-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:158-3 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pango Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 5fa3cde904bb3471f2808597d4495a90 2008.0/i586/libpango1.0_0-1.18.2-1.1mdv2008.0.i586.rpm 70cd4862c5bc27ff2548ea082ef2562b 2008.0/i586/libpango1.0_0-modules-1.18.2-1.1mdv2008.0.i586.rpm 06a9a5a78ffa999cb12bd5de367789cc 2008.0/i586/libpango1.0-devel-1.18.2-1.1mdv2008.0.i586.rpm 77ca034f4f673aef5ef9a147e7fd6b10 2008.0/i586/pango-1.18.2-1.1mdv2008.0.i586.rpm d57f4104fd1607dca80c7d4e8d775ae7 2008.0/i586/pango-doc-1.18.2-1.1mdv2008.0.i586.rpm 1d01963df79f7762776dc35e4023ea5b 2008.0/SRPMS/pango-1.18.2-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 1fdf6ef81c94fee53da3c154709483ad 2008.0/x86_64/lib64pango1.0_0-1.18.2-1.1mdv2008.0.x86_64.rpm 2a5831a2e8bdc4dcce62f8ecbe9f1dfd 2008.0/x86_64/lib64pango1.0_0-modules-1.18.2-1.1mdv2008.0.x86_64.rpm 18803302ca6edff9c50f9bb66e095e80 2008.0/x86_64/lib64pango1.0-devel-1.18.2-1.1mdv2008.0.x86_64.rpm 56a5dff6f3dc09912b22ea955970ae1c 2008.0/x86_64/pango-1.18.2-1.1mdv2008.0.x86_64.rpm 2b2fc7e5a1c7597dead4d6138089f7c3 2008.0/x86_64/pango-doc-1.18.2-1.1mdv2008.0.x86_64.rpm 1d01963df79f7762776dc35e4023ea5b 2008.0/SRPMS/pango-1.18.2-1.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGDftmqjQ0CJFipgRAuWMAJ4/ig6FYR6485O/yz4etEfyCTIySgCghpQU pNTF7F5vkWFvFfi8GU78a0E= =sn6S -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/