e18d12dbfb924f08d57869b5074310f0



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.