Debian: DSA-2019-1: New pango1.0 packages fix denial of service

    Date20 Mar 2010
    CategoryDebian
    40
    Posted ByLinuxSecurity Advisories
    Marc Schoenefeld discovered an improper input sanitization in Pango, a library for layout and rendering of text, leading to array indexing error. If a local user was tricked into loading a specially-crafted font file in an
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2019-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                        Giuseppe Iuculano
    March 20, 2010                        http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : pango1.0
    Vulnerability  : missing input sanitization
    Problem type   : local
    Debian-specific: no
    CVE Id         : CVE-2010-0421
    Debian Bug     : 574021
    
    
    Marc Schoenefeld discovered an improper input sanitization in Pango, a library
    for layout and rendering of text, leading to array indexing error.
    If a local user was tricked into loading a specially-crafted font file in an
    application, using the Pango font rendering library, it could lead to denial
    of service (application crash).
    
    
    For the stable distribution (lenny), this problem has been fixed in
    version 1.20.5-5+lenny1.
    
    For the testing distribution (squeeze), and the unstable distribution (sid),
    this problem will be fixed soon.
    
    
    We recommend that you upgrade your pango1.0 package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-5+lenny1.diff.gz
        Size/MD5 checksum:    30609 59b83220ce8e5663d1576c9c62cda04f
      http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5.orig.tar.gz
        Size/MD5 checksum:  2071747 e0fac4c2c99d903fdec3f8db60107f36
      http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-5+lenny1.dsc
        Size/MD5 checksum:     1647 65108152472b632d5214ba3eed1191f9
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-doc_1.20.5-5+lenny1_all.deb
        Size/MD5 checksum:   286750 df6f2e6739297305f301a9b21519d32c
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-common_1.20.5-5+lenny1_all.deb
        Size/MD5 checksum:    64556 b50adb928602040044cc0469b210dc16
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_alpha.deb
        Size/MD5 checksum:   745248 61d6362508bd71cd4b004a738e4c31ca
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_alpha.deb
        Size/MD5 checksum:   330236 6be814261efaebc114e24c0d24c13961
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_alpha.deb
        Size/MD5 checksum:   482252 250d036225f0491603ba626c616ca417
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_alpha.udeb
        Size/MD5 checksum:   248888 d30040b2adc49c49d4b5fb717bd2d6e7
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_amd64.deb
        Size/MD5 checksum:   313884 c5cd8547145346dd056bce5f92c81239
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_amd64.udeb
        Size/MD5 checksum:   231696 b66e53a57fb589206d9f37639483598f
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_amd64.deb
        Size/MD5 checksum:   773310 4dd3cabefa6f6b2e8b6e34cb045c4195
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_amd64.deb
        Size/MD5 checksum:   391668 53fbb1fcaf8cb934b91721e4d667655c
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_arm.deb
        Size/MD5 checksum:   353604 6269283d3ac3b7ecce8b62fa613f9378
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_arm.udeb
        Size/MD5 checksum:   201398 0b0d5213871ca9c32b29e16622d73f5b
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_arm.deb
        Size/MD5 checksum:   729718 1d6768b00081c9ef41c11b8552829b66
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_arm.deb
        Size/MD5 checksum:   275910 97b80dfc9c2f89e3e857fa9947c55c1c
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_armel.udeb
        Size/MD5 checksum:   206934 d9859806eea30ada69030c58d50fac03
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_armel.deb
        Size/MD5 checksum:   285434 d8d6084f4c48aed618e724d4d4ed4e2f
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_armel.deb
        Size/MD5 checksum:   358140 d27e89870f2d1873f90bf7d554e1f66a
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_armel.deb
        Size/MD5 checksum:   733654 8f21507434bda7f6d77b2c879be87851
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_hppa.udeb
        Size/MD5 checksum:   237174 1b4117c68966b0335ad3dfa7b4cad6fb
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_hppa.deb
        Size/MD5 checksum:   322832 4699f185ec14679e626c4311a8f591ff
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_hppa.deb
        Size/MD5 checksum:   741646 d78cb359694f7e8544e9fb6d41ed09f2
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_hppa.deb
        Size/MD5 checksum:   415350 d2760ef481ab68c38a1e40a8e5c49dc8
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
        Size/MD5 checksum:   213822 0a8a83f93880866b00af792b415ac977
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_i386.deb
        Size/MD5 checksum:   350456 a0dd849fc1ff64d445b04e8f2e936872
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_i386.deb
        Size/MD5 checksum:   285456 9347047a1ea7fda4d856670254c3c31c
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
        Size/MD5 checksum:   719590 8991fef0ff79ca19bac8094d1bc2b3c8
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_ia64.deb
        Size/MD5 checksum:   725572 674109bd5c337f54eeef5ed226cb7bb2
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_ia64.deb
        Size/MD5 checksum:   540052 6cbf68b7abe09595b653fc435b5823cc
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_ia64.deb
        Size/MD5 checksum:   423908 ece61c77baafe5d2ba730d2e7ccb342b
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_ia64.udeb
        Size/MD5 checksum:   323424 7b692636369cb651bd796a9f07cfc8d0
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_mipsel.udeb
        Size/MD5 checksum:   215044 b9ca98745c44500b220a4df6b024a735
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_mipsel.deb
        Size/MD5 checksum:   290142 20abb28e302f0bcc696dd904cba6bbfb
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_mipsel.deb
        Size/MD5 checksum:   413216 f184df8b21ea183093695de21f4cd804
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_mipsel.deb
        Size/MD5 checksum:   757834 b4aa292a5b00dc66ec4d490c8a486a95
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_powerpc.deb
        Size/MD5 checksum:   306284 9da4961c23dcc088d429db3a7149c3bb
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_powerpc.deb
        Size/MD5 checksum:   776236 1442d9e2bacafc9cd7c6301a0d350361
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_powerpc.udeb
        Size/MD5 checksum:   225654 982535d3252489c7304019d1c53484c5
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_powerpc.deb
        Size/MD5 checksum:   399104 a0926ea49cffad1bef68a4ffd95bd44f
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_s390.deb
        Size/MD5 checksum:   763014 9a698aa59795b72bfeb4e18f55d64d4b
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_s390.udeb
        Size/MD5 checksum:   238214 012b5bf4741bbf1c72666fcaf0d41b9f
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_s390.deb
        Size/MD5 checksum:   318132 1697771a8463f4ab5f152283d2480037
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_s390.deb
        Size/MD5 checksum:   385170 5e936bd520668b79ccac11c20fe3623c
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_sparc.deb
        Size/MD5 checksum:   366686 8be8cc5efb6a65243e84d86beae4af33
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_sparc.deb
        Size/MD5 checksum:   282678 6e4007c50b7f735ee638529e0996bebc
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_sparc.udeb
        Size/MD5 checksum:   206320 e6a428677a9786050b3f100a0567009f
      http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_sparc.deb
        Size/MD5 checksum:   682854 e20b63f8654edf23739af8f352590683
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.