Pardus: 2010-40: Pango: Denial of Service
Posted by Benjamin D. Thomas   
A vulnerability was fixed in Pango, which can allow remote or local user to cause denial of service conditions
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-40            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-03-29
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
======
A vulnerability was fixed in Pango, which can allow remote or local user
to cause denial of service conditions


Description
==========
CVE-2010-0421:

Array index error in the hb_ot_layout_build_glyph_classes  function  in
pango/opentype/hb-ot-layout.cc   in Pango   allows   context-dependent
attackers to cause a denial of service (application crash) via a crafted
font file, related to building a synthetic Glyph Definition (aka  GDEF)
table by using this font's charmap and the Unicode property database.


Affected packages:

    pango-1.26.2-34-10, all before 2009

    pango-1.21.3-28-8, all before 2008



Resolution
=========
There are update(s) for pango-1.26.2-34-10, pango-1.21.3-28-8. You  can
update them via Package Manager or with a single command from console:

    pisi up pango-1.26.2-34-10 pango-1.21.3-28-8

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id381
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0421

------------------------------------------------------------------------