Support / Security / Advisories / Mandriva Linux 2010.0 / MDVSA-2011:020

Package name: pango
Date: 2011-02-03
Advisory ID: MDVSA-2011:020
Affected versions: 2009.0 x86_64 , MES5 i586 , 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.0 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in pango:

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph
function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and
earlier, when the FreeType2 backend is enabled, allows user-assisted
remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via a crafted font file, related
to the glyph box for an FT_Bitmap object (CVE-2011-0020).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Updated packages

2009.0 x86_64

 c3ecff33fccaf66946ba903618e8fe80  2009.0/x86_64/lib64pango1.0_0-1.22.0-1.3mdv2009.0.x86_64.rpm
 625b9c358058a66126b7bc8b6f470542  2009.0/x86_64/lib64pango1.0_0-modules-1.22.0-1.3mdv2009.0.x86_64.rpm
 6bd9614af885e259e8c7a5cabed52c2e  2009.0/x86_64/lib64pango1.0-devel-1.22.0-1.3mdv2009.0.x86_64.rpm
 f7ac71ef96b15763d7811a62268ce474  2009.0/x86_64/pango-1.22.0-1.3mdv2009.0.x86_64.rpm
 88aeba0d580db27b55ea5c341a009a9c  2009.0/x86_64/pango-doc-1.22.0-1.3mdv2009.0.x86_64.rpm 
 cf41ce5c54a19123fa00b9e5a7bf337c  2009.0/SRPMS/pango-1.22.0-1.3mdv2009.0.src.rpm

MES5 i586

 014efbcb7191ffc73672a84103fea5d1  mes5/i586/libpango1.0_0-1.22.0-1.3mdvmes5.1.i586.rpm
 f5b2a2e2b78f8c60f67c2c57eede1aca  mes5/i586/libpango1.0_0-modules-1.22.0-1.3mdvmes5.1.i586.rpm
 e643d888e22e5cddbb9f4842a0656165  mes5/i586/libpango1.0-devel-1.22.0-1.3mdvmes5.1.i586.rpm
 6f2b61d55cfd7e8bff5b123cae7a18c1  mes5/i586/pango-1.22.0-1.3mdvmes5.1.i586.rpm
 d31917c58c0da3c5c57770495b60b8d3  mes5/i586/pango-doc-1.22.0-1.3mdvmes5.1.i586.rpm 
 2a5aa3359ff9262f8e9fd16b0889f57f  mes5/SRPMS/pango-1.22.0-1.3mdvmes5.1.src.rpm

2010.0 x86_64

 924e4f26e516b281ca13cc17da4921ea  2010.0/x86_64/lib64pango1.0_0-1.26.1-1.3mdv2010.0.x86_64.rpm
 cddbc1115fc480a080fcfd3d21b72896  2010.0/x86_64/lib64pango1.0_0-modules-1.26.1-1.3mdv2010.0.x86_64.rpm
 61e116217d6fa6a53d770089fab658b7  2010.0/x86_64/lib64pango1.0-devel-1.26.1-1.3mdv2010.0.x86_64.rpm
 488126e666f5d9d88168dc103d1f920b  2010.0/x86_64/pango-1.26.1-1.3mdv2010.0.x86_64.rpm
 1e62fa8f1c3b6de475590b3531b912d5  2010.0/x86_64/pango-doc-1.26.1-1.3mdv2010.0.x86_64.rpm 
 7ff8d19db483746b5f2358c2329f8c27  2010.0/SRPMS/pango-1.26.1-1.3mdv2010.0.src.rpm

2010.1 i586

 6f08e84feda6c34cd0a69695633e9445  2010.1/i586/libpango1.0_0-1.28.0-1.1mdv2010.2.i586.rpm
 090cf906caf8467730bbdc7579ff7411  2010.1/i586/libpango1.0_0-modules-1.28.0-1.1mdv2010.2.i586.rpm
 025d3f6f48d1203680df92f04090986f  2010.1/i586/libpango1.0-devel-1.28.0-1.1mdv2010.2.i586.rpm
 9138b7aa1dc8bebe0031443591491828  2010.1/i586/pango-1.28.0-1.1mdv2010.2.i586.rpm
 82f6878b205ad3deb282150be602b7db  2010.1/i586/pango-doc-1.28.0-1.1mdv2010.2.i586.rpm 
 5c6a367bba096087944a8ef4eac4f742  2010.1/SRPMS/pango-1.28.0-1.1mdv2010.2.src.rpm

2010.0 i586

 0f31c217fcce79812382aa0afe596ebb  2010.0/i586/libpango1.0_0-1.26.1-1.3mdv2010.0.i586.rpm
 850331d36fa05429ea3093ca5a7169c7  2010.0/i586/libpango1.0_0-modules-1.26.1-1.3mdv2010.0.i586.rpm
 60784c0f7bf71e5d705ced8a3aa69c2d  2010.0/i586/libpango1.0-devel-1.26.1-1.3mdv2010.0.i586.rpm
 0eabd2c0ae48b8fd231d2fb98ff59438  2010.0/i586/pango-1.26.1-1.3mdv2010.0.i586.rpm
 c6c2b7163064cfaadae3273717950363  2010.0/i586/pango-doc-1.26.1-1.3mdv2010.0.i586.rpm 
 7ff8d19db483746b5f2358c2329f8c27  2010.0/SRPMS/pango-1.26.1-1.3mdv2010.0.src.rpm

2009.0 i586

 3db899ee2110f39b1ccd450e843c5ea7  2009.0/i586/libpango1.0_0-1.22.0-1.3mdv2009.0.i586.rpm
 657942516e020b16eeae32f3dc836baa  2009.0/i586/libpango1.0_0-modules-1.22.0-1.3mdv2009.0.i586.rpm
 a0d719bc484d596463584df98f8409bb  2009.0/i586/libpango1.0-devel-1.22.0-1.3mdv2009.0.i586.rpm
 dc1c8c09bad4ae804e1bb2ce4742bef5  2009.0/i586/pango-1.22.0-1.3mdv2009.0.i586.rpm
 d813fc06f5c2b0bb8603195e9b15eb44  2009.0/i586/pango-doc-1.22.0-1.3mdv2009.0.i586.rpm 
 cf41ce5c54a19123fa00b9e5a7bf337c  2009.0/SRPMS/pango-1.22.0-1.3mdv2009.0.src.rpm

MES5 x86_64

 2fffc8b9fb201a0a1d7eba51bbaacff3  mes5/x86_64/lib64pango1.0_0-1.22.0-1.3mdvmes5.1.x86_64.rpm
 efa9038f2fcec442489c4152250165d2  mes5/x86_64/lib64pango1.0_0-modules-1.22.0-1.3mdvmes5.1.x86_64.rpm
 1d819ba1901668c46158b8c4f5c1442b  mes5/x86_64/lib64pango1.0-devel-1.22.0-1.3mdvmes5.1.x86_64.rpm
 8e8de0cdc3893add91b846b10c1170b7  mes5/x86_64/pango-1.22.0-1.3mdvmes5.1.x86_64.rpm
 3f9aa790337dcec22666b1271dcb723d  mes5/x86_64/pango-doc-1.22.0-1.3mdvmes5.1.x86_64.rpm 
 2a5aa3359ff9262f8e9fd16b0889f57f  mes5/SRPMS/pango-1.22.0-1.3mdvmes5.1.src.rpm

2010.1 x86_64

 8948263486380665fb3cbf190bdb456c  2010.1/x86_64/lib64pango1.0_0-1.28.0-1.1mdv2010.2.x86_64.rpm
 a60afb49286243817dc5e811323fcc7a  2010.1/x86_64/lib64pango1.0_0-modules-1.28.0-1.1mdv2010.2.x86_64.rpm
 4c53ea354ee601e23e2b0ac3f1bf4022  2010.1/x86_64/lib64pango1.0-devel-1.28.0-1.1mdv2010.2.x86_64.rpm
 99ef9646fb2ffdf433ddd4b0c14f7d29  2010.1/x86_64/pango-1.28.0-1.1mdv2010.2.x86_64.rpm
 3dfe10e1ebf51061ff790a0abc991da5  2010.1/x86_64/pango-doc-1.28.0-1.1mdv2010.2.x86_64.rpm 
 5c6a367bba096087944a8ef4eac4f742  2010.1/SRPMS/pango-1.28.0-1.1mdv2010.2.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0020