MDVSA-2009:158-1
- Package name
- pango
- Date
- 2009-11-16
- Advisory ID
- MDVSA-2009:158-1
- Affected versions
- CS4.0 x86_64 , CS4.0 i586
Problem description
Integer overflow in the pango_glyph_string_set_size function in
pango/glyphstring.c in Pango before 1.24 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long glyph string that triggers a
heap-based buffer overflow.
This update corrects the issue.
Update:
pango for CS4 broke applications like MandrivaUpdate, mcc and so
on. This update corrects this problem.
Updated packages
CS4.0 x86_64
2d2f5f9800a904bfc2b76d8e662c95a5 corporate/4.0/x86_64/lib64pango1.0_0-1.10.0-3.2.20060mlcs4.x86_64.rpm 60385616c962ef3e588037343c87f86c corporate/4.0/x86_64/lib64pango1.0_0-devel-1.10.0-3.2.20060mlcs4.x86_64.rpm 64fed5431fe2e4d2bde49a3283279be8 corporate/4.0/x86_64/lib64pango1.0_0-modules-1.10.0-3.2.20060mlcs4.x86_64.rpm 95bcb69057b7b05367212ec13d36294c corporate/4.0/x86_64/pango-1.10.0-3.2.20060mlcs4.x86_64.rpm 5aebad48def56971eca8e379214fd6e2 corporate/4.0/SRPMS/pango-1.10.0-3.2.20060mlcs4.src.rpm
CS4.0 i586
2954acd1456174f3ace77b329af1a6c4 corporate/4.0/i586/libpango1.0_0-1.10.0-3.2.20060mlcs4.i586.rpm 00fa69b37cf287d5c194f99b66fd7637 corporate/4.0/i586/libpango1.0_0-devel-1.10.0-3.2.20060mlcs4.i586.rpm a1c560611b8f0332730f356c954a0770 corporate/4.0/i586/libpango1.0_0-modules-1.10.0-3.2.20060mlcs4.i586.rpm d988db5d68b51c8025d225f6365840f4 corporate/4.0/i586/pango-1.10.0-3.2.20060mlcs4.i586.rpm 5aebad48def56971eca8e379214fd6e2 corporate/4.0/SRPMS/pango-1.10.0-3.2.20060mlcs4.src.rpm