what you don't know can hurt you

Mandriva Linux Security Advisory 2011-020

Mandriva Linux Security Advisory 2011-020
Posted Feb 4, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-020 - Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-0020
MD5 | e74249313c93aec7a78c42ed27493af7

Mandriva Linux Security Advisory 2011-020

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:020
http://www.mandriva.com/security/
_______________________________________________________________________

Package : pango
Date : February 3, 2011
Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in pango:

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph
function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and
earlier, when the FreeType2 backend is enabled, allows user-assisted
remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via a crafted font file, related
to the glyph box for an FT_Bitmap object (CVE-2011-0020).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0020
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
3db899ee2110f39b1ccd450e843c5ea7 2009.0/i586/libpango1.0_0-1.22.0-1.3mdv2009.0.i586.rpm
657942516e020b16eeae32f3dc836baa 2009.0/i586/libpango1.0_0-modules-1.22.0-1.3mdv2009.0.i586.rpm
a0d719bc484d596463584df98f8409bb 2009.0/i586/libpango1.0-devel-1.22.0-1.3mdv2009.0.i586.rpm
dc1c8c09bad4ae804e1bb2ce4742bef5 2009.0/i586/pango-1.22.0-1.3mdv2009.0.i586.rpm
d813fc06f5c2b0bb8603195e9b15eb44 2009.0/i586/pango-doc-1.22.0-1.3mdv2009.0.i586.rpm
cf41ce5c54a19123fa00b9e5a7bf337c 2009.0/SRPMS/pango-1.22.0-1.3mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
c3ecff33fccaf66946ba903618e8fe80 2009.0/x86_64/lib64pango1.0_0-1.22.0-1.3mdv2009.0.x86_64.rpm
625b9c358058a66126b7bc8b6f470542 2009.0/x86_64/lib64pango1.0_0-modules-1.22.0-1.3mdv2009.0.x86_64.rpm
6bd9614af885e259e8c7a5cabed52c2e 2009.0/x86_64/lib64pango1.0-devel-1.22.0-1.3mdv2009.0.x86_64.rpm
f7ac71ef96b15763d7811a62268ce474 2009.0/x86_64/pango-1.22.0-1.3mdv2009.0.x86_64.rpm
88aeba0d580db27b55ea5c341a009a9c 2009.0/x86_64/pango-doc-1.22.0-1.3mdv2009.0.x86_64.rpm
cf41ce5c54a19123fa00b9e5a7bf337c 2009.0/SRPMS/pango-1.22.0-1.3mdv2009.0.src.rpm

Mandriva Linux 2010.0:
0f31c217fcce79812382aa0afe596ebb 2010.0/i586/libpango1.0_0-1.26.1-1.3mdv2010.0.i586.rpm
850331d36fa05429ea3093ca5a7169c7 2010.0/i586/libpango1.0_0-modules-1.26.1-1.3mdv2010.0.i586.rpm
60784c0f7bf71e5d705ced8a3aa69c2d 2010.0/i586/libpango1.0-devel-1.26.1-1.3mdv2010.0.i586.rpm
0eabd2c0ae48b8fd231d2fb98ff59438 2010.0/i586/pango-1.26.1-1.3mdv2010.0.i586.rpm
c6c2b7163064cfaadae3273717950363 2010.0/i586/pango-doc-1.26.1-1.3mdv2010.0.i586.rpm
7ff8d19db483746b5f2358c2329f8c27 2010.0/SRPMS/pango-1.26.1-1.3mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
924e4f26e516b281ca13cc17da4921ea 2010.0/x86_64/lib64pango1.0_0-1.26.1-1.3mdv2010.0.x86_64.rpm
cddbc1115fc480a080fcfd3d21b72896 2010.0/x86_64/lib64pango1.0_0-modules-1.26.1-1.3mdv2010.0.x86_64.rpm
61e116217d6fa6a53d770089fab658b7 2010.0/x86_64/lib64pango1.0-devel-1.26.1-1.3mdv2010.0.x86_64.rpm
488126e666f5d9d88168dc103d1f920b 2010.0/x86_64/pango-1.26.1-1.3mdv2010.0.x86_64.rpm
1e62fa8f1c3b6de475590b3531b912d5 2010.0/x86_64/pango-doc-1.26.1-1.3mdv2010.0.x86_64.rpm
7ff8d19db483746b5f2358c2329f8c27 2010.0/SRPMS/pango-1.26.1-1.3mdv2010.0.src.rpm

Mandriva Linux 2010.1:
6f08e84feda6c34cd0a69695633e9445 2010.1/i586/libpango1.0_0-1.28.0-1.1mdv2010.2.i586.rpm
090cf906caf8467730bbdc7579ff7411 2010.1/i586/libpango1.0_0-modules-1.28.0-1.1mdv2010.2.i586.rpm
025d3f6f48d1203680df92f04090986f 2010.1/i586/libpango1.0-devel-1.28.0-1.1mdv2010.2.i586.rpm
9138b7aa1dc8bebe0031443591491828 2010.1/i586/pango-1.28.0-1.1mdv2010.2.i586.rpm
82f6878b205ad3deb282150be602b7db 2010.1/i586/pango-doc-1.28.0-1.1mdv2010.2.i586.rpm
5c6a367bba096087944a8ef4eac4f742 2010.1/SRPMS/pango-1.28.0-1.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
8948263486380665fb3cbf190bdb456c 2010.1/x86_64/lib64pango1.0_0-1.28.0-1.1mdv2010.2.x86_64.rpm
a60afb49286243817dc5e811323fcc7a 2010.1/x86_64/lib64pango1.0_0-modules-1.28.0-1.1mdv2010.2.x86_64.rpm
4c53ea354ee601e23e2b0ac3f1bf4022 2010.1/x86_64/lib64pango1.0-devel-1.28.0-1.1mdv2010.2.x86_64.rpm
99ef9646fb2ffdf433ddd4b0c14f7d29 2010.1/x86_64/pango-1.28.0-1.1mdv2010.2.x86_64.rpm
3dfe10e1ebf51061ff790a0abc991da5 2010.1/x86_64/pango-doc-1.28.0-1.1mdv2010.2.x86_64.rpm
5c6a367bba096087944a8ef4eac4f742 2010.1/SRPMS/pango-1.28.0-1.1mdv2010.2.src.rpm

Mandriva Enterprise Server 5:
014efbcb7191ffc73672a84103fea5d1 mes5/i586/libpango1.0_0-1.22.0-1.3mdvmes5.1.i586.rpm
f5b2a2e2b78f8c60f67c2c57eede1aca mes5/i586/libpango1.0_0-modules-1.22.0-1.3mdvmes5.1.i586.rpm
e643d888e22e5cddbb9f4842a0656165 mes5/i586/libpango1.0-devel-1.22.0-1.3mdvmes5.1.i586.rpm
6f2b61d55cfd7e8bff5b123cae7a18c1 mes5/i586/pango-1.22.0-1.3mdvmes5.1.i586.rpm
d31917c58c0da3c5c57770495b60b8d3 mes5/i586/pango-doc-1.22.0-1.3mdvmes5.1.i586.rpm
2a5aa3359ff9262f8e9fd16b0889f57f mes5/SRPMS/pango-1.22.0-1.3mdvmes5.1.src.rpm

Mandriva Enterprise Server 5/X86_64:
2fffc8b9fb201a0a1d7eba51bbaacff3 mes5/x86_64/lib64pango1.0_0-1.22.0-1.3mdvmes5.1.x86_64.rpm
efa9038f2fcec442489c4152250165d2 mes5/x86_64/lib64pango1.0_0-modules-1.22.0-1.3mdvmes5.1.x86_64.rpm
1d819ba1901668c46158b8c4f5c1442b mes5/x86_64/lib64pango1.0-devel-1.22.0-1.3mdvmes5.1.x86_64.rpm
8e8de0cdc3893add91b846b10c1170b7 mes5/x86_64/pango-1.22.0-1.3mdvmes5.1.x86_64.rpm
3f9aa790337dcec22666b1271dcb723d mes5/x86_64/pango-doc-1.22.0-1.3mdvmes5.1.x86_64.rpm
2a5aa3359ff9262f8e9fd16b0889f57f mes5/SRPMS/pango-1.22.0-1.3mdvmes5.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNStlimqjQ0CJFipgRAuO3AJwPc4SpZKjKJddhZ1YggwBkGws2fwCgk4vp
bn5ujBdcxa+nA3WYTbHiOMU=
=8Y+o
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close