MDVSA-2009:158-2
- Package name
- pango
- Date
- 2009-11-16
- Advisory ID
- MDVSA-2009:158-2
- Affected versions
- CS3.0 i586 , CS3.0 x86_64
Problem description
Integer overflow in the pango_glyph_string_set_size function in
pango/glyphstring.c in Pango before 1.24 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long glyph string that triggers a
heap-based buffer overflow.
This update corrects the issue.
Update:
pango for CS3 broke applications like MandrivaUpdate, mcc and so
on. This update corrects this problem.
Updated packages
CS3.0 i586
88f18d174db6cdbca5895f8cb9e33b3d corporate/3.0/i586/libpango1.0_0-1.2.5-3.2.C30mdk.i586.rpm af0017f3187368902d5b1b6ef5aa8d69 corporate/3.0/i586/libpango1.0_0-devel-1.2.5-3.2.C30mdk.i586.rpm f7693bae0804d325a562f6cb80665564 corporate/3.0/i586/pango-1.2.5-3.2.C30mdk.i586.rpm 5bd0f04432ef565d87bc31aa2f43c50d corporate/3.0/SRPMS/pango-1.2.5-3.2.C30mdk.src.rpm
CS3.0 x86_64
422881023439d37ad409a628851708ff corporate/3.0/x86_64/lib64pango1.0_0-1.2.5-3.2.C30mdk.x86_64.rpm 8a85d32c500ee2092123f3a58132155f corporate/3.0/x86_64/lib64pango1.0_0-devel-1.2.5-3.2.C30mdk.x86_64.rpm ba8df6cf6cb3742cfcfb861179d6d28a corporate/3.0/x86_64/pango-1.2.5-3.2.C30mdk.x86_64.rpm 5bd0f04432ef565d87bc31aa2f43c50d corporate/3.0/SRPMS/pango-1.2.5-3.2.C30mdk.src.rpm