Mandriva: 2011:040: pango - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 20th, 2013

Linux Advisory Watch: May 17th, 2013

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Mandriva: 2011:040: pango

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

A vulnerability has been found and corrected in pango: It was discovered that pango did not check for memory reallocation failures in hb_buffer_ensure() function. This could trigger a NULL pointer dereference in hb_buffer_add_glyph(), where possibly untrusted [More...]

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:040
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pango
 Date    : March 3, 2011
 Affected: 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in pango:
 
 It was discovered that pango did not check for memory reallocation
 failures in hb_buffer_ensure() function.  This could trigger a NULL
 pointer dereference in hb_buffer_add_glyph(), where possibly untrusted
 input is used as an index used for accessing members of the incorrectly
 reallocated array, resulting in the use of NULL address as the base
 array address.  This can result in application crash or, possibly,
 code execution (CVE-2011-1002).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1002
 https://bugzilla.redhat.com/show_bug.cgi?id=678563
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 6fd8e4a7c454dd2a096bd46567da3e3f  2010.0/i586/libpango1.0_0-1.26.1-1.4mdv2010.0.i586.rpm
 23afc6e5be9198115764c2769762663d  2010.0/i586/libpango1.0_0-modules-1.26.1-1.4mdv2010.0.i586.rpm
 835c4cd9c5ac50a45f9fbe7b6f0fb5b8  2010.0/i586/libpango1.0-devel-1.26.1-1.4mdv2010.0.i586.rpm
 91c004a68a5b88343b28f040f115b4da  2010.0/i586/pango-1.26.1-1.4mdv2010.0.i586.rpm
 01b65088b9a6f36ddf4d2786e2f3a149  2010.0/i586/pango-doc-1.26.1-1.4mdv2010.0.i586.rpm 
 3955098bb34520f1a13d5ecee510c9cc  2010.0/SRPMS/pango-1.26.1-1.4mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 387a9552ee57b01c94c6285178d3dabe  2010.0/x86_64/lib64pango1.0_0-1.26.1-1.4mdv2010.0.x86_64.rpm
 2df2162ac3268f45a4ede48873922025  2010.0/x86_64/lib64pango1.0_0-modules-1.26.1-1.4mdv2010.0.x86_64.rpm
 e9d593be8697b889cec12f28a773fe1d  2010.0/x86_64/lib64pango1.0-devel-1.26.1-1.4mdv2010.0.x86_64.rpm
 fde1b58e8ca688085dd1d86e15925b9a  2010.0/x86_64/pango-1.26.1-1.4mdv2010.0.x86_64.rpm
 c857e033aa195150d8f45f3a4323e50a  2010.0/x86_64/pango-doc-1.26.1-1.4mdv2010.0.x86_64.rpm 
 3955098bb34520f1a13d5ecee510c9cc  2010.0/SRPMS/pango-1.26.1-1.4mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 5d35c65f8f52b945742eb581e776ccb4  2010.1/i586/libpango1.0_0-1.28.0-1.2mdv2010.2.i586.rpm
 387d636388abfa8794157560bcdb9604  2010.1/i586/libpango1.0_0-modules-1.28.0-1.2mdv2010.2.i586.rpm
 2dd6379504bcb7af4b5785599bef45dd  2010.1/i586/libpango1.0-devel-1.28.0-1.2mdv2010.2.i586.rpm
 c29524f0ae26ff0febe70032b2613f8d  2010.1/i586/pango-1.28.0-1.2mdv2010.2.i586.rpm
 50579737b89038c3de71e5b0955ef6d0  2010.1/i586/pango-doc-1.28.0-1.2mdv2010.2.i586.rpm 
 9a031727263d0518b8c0d523287c2d34  2010.1/SRPMS/pango-1.28.0-1.2mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 e6c3ba638491fb4b7d525dbba0b5912c  2010.1/x86_64/lib64pango1.0_0-1.28.0-1.2mdv2010.2.x86_64.rpm
 ef579cb80c790a3d96cf60320d846dac  2010.1/x86_64/lib64pango1.0_0-modules-1.28.0-1.2mdv2010.2.x86_64.rpm
 867087f5241ae98985c8fbadcde256a2  2010.1/x86_64/lib64pango1.0-devel-1.28.0-1.2mdv2010.2.x86_64.rpm
 b4d9141930b7ef029077560e2949dec7  2010.1/x86_64/pango-1.28.0-1.2mdv2010.2.x86_64.rpm
 ca75549f5c2ee0f5c221945196664dc3  2010.1/x86_64/pango-doc-1.28.0-1.2mdv2010.2.x86_64.rpm 
 9a031727263d0518b8c0d523287c2d34  2010.1/SRPMS/pango-1.28.0-1.2mdv2010.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

< Prev		Next >

Partner

Latest Features

Securing a Linux Web Server

Password guessing with Medusa 2.0

Password guessing as an attack vector

Squid and Digest Authentication

Squid and Basic Authentication

Demystifying the Chinese Hacking Industry: Earning 6 Million a Night

Free Online security course (LearnSIA) - A Call for Help

What You Need to Know About Linux Rootkits

Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition

Using the sec-wall Security Proxy

Yesterday's Edition

Samsung Galaxy S4 already hacked

WikiLeaks Donations Down to a Trickle

Partner Sponsor