Package name
pango
Date
2009-07-29
Advisory ID
MDVSA-2009:175
Affected versions
MES5 i586 , MES5 x86_64

Problem description

Integer overflow in the pango_glyph_string_set_size function in
pango/glyphstring.c in Pango before 1.24 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long glyph string that triggers a
heap-based buffer overflow.

This update corrects the issue.

Updated packages

MES5 i586

 281a6e6481a2ac3f92ffb7e5d0725fdb  mes5/i586/libpango1.0_0-1.22.0-1.1mdvmes5.i586.rpm
 7cf869d7976edd7ff17747d80241d9bd  mes5/i586/libpango1.0_0-modules-1.22.0-1.1mdvmes5.i586.rpm
 0eb03c5ae30809bb5627d58870edf0ee  mes5/i586/libpango1.0-devel-1.22.0-1.1mdvmes5.i586.rpm
 7b3a79d91adbcb03fbe5b20be91398b4  mes5/i586/pango-1.22.0-1.1mdvmes5.i586.rpm
 7955fd2ce9533033f072535f324b5c6f  mes5/i586/pango-doc-1.22.0-1.1mdvmes5.i586.rpm 
 f94f43624994efe90d424f5af5815fe6  mes5/SRPMS/pango-1.22.0-1.1mdvmes5.src.rpm

MES5 x86_64

 fa0f25fc7f0a2768a48ea2893a2e16ed  mes5/x86_64/lib64pango1.0_0-1.22.0-1.1mdvmes5.x86_64.rpm
 aee21e34e313312218963399bc5f90e6  mes5/x86_64/lib64pango1.0_0-modules-1.22.0-1.1mdvmes5.x86_64.rpm
 1e2b82dba0a1333e68d67c45cbf04249  mes5/x86_64/lib64pango1.0-devel-1.22.0-1.1mdvmes5.x86_64.rpm
 c67e7a138ae43ec33e0c7a09f25171d4  mes5/x86_64/pango-1.22.0-1.1mdvmes5.x86_64.rpm
 9030efd51eeebc0e92a1bd84d5b6a261  mes5/x86_64/pango-doc-1.22.0-1.1mdvmes5.x86_64.rpm 
 f94f43624994efe90d424f5af5815fe6  mes5/SRPMS/pango-1.22.0-1.1mdvmes5.src.rpm

References