Pardus alert 2011-42 (pango pango-docs)
| From: | Meltem <meltem@pardus.org.tr> | |
| To: | pardus-security@pardus.org.tr | |
| Subject: | [Pardus-security] [PLSA 2011-42] Pango: Buffer Overflow | |
| Date: | Mon, 14 Feb 2011 12:31:50 +0200 | |
| Message-ID: | <201102141231.50948.meltem@pardus.org.tr> |
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-42 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-02-14 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in Pango, which can potentially be exploited by malicious people to cause a denial of service (application crash) or possibly execute arbitrary code. Description =========== CVE-2011-0020: Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. Affected packages: Pardus 2009: pango, all before 1.26.2-35-11 pango-docs, all before 1.26.2-35-6 Resolution ========== There are update(s) for pango, pango-docs. You can update them via Package Manager or with a single command from console: pisi up pango pango-docs References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=16763 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-... ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security