Date:         Tue, 16 Mar 2010 11:29:24 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: pango on SL3.x, SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: pango security update
Issue date:	2010-03-15
CVE Names:	CVE-2010-0421

CVE-2010-0421 libpangoft2 segfaults on forged font files

An input sanitization flaw, leading to an array index error, was found 
in the way the Pango font rendering library synthesized the Glyph 
Definition (GDEF) table from a font's character map and the Unicode 
property database. If an attacker created a specially-crafted font file 
and tricked a local, unsuspecting user into loading the font file in an 
application that uses the Pango font rendering library, it could cause 
that application to crash. (CVE-2010-0421)

After installing this update, you must restart your system or restart 
your X session for this update to take effect.

SL 3.0.x

       SRPMS:
pango-1.2.5-10.src.rpm
       i386:
pango-1.2.5-10.i386.rpm
pango-devel-1.2.5-10.i386.rpm
       x86_64:
pango-1.2.5-10.i386.rpm
pango-1.2.5-10.x86_64.rpm
pango-devel-1.2.5-10.x86_64.rpm

SL 4.x

       SRPMS:
evolution28-pango-1.14.9-13.el4_8.src.rpm
pango-1.6.0-16.el4_8.src.rpm
       i386:
evolution28-pango-1.14.9-13.el4_8.i386.rpm
evolution28-pango-devel-1.14.9-13.el4_8.i386.rpm
pango-1.6.0-16.el4_8.i386.rpm
pango-devel-1.6.0-16.el4_8.i386.rpm
       x86_64:
evolution28-pango-1.14.9-13.el4_8.x86_64.rpm
evolution28-pango-devel-1.14.9-13.el4_8.x86_64.rpm
pango-1.6.0-16.el4_8.i386.rpm
pango-1.6.0-16.el4_8.x86_64.rpm
pango-devel-1.6.0-16.el4_8.x86_64.rpm

SL 5.x

       SRPMS:
pango-1.14.9-8.el5.src.rpm
       i386:
pango-1.14.9-8.el5.i386.rpm
pango-devel-1.14.9-8.el5.i386.rpm
       x86_64:
pango-1.14.9-8.el5.i386.rpm
pango-1.14.9-8.el5.x86_64.rpm
pango-devel-1.14.9-8.el5.i386.rpm
pango-devel-1.14.9-8.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson