exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-040

Mandriva Linux Security Advisory 2011-040
Posted Mar 3, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-040 - It was discovered that pango did not check for memory reallocation failures in hb_buffer_ensure() function. This could trigger a NULL pointer dereference in hb_buffer_add_glyph(), where possibly untrusted input is used as an index used for accessing members of the incorrectly reallocated array, resulting in the use of NULL address as the base array address. This can result in application crash or, possibly, code execution. The updated packages have been patched to correct this issue.

tags | advisory, code execution
systems | linux, mandriva
advisories | CVE-2011-1002
SHA-256 | c5b09e373563ef82a7c5f2f1998cb4c70210c22b3280d4d73887ba393b446858

Mandriva Linux Security Advisory 2011-040

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:040
http://www.mandriva.com/security/
_______________________________________________________________________

Package : pango
Date : March 3, 2011
Affected: 2010.0, 2010.1
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in pango:

It was discovered that pango did not check for memory reallocation
failures in hb_buffer_ensure() function. This could trigger a NULL
pointer dereference in hb_buffer_add_glyph(), where possibly untrusted
input is used as an index used for accessing members of the incorrectly
reallocated array, resulting in the use of NULL address as the base
array address. This can result in application crash or, possibly,
code execution (CVE-2011-1002).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1002
https://bugzilla.redhat.com/show_bug.cgi?id=678563
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.0:
6fd8e4a7c454dd2a096bd46567da3e3f 2010.0/i586/libpango1.0_0-1.26.1-1.4mdv2010.0.i586.rpm
23afc6e5be9198115764c2769762663d 2010.0/i586/libpango1.0_0-modules-1.26.1-1.4mdv2010.0.i586.rpm
835c4cd9c5ac50a45f9fbe7b6f0fb5b8 2010.0/i586/libpango1.0-devel-1.26.1-1.4mdv2010.0.i586.rpm
91c004a68a5b88343b28f040f115b4da 2010.0/i586/pango-1.26.1-1.4mdv2010.0.i586.rpm
01b65088b9a6f36ddf4d2786e2f3a149 2010.0/i586/pango-doc-1.26.1-1.4mdv2010.0.i586.rpm
3955098bb34520f1a13d5ecee510c9cc 2010.0/SRPMS/pango-1.26.1-1.4mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
387a9552ee57b01c94c6285178d3dabe 2010.0/x86_64/lib64pango1.0_0-1.26.1-1.4mdv2010.0.x86_64.rpm
2df2162ac3268f45a4ede48873922025 2010.0/x86_64/lib64pango1.0_0-modules-1.26.1-1.4mdv2010.0.x86_64.rpm
e9d593be8697b889cec12f28a773fe1d 2010.0/x86_64/lib64pango1.0-devel-1.26.1-1.4mdv2010.0.x86_64.rpm
fde1b58e8ca688085dd1d86e15925b9a 2010.0/x86_64/pango-1.26.1-1.4mdv2010.0.x86_64.rpm
c857e033aa195150d8f45f3a4323e50a 2010.0/x86_64/pango-doc-1.26.1-1.4mdv2010.0.x86_64.rpm
3955098bb34520f1a13d5ecee510c9cc 2010.0/SRPMS/pango-1.26.1-1.4mdv2010.0.src.rpm

Mandriva Linux 2010.1:
5d35c65f8f52b945742eb581e776ccb4 2010.1/i586/libpango1.0_0-1.28.0-1.2mdv2010.2.i586.rpm
387d636388abfa8794157560bcdb9604 2010.1/i586/libpango1.0_0-modules-1.28.0-1.2mdv2010.2.i586.rpm
2dd6379504bcb7af4b5785599bef45dd 2010.1/i586/libpango1.0-devel-1.28.0-1.2mdv2010.2.i586.rpm
c29524f0ae26ff0febe70032b2613f8d 2010.1/i586/pango-1.28.0-1.2mdv2010.2.i586.rpm
50579737b89038c3de71e5b0955ef6d0 2010.1/i586/pango-doc-1.28.0-1.2mdv2010.2.i586.rpm
9a031727263d0518b8c0d523287c2d34 2010.1/SRPMS/pango-1.28.0-1.2mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
e6c3ba638491fb4b7d525dbba0b5912c 2010.1/x86_64/lib64pango1.0_0-1.28.0-1.2mdv2010.2.x86_64.rpm
ef579cb80c790a3d96cf60320d846dac 2010.1/x86_64/lib64pango1.0_0-modules-1.28.0-1.2mdv2010.2.x86_64.rpm
867087f5241ae98985c8fbadcde256a2 2010.1/x86_64/lib64pango1.0-devel-1.28.0-1.2mdv2010.2.x86_64.rpm
b4d9141930b7ef029077560e2949dec7 2010.1/x86_64/pango-1.28.0-1.2mdv2010.2.x86_64.rpm
ca75549f5c2ee0f5c221945196664dc3 2010.1/x86_64/pango-doc-1.28.0-1.2mdv2010.2.x86_64.rpm
9a031727263d0518b8c0d523287c2d34 2010.1/SRPMS/pango-1.28.0-1.2mdv2010.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNb1/KmqjQ0CJFipgRAnqMAKCmrwH4HedS1T04D8myycjkU2CPCACgjbrx
LXaNDA529pHUMl6zFmx/TAA=
=U6Li
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close