Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2019-1: New pango1.0 packages fix denial of service

    Date 20 Mar 2010
    Posted By LinuxSecurity Advisories
    Marc Schoenefeld discovered an improper input sanitization in Pango, a library for layout and rendering of text, leading to array indexing error. If a local user was tricked into loading a specially-crafted font file in an
    Hash: SHA1
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2019-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                        Giuseppe Iuculano
    March 20, 2010              
    - ------------------------------------------------------------------------
    Package        : pango1.0
    Vulnerability  : missing input sanitization
    Problem type   : local
    Debian-specific: no
    CVE Id         : CVE-2010-0421
    Debian Bug     : 574021
    Marc Schoenefeld discovered an improper input sanitization in Pango, a library
    for layout and rendering of text, leading to array indexing error.
    If a local user was tricked into loading a specially-crafted font file in an
    application, using the Pango font rendering library, it could lead to denial
    of service (application crash).
    For the stable distribution (lenny), this problem has been fixed in
    version 1.20.5-5+lenny1.
    For the testing distribution (squeeze), and the unstable distribution (sid),
    this problem will be fixed soon.
    We recommend that you upgrade your pango1.0 package.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian (stable)
    - ---------------
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:    30609 59b83220ce8e5663d1576c9c62cda04f
        Size/MD5 checksum:  2071747 e0fac4c2c99d903fdec3f8db60107f36
        Size/MD5 checksum:     1647 65108152472b632d5214ba3eed1191f9
    Architecture independent packages:
        Size/MD5 checksum:   286750 df6f2e6739297305f301a9b21519d32c
        Size/MD5 checksum:    64556 b50adb928602040044cc0469b210dc16
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   745248 61d6362508bd71cd4b004a738e4c31ca
        Size/MD5 checksum:   330236 6be814261efaebc114e24c0d24c13961
        Size/MD5 checksum:   482252 250d036225f0491603ba626c616ca417
        Size/MD5 checksum:   248888 d30040b2adc49c49d4b5fb717bd2d6e7
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:   313884 c5cd8547145346dd056bce5f92c81239
        Size/MD5 checksum:   231696 b66e53a57fb589206d9f37639483598f
        Size/MD5 checksum:   773310 4dd3cabefa6f6b2e8b6e34cb045c4195
        Size/MD5 checksum:   391668 53fbb1fcaf8cb934b91721e4d667655c
    arm architecture (ARM)
        Size/MD5 checksum:   353604 6269283d3ac3b7ecce8b62fa613f9378
        Size/MD5 checksum:   201398 0b0d5213871ca9c32b29e16622d73f5b
        Size/MD5 checksum:   729718 1d6768b00081c9ef41c11b8552829b66
        Size/MD5 checksum:   275910 97b80dfc9c2f89e3e857fa9947c55c1c
    armel architecture (ARM EABI)
        Size/MD5 checksum:   206934 d9859806eea30ada69030c58d50fac03
        Size/MD5 checksum:   285434 d8d6084f4c48aed618e724d4d4ed4e2f
        Size/MD5 checksum:   358140 d27e89870f2d1873f90bf7d554e1f66a
        Size/MD5 checksum:   733654 8f21507434bda7f6d77b2c879be87851
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:   237174 1b4117c68966b0335ad3dfa7b4cad6fb
        Size/MD5 checksum:   322832 4699f185ec14679e626c4311a8f591ff
        Size/MD5 checksum:   741646 d78cb359694f7e8544e9fb6d41ed09f2
        Size/MD5 checksum:   415350 d2760ef481ab68c38a1e40a8e5c49dc8
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   213822 0a8a83f93880866b00af792b415ac977
        Size/MD5 checksum:   350456 a0dd849fc1ff64d445b04e8f2e936872
        Size/MD5 checksum:   285456 9347047a1ea7fda4d856670254c3c31c
        Size/MD5 checksum:   719590 8991fef0ff79ca19bac8094d1bc2b3c8
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:   725572 674109bd5c337f54eeef5ed226cb7bb2
        Size/MD5 checksum:   540052 6cbf68b7abe09595b653fc435b5823cc
        Size/MD5 checksum:   423908 ece61c77baafe5d2ba730d2e7ccb342b
        Size/MD5 checksum:   323424 7b692636369cb651bd796a9f07cfc8d0
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   215044 b9ca98745c44500b220a4df6b024a735
        Size/MD5 checksum:   290142 20abb28e302f0bcc696dd904cba6bbfb
        Size/MD5 checksum:   413216 f184df8b21ea183093695de21f4cd804
        Size/MD5 checksum:   757834 b4aa292a5b00dc66ec4d490c8a486a95
    powerpc architecture (PowerPC)
        Size/MD5 checksum:   306284 9da4961c23dcc088d429db3a7149c3bb
        Size/MD5 checksum:   776236 1442d9e2bacafc9cd7c6301a0d350361
        Size/MD5 checksum:   225654 982535d3252489c7304019d1c53484c5
        Size/MD5 checksum:   399104 a0926ea49cffad1bef68a4ffd95bd44f
    s390 architecture (IBM S/390)
        Size/MD5 checksum:   763014 9a698aa59795b72bfeb4e18f55d64d4b
        Size/MD5 checksum:   238214 012b5bf4741bbf1c72666fcaf0d41b9f
        Size/MD5 checksum:   318132 1697771a8463f4ab5f152283d2480037
        Size/MD5 checksum:   385170 5e936bd520668b79ccac11c20fe3623c
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   366686 8be8cc5efb6a65243e84d86beae4af33
        Size/MD5 checksum:   282678 6e4007c50b7f735ee638529e0996bebc
        Size/MD5 checksum:   206320 e6a428677a9786050b3f100a0567009f
        Size/MD5 checksum:   682854 e20b63f8654edf23739af8f352590683
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.