Synopsis: Moderate: pango security update
Issue date: 2010-03-15
CVE Names: CVE-2010-0421
CVE-2010-0421 libpangoft2 segfaults on forged font files
An input sanitization flaw, leading to an array index error, was found
in the way the Pango font rendering library synthesized the Glyph
Definition (GDEF) table from a font's character map and the Unicode
property database. If an attacker created a specially-crafted font file
and tricked a local, unsuspecting user into loading the font file in an
application that uses the Pango font rendering library, it could cause
that application to crash. (CVE-2010-0421)
After installing this update, you must restart your system or restart
your X session for this update to take effect.
SL 3.0.x
SRPMS:
pango-1.2.5-10.src.rpm
i386:
pango-1.2.5-10.i386.rpm
pango-devel-1.2.5-10.i386.rpm
x86_64:
pango-1.2.5-10.i386.rpm
pango-1.2.5-10.x86_64.rpm
pango-devel-1.2.5-10.x86_64.rpm
SL 4.x
SRPMS:
evolution28-pango-1.14.9-13.el4_8.src.rpm
pango-1.6.0-16.el4_8.src.rpm
i386:
evolution28-pango-1.14.9-13.el4_8.i386.rpm
evolution28-pango-devel-1.14.9-13.el4_8.i386.rpm
pango-1.6.0-16.el4_8.i386.rpm
pango-devel-1.6.0-16.el4_8.i386.rpm
x86_64:
evolution28-pango-1.14.9-13.el4_8.x86_64.rpm
evolution28-pango-devel-1.14.9-13.el4_8.x86_64.rpm
pango-1.6.0-16.el4_8.i386.rpm
pango-1.6.0-16.el4_8.x86_64.rpm
pango-devel-1.6.0-16.el4_8.x86_64.rpm
SL 5.x
SRPMS:
pango-1.14.9-8.el5.src.rpm
i386:
pango-1.14.9-8.el5.i386.rpm
pango-devel-1.14.9-8.el5.i386.rpm
x86_64:
pango-1.14.9-8.el5.i386.rpm
pango-1.14.9-8.el5.x86_64.rpm
pango-devel-1.14.9-8.el5.i386.rpm
pango-devel-1.14.9-8.el5.x86_64.rpm
-Connie Sieh
-Troy Dawson
|