Support / Security / Advisories / Mandriva Linux 2009.0 / MDVSA-2009:158

Package name: pango
Date: 2009-07-23
Advisory ID: MDVSA-2009:158
Affected versions: 2009.0 x86_64 , CS4.0 x86_64 , 2009.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586

Problem description

Integer overflow in the pango_glyph_string_set_size function in
pango/glyphstring.c in Pango before 1.24 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long glyph string that triggers a
heap-based buffer overflow.

This update corrects the issue.

Updated packages

2009.0 x86_64

 7b0fe4350cd4eaf9721c5ef651a3a7f7  2009.0/x86_64/lib64pango1.0_0-1.22.0-1.1mdv2009.0.x86_64.rpm
 4a4705192e1c5c52b7ad38bd3fe8bdbb  2009.0/x86_64/lib64pango1.0_0-modules-1.22.0-1.1mdv2009.0.x86_64.rpm
 09f7b36c23d737eb664b002940759285  2009.0/x86_64/lib64pango1.0-devel-1.22.0-1.1mdv2009.0.x86_64.rpm
 770f30616e2b5347cb2fdcfeedc4a9e2  2009.0/x86_64/pango-1.22.0-1.1mdv2009.0.x86_64.rpm
 e018b02b91e86cfb5dee7956a8cedf73  2009.0/x86_64/pango-doc-1.22.0-1.1mdv2009.0.x86_64.rpm 
 9babd2521bb72bd3db9020ebf3468a23  2009.0/SRPMS/pango-1.22.0-1.1mdv2009.0.src.rpm

CS4.0 x86_64

 ab4a921995dd9c8833e78448e7ef43c4  corporate/4.0/x86_64/lib64pango1.0_0-1.10.0-3.1.20060mlcs4.x86_64.rpm
 dee3544eb5186529e4d4029acd027281  corporate/4.0/x86_64/lib64pango1.0_0-devel-1.10.0-3.1.20060mlcs4.x86_64.rpm
 f4393cfae3d426fe0338c54ef6efef87  corporate/4.0/x86_64/lib64pango1.0_0-modules-1.10.0-3.1.20060mlcs4.x86_64.rpm
 d159dc502f3b50ac6d3cbb6445e6bfdb  corporate/4.0/x86_64/pango-1.10.0-3.1.20060mlcs4.x86_64.rpm 
 7572845f90416d883d47b3681ccf5451  corporate/4.0/SRPMS/pango-1.10.0-3.1.20060mlcs4.src.rpm

2009.0 i586

 f220768c739dc9cae9f71de3cb43996e  2009.0/i586/libpango1.0_0-1.22.0-1.1mdv2009.0.i586.rpm
 013fc29cec91e9b215394d00db29b1e7  2009.0/i586/libpango1.0_0-modules-1.22.0-1.1mdv2009.0.i586.rpm
 b0bcd8e080aafd56a8e1f79f4fff96fe  2009.0/i586/libpango1.0-devel-1.22.0-1.1mdv2009.0.i586.rpm
 b5d939dfca4c10eab1c1f9b2fb20f4a1  2009.0/i586/pango-1.22.0-1.1mdv2009.0.i586.rpm
 d969812c6a1ad44513f0d6b7d65633c5  2009.0/i586/pango-doc-1.22.0-1.1mdv2009.0.i586.rpm 
 9babd2521bb72bd3db9020ebf3468a23  2009.0/SRPMS/pango-1.22.0-1.1mdv2009.0.src.rpm

CS3.0 x86_64

 f0fb3f936e0d42cbb8bf4dd9113d7832  corporate/3.0/x86_64/lib64pango1.0_0-1.2.5-3.1.C30mdk.x86_64.rpm
 51004f18ca85021b81671ccd0b0f0e43  corporate/3.0/x86_64/lib64pango1.0_0-devel-1.2.5-3.1.C30mdk.x86_64.rpm
 bc25d953caf5c64455d6b9f21407eb5c  corporate/3.0/x86_64/pango-1.2.5-3.1.C30mdk.x86_64.rpm 
 567cb4d9dd07d90ec17f736fcc3acb16  corporate/3.0/SRPMS/pango-1.2.5-3.1.C30mdk.src.rpm

CS4.0 i586

 d05ac0d15b5f6aa0ccae2e9138cbd32a  corporate/4.0/i586/libpango1.0_0-1.10.0-3.1.20060mlcs4.i586.rpm
 ecbc51723ca7d5ca22873589e6540d0e  corporate/4.0/i586/libpango1.0_0-devel-1.10.0-3.1.20060mlcs4.i586.rpm
 6c95ac70dddcca56dec35ffcbe4adde8  corporate/4.0/i586/libpango1.0_0-modules-1.10.0-3.1.20060mlcs4.i586.rpm
 94bb1b067bf1f8b0afb5a019f6f83597  corporate/4.0/i586/pango-1.10.0-3.1.20060mlcs4.i586.rpm 
 7572845f90416d883d47b3681ccf5451  corporate/4.0/SRPMS/pango-1.10.0-3.1.20060mlcs4.src.rpm

CS3.0 i586

 fe6b828f9488f85f080869c42d380803  corporate/3.0/i586/libpango1.0_0-1.2.5-3.1.C30mdk.i586.rpm
 67cf76c4f817b91e985053093ec0fc8a  corporate/3.0/i586/libpango1.0_0-devel-1.2.5-3.1.C30mdk.i586.rpm
 ef94bdec5331c62a74567633278bce54  corporate/3.0/i586/pango-1.2.5-3.1.C30mdk.i586.rpm 
 567cb4d9dd07d90ec17f736fcc3acb16  corporate/3.0/SRPMS/pango-1.2.5-3.1.C30mdk.src.rpm

2008.1 x86_64

 67b5cc0b18d59f082cf2fbb9a4cf2153  2008.1/x86_64/lib64pango1.0_0-1.20.0-1.1mdv2008.1.x86_64.rpm
 3a9e41e784c5807196ea290aa14458c6  2008.1/x86_64/lib64pango1.0_0-modules-1.20.0-1.1mdv2008.1.x86_64.rpm
 8a2dbf2550af4653900562b368d84415  2008.1/x86_64/lib64pango1.0-devel-1.20.0-1.1mdv2008.1.x86_64.rpm
 fc58e14c4df213c0bf693558782216d3  2008.1/x86_64/pango-1.20.0-1.1mdv2008.1.x86_64.rpm
 69b9d122c29a07261bf12dd96d34acd5  2008.1/x86_64/pango-doc-1.20.0-1.1mdv2008.1.x86_64.rpm 
 1f6ea21816580571f4404a5b49b843ea  2008.1/SRPMS/pango-1.20.0-1.1mdv2008.1.src.rpm

2008.1 i586

 8ed2ac52ac18fa8debe4cf0d19e497c7  2008.1/i586/libpango1.0_0-1.20.0-1.1mdv2008.1.i586.rpm
 430718c1ceb4b769a64aef5bd95a60b0  2008.1/i586/libpango1.0_0-modules-1.20.0-1.1mdv2008.1.i586.rpm
 90e14f60562814605b6884021ae4e8eb  2008.1/i586/libpango1.0-devel-1.20.0-1.1mdv2008.1.i586.rpm
 86f789f5f599d31da2dba3f5a4d457eb  2008.1/i586/pango-1.20.0-1.1mdv2008.1.i586.rpm
 c7f57b7106f2affcfa9833f90a11edfb  2008.1/i586/pango-doc-1.20.0-1.1mdv2008.1.i586.rpm 
 1f6ea21816580571f4404a5b49b843ea  2008.1/SRPMS/pango-1.20.0-1.1mdv2008.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194