Paketname
pango
Datum
2009-12-03
Advisory ID
MDVSA-2009:158-3
Betroffene Versionen
2008.0 i586 , 2008.0 x86_64

Problembeschreibung

Integer overflow in the pango_glyph_string_set_size function in
pango/glyphstring.c in Pango before 1.24 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long glyph string that triggers a
heap-based buffer overflow.

This update corrects the issue.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Aktualisierte Pakete

2008.0 i586

 5fa3cde904bb3471f2808597d4495a90  2008.0/i586/libpango1.0_0-1.18.2-1.1mdv2008.0.i586.rpm
 70cd4862c5bc27ff2548ea082ef2562b  2008.0/i586/libpango1.0_0-modules-1.18.2-1.1mdv2008.0.i586.rpm
 06a9a5a78ffa999cb12bd5de367789cc  2008.0/i586/libpango1.0-devel-1.18.2-1.1mdv2008.0.i586.rpm
 77ca034f4f673aef5ef9a147e7fd6b10  2008.0/i586/pango-1.18.2-1.1mdv2008.0.i586.rpm
 d57f4104fd1607dca80c7d4e8d775ae7  2008.0/i586/pango-doc-1.18.2-1.1mdv2008.0.i586.rpm 
 1d01963df79f7762776dc35e4023ea5b  2008.0/SRPMS/pango-1.18.2-1.1mdv2008.0.src.rpm

2008.0 x86_64

 1fdf6ef81c94fee53da3c154709483ad  2008.0/x86_64/lib64pango1.0_0-1.18.2-1.1mdv2008.0.x86_64.rpm
 2a5831a2e8bdc4dcce62f8ecbe9f1dfd  2008.0/x86_64/lib64pango1.0_0-modules-1.18.2-1.1mdv2008.0.x86_64.rpm
 18803302ca6edff9c50f9bb66e095e80  2008.0/x86_64/lib64pango1.0-devel-1.18.2-1.1mdv2008.0.x86_64.rpm
 56a5dff6f3dc09912b22ea955970ae1c  2008.0/x86_64/pango-1.18.2-1.1mdv2008.0.x86_64.rpm
 2b2fc7e5a1c7597dead4d6138089f7c3  2008.0/x86_64/pango-doc-1.18.2-1.1mdv2008.0.x86_64.rpm 
 1d01963df79f7762776dc35e4023ea5b  2008.0/SRPMS/pango-1.18.2-1.1mdv2008.0.src.rpm

Referenzen