-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:121 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pango Date : June 22, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in pango: Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database (CVE-2010-0421). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0421 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 531ca422fc6a6777106d52a282ba6f3e 2008.0/i586/libpango1.0_0-1.18.2-1.2mdv2008.0.i586.rpm f23ea5bef4b70a102e857faa17bde950 2008.0/i586/libpango1.0_0-modules-1.18.2-1.2mdv2008.0.i586.rpm 1c015751f614a1559636d91bf4dbf658 2008.0/i586/libpango1.0-devel-1.18.2-1.2mdv2008.0.i586.rpm 327fa9bbc9553e8b6e32154d147ac9cd 2008.0/i586/pango-1.18.2-1.2mdv2008.0.i586.rpm b18559906ed0c756fd2232d7286ef3e9 2008.0/i586/pango-doc-1.18.2-1.2mdv2008.0.i586.rpm 199adcc22840415441eae58ab0d686f5 2008.0/SRPMS/pango-1.18.2-1.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: d4c104a71623556bfaae5b910d72d188 2008.0/x86_64/lib64pango1.0_0-1.18.2-1.2mdv2008.0.x86_64.rpm e019d97785600e3e4bfb5d0f9ab72b74 2008.0/x86_64/lib64pango1.0_0-modules-1.18.2-1.2mdv2008.0.x86_64.rpm 21303d77e999fb7ea751c7e187a6ea89 2008.0/x86_64/lib64pango1.0-devel-1.18.2-1.2mdv2008.0.x86_64.rpm 1a5f6892ee5e0bd5b17aaea3f05c07f3 2008.0/x86_64/pango-1.18.2-1.2mdv2008.0.x86_64.rpm 844fed2ee045b84c34a7d24adcc0ca1b 2008.0/x86_64/pango-doc-1.18.2-1.2mdv2008.0.x86_64.rpm 199adcc22840415441eae58ab0d686f5 2008.0/SRPMS/pango-1.18.2-1.2mdv2008.0.src.rpm Mandriva Linux 2009.0: f818a1b8cf40a15ca6e7d4a578f858b0 2009.0/i586/libpango1.0_0-1.22.0-1.2mdv2009.0.i586.rpm dc25662f0d2b9d0b36597935d32cf0e0 2009.0/i586/libpango1.0_0-modules-1.22.0-1.2mdv2009.0.i586.rpm 9de63eebb567bac21147c9a71929fa94 2009.0/i586/libpango1.0-devel-1.22.0-1.2mdv2009.0.i586.rpm 5f2d9e530f510715ba9800da9132507c 2009.0/i586/pango-1.22.0-1.2mdv2009.0.i586.rpm 54264e559ff61ea82ce0aaa10fcd7807 2009.0/i586/pango-doc-1.22.0-1.2mdv2009.0.i586.rpm 61b1e84d9e94441486739e706e5807aa 2009.0/SRPMS/pango-1.22.0-1.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: d89182f1a67df154436f911ab49c998c 2009.0/x86_64/lib64pango1.0_0-1.22.0-1.2mdv2009.0.x86_64.rpm 5128373e230e002664ac1ee89196b4c2 2009.0/x86_64/lib64pango1.0_0-modules-1.22.0-1.2mdv2009.0.x86_64.rpm bb99fd715de3806760035e88fcf54004 2009.0/x86_64/lib64pango1.0-devel-1.22.0-1.2mdv2009.0.x86_64.rpm ac258b1e139acc2ea92c208fdedcf008 2009.0/x86_64/pango-1.22.0-1.2mdv2009.0.x86_64.rpm b66f33df75d3889033d9331f4faa81e6 2009.0/x86_64/pango-doc-1.22.0-1.2mdv2009.0.x86_64.rpm 61b1e84d9e94441486739e706e5807aa 2009.0/SRPMS/pango-1.22.0-1.2mdv2009.0.src.rpm Mandriva Linux 2009.1: e051fbe50943e1b8ff04e6bda1a6731e 2009.1/i586/libpango1.0_0-1.24.1-1.1mdv2009.1.i586.rpm d4004ac5c7b3554005acef696c95ed17 2009.1/i586/libpango1.0_0-modules-1.24.1-1.1mdv2009.1.i586.rpm 1753030920b0dc28410ec500027f5fa8 2009.1/i586/libpango1.0-devel-1.24.1-1.1mdv2009.1.i586.rpm 6d113a2583bf72252c6986d4161e30eb 2009.1/i586/pango-1.24.1-1.1mdv2009.1.i586.rpm 9bb53788f7448ff149203a1ecc57d88b 2009.1/i586/pango-doc-1.24.1-1.1mdv2009.1.i586.rpm 19b1fd94242fe7477bfd3c9f332be5cb 2009.1/SRPMS/pango-1.24.1-1.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 96905bb1cb15f2f78eca3f1fc18a18ff 2009.1/x86_64/lib64pango1.0_0-1.24.1-1.1mdv2009.1.x86_64.rpm 155f81e153d65cce320ad7b1038caccd 2009.1/x86_64/lib64pango1.0_0-modules-1.24.1-1.1mdv2009.1.x86_64.rpm 6ccb79cec84f207d2bf032cec02fb828 2009.1/x86_64/lib64pango1.0-devel-1.24.1-1.1mdv2009.1.x86_64.rpm 84a045a5db31ccf90df5910ad8908e93 2009.1/x86_64/pango-1.24.1-1.1mdv2009.1.x86_64.rpm d3b06564ce5342d98162e5b62fda7379 2009.1/x86_64/pango-doc-1.24.1-1.1mdv2009.1.x86_64.rpm 19b1fd94242fe7477bfd3c9f332be5cb 2009.1/SRPMS/pango-1.24.1-1.1mdv2009.1.src.rpm Mandriva Linux 2010.0: 7aa21a2139fa09a02c3134d24df405c4 2010.0/i586/libpango1.0_0-1.26.1-1.2mdv2010.0.i586.rpm ba1ce579d66cad852f38dff557370a3a 2010.0/i586/libpango1.0_0-modules-1.26.1-1.2mdv2010.0.i586.rpm a96ce9eb840b45496004761a8bf0c685 2010.0/i586/libpango1.0-devel-1.26.1-1.2mdv2010.0.i586.rpm 2c964e5dd3b3ac686fff3edc5bd7e712 2010.0/i586/pango-1.26.1-1.2mdv2010.0.i586.rpm 6ef221cd2253d26187117ae4a7cb7dd9 2010.0/i586/pango-doc-1.26.1-1.2mdv2010.0.i586.rpm 08b72577a1117f4fc2f29f53f5edeaec 2010.0/SRPMS/pango-1.26.1-1.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: f4744cc096aac8bfd32240331881e99e 2010.0/x86_64/lib64pango1.0_0-1.26.1-1.2mdv2010.0.x86_64.rpm 54919bd634eaa10ecbbcb5e140650973 2010.0/x86_64/lib64pango1.0_0-modules-1.26.1-1.2mdv2010.0.x86_64.rpm 18bdc1b62b64ed3381e8bc98b8ec20ad 2010.0/x86_64/lib64pango1.0-devel-1.26.1-1.2mdv2010.0.x86_64.rpm 2a6613f8941689eff8a3dd780cf04b11 2010.0/x86_64/pango-1.26.1-1.2mdv2010.0.x86_64.rpm c0a1406e8ed4096bf5481fe38837b6dc 2010.0/x86_64/pango-doc-1.26.1-1.2mdv2010.0.x86_64.rpm 08b72577a1117f4fc2f29f53f5edeaec 2010.0/SRPMS/pango-1.26.1-1.2mdv2010.0.src.rpm Mandriva Enterprise Server 5: d6decc56a38a11a5a13984fc83559385 mes5/i586/libpango1.0_0-1.22.0-1.2mdvmes5.1.i586.rpm e5d925f17dd0701cf3c49f08c29fe603 mes5/i586/libpango1.0_0-modules-1.22.0-1.2mdvmes5.1.i586.rpm 17c7a506f6808b3ee9f5f6b75a5379fa mes5/i586/libpango1.0-devel-1.22.0-1.2mdvmes5.1.i586.rpm 0e5dd5095994251fde994f2fa26358e8 mes5/i586/pango-1.22.0-1.2mdvmes5.1.i586.rpm 63a4f9187fe13157433ce165f4ef9efd mes5/i586/pango-doc-1.22.0-1.2mdvmes5.1.i586.rpm 6425231a4d3181a952f1f5d16551ccd9 mes5/SRPMS/pango-1.22.0-1.2mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 116891a295279dba835c846c69dcfb93 mes5/x86_64/lib64pango1.0_0-1.22.0-1.2mdvmes5.1.x86_64.rpm 9d75fb24121b6852985dd8be7edbe59b mes5/x86_64/lib64pango1.0_0-modules-1.22.0-1.2mdvmes5.1.x86_64.rpm 26bbb15efd26cdd94c9d8ee2e4a7278d mes5/x86_64/lib64pango1.0-devel-1.22.0-1.2mdvmes5.1.x86_64.rpm 4ea150efc21c643109197382c0c592f0 mes5/x86_64/pango-1.22.0-1.2mdvmes5.1.x86_64.rpm 4dd5ce363b7eaa068cab0c387cc23230 mes5/x86_64/pango-doc-1.22.0-1.2mdvmes5.1.x86_64.rpm 6425231a4d3181a952f1f5d16551ccd9 mes5/SRPMS/pango-1.22.0-1.2mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMIKwSmqjQ0CJFipgRAsccAKC3/3dngpLvYeSYi8xMg6YC5HDXzQCg22P2 vb2+9XXDoWgnbqodhU1lexM= =Ow3o -----END PGP SIGNATURE-----