| |||||||||||||||||||
Pardus alert 2010-40 (pango-1.26.2-34-10 pango-1.21.3-28-8)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-40 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-03-29 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability was fixed in Pango, which can allow remote or local user to cause denial of service conditions Description =========== CVE-2010-0421: Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. Affected packages: pango-1.26.2-34-10, all before 2009 pango-1.21.3-28-8, all before 2008 Resolution ========== There are update(s) for pango-1.26.2-34-10, pango-1.21.3-28-8. You can update them via Package Manager or with a single command from console: pisi up pango-1.26.2-34-10 pango-1.21.3-28-8 References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=12381 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0421 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||