Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat: RHSA-2009:0476-01 Critical: Pango Integer Overflow Fix

red hat
Calendar Grey May 8, 2009
Dist Redhat Esm H88
The latest significant update from Red Hat for pango addresses a critical integer overflow vulnerability that poses serious risks to system integrity.
Updated pango and evolution28-pango packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having imp...

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

Summary

Pango is a library used for the layout and rendering of internationalized text.
Will Drewry discovered an integer overflow flaw in Pango's pango_glyph_string_set_size() function. If an attacker is able to pass an arbitrarily long string to Pango, it may be possible to execute arbitrary code with the permissions of the application calling Pango. (CVE-2009-1194)
pango and evolution28-pango users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect. Note: Restarting the X server closes all open applications and logs you out of your session.

Topics%20covered

Topics Covered

security advisory Red Hat Enterprise Linux critical update integer overflow security impact pango evolution28-pango

References

https://www.cve.org/CVERecord?id=CVE-2009-1194 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Enterprise Linux AS version 3:
Source:
i386: pango-1.2.5-8.i386.rpm pango-debuginfo-1.2.5-8.i386.rpm pango-devel-1.2.5-8.i386.rpm
ia64: pango-1.2.5-8.i386.rpm pango-1.2.5-8.ia64.rpm pango-debuginfo-1.2.5-8.i386.rpm pango-debuginfo-1.2.5-8.ia64.rpm pango-devel-1.2.5-8.ia64.rpm
ppc: pango-1.2.5-8.ppc.rpm pango-1.2.5-8.ppc64.rpm pango-debuginfo-1.2.5-8.ppc.rpm pango-debuginfo-1.2.5-8.ppc64.rpm pango-devel-1.2.5-8.ppc.rpm
s390: pango-1.2.5-8.s390.rpm pango-debuginfo-1.2.5-8.s390.rpm pango-devel-1.2.5-8.s390.rpm
s390x: pango-1.2.5-8.s390.rpm pango-1.2.5-8.s390x.rpm pango-debuginfo-1.2.5-8.s390.rpm pango-debuginfo-1.2.5-8.s390x.rpm pango-devel-1.2.5-8.s390x.rpm
x86_64: pango-1.2.5-8.i386.rpm pango-1.2.5-8.x86_64.rpm pango-debuginfo-1.2.5-8.i386.rpm pango-debuginfo-1.2.5-8.x86_64.rpm pango-devel-1.2.5-8.x86_64.rpm
Red Hat Desktop version 3:
Source:
i386: pango-1.2.5-8.i386.rpm pango-debuginfo-1.2.5-8.i386.rpm pango-devel-1.2.5-8.i386.rpm
x86_64: pango-1.2.5-8.i386.rpm pango-1.2.5-8.x86_64.rpm pango-debuginfo-1.2.5-8.i386.rpm pango-debuginfo-1.2.5-8.x86_64.rpm pango-devel-1.2.5-8.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
Source:
i386: pango-1.2.5-8.i386.rpm pango-debuginfo-1.2.5-8.i386.rpm pango-devel-1.2.5-8.i386.rpm
ia64: pango-1.2.5-8.i386.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2009:0476-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2009:0476.html
Issue date: 2009-05-08

Topic

Updated pango and evolution28-pango packages that fix an integer overflowflaw are now available for Red Hat Enterprise Linux 3, 4, and 5.This update has been rated as having important security impact by the RedHat Security Response Team.

Topics%20covered

Topics Covered

security advisory Red Hat Enterprise Linux critical update integer overflow security impact pango evolution28-pango

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

RHEL Desktop Workstation (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

Bugs Fixed

496887 - CVE-2009-1194 pango: pango_glyph_string_set_size integer overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here