Scientific Linux: CVE-2010-0421 Moderate Pango Input Issue

Date: Tue, 16 Mar 2010 11:29:24 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Moderate: pango on SL3.x, SL4.x, SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Moderate: pango security update
Issue date:	2010-03-15
CVE Names:	CVE-2010-0421

CVE-2010-0421 libpangoft2 segfaults on forged font files

An input sanitization flaw, leading to an array index error, was found
in the way the Pango font rendering library synthesized the Glyph
Definition (GDEF) table from a font's character map and the Unicode
property database. If an attacker created a specially-crafted font file
and tricked a local, unsuspecting user into loading the font file in an
application that uses the Pango font rendering library, it could cause
that application to crash. (CVE-2010-0421)

After installing this update, you must restart your system or restart
your X session for this update to take effect.

SL 3.0.x

 SRPMS:
pango-1.2.5-10.src.rpm
 i386:
pango-1.2.5-10.i386.rpm
pango-devel-1.2.5-10.i386.rpm
 x86_64:
pango-1.2.5-10.i386.rpm
pango-1.2.5-10.x86_64.rpm
pango-devel-1.2.5-10.x86_64.rpm

SL 4.x

 SRPMS:
evolution28-pango-1.14.9-13.el4_8.src.rpm
pango-1.6.0-16.el4_8.src.rpm
 i386:
evolution28-pango-1.14.9-13.el4_8.i386.rpm
evolution28-pango-devel-1.14.9-13.el4_8.i386.rpm
pango-1.6.0-16.el4_8.i386.rpm
pango-devel-1.6.0-16.el4_8.i386.rpm
 x86_64:
evolution28-pango-1.14.9-13.el4_8.x86_64.rpm
evolution28-pango-devel-1.14.9-13.el4_8.x86_64.rpm
pango-1.6.0-16.el4_8.i386.rpm
pango-1.6.0-16.el4_8.x86_64.rpm
pango-devel-1.6.0-16.el4_8.x86_64.rpm

SL 5.x

 SRPMS:
pango-1.14.9-8.el5.src.rpm
 i386:
pango-1.14.9-8.el5.i386.rpm
pango-devel-1.14.9-8.el5.i386.rpm
 x86_64:
pango-1.14.9-8.el5.i386.rpm
pango-1.14.9-8.el5.x86_64.rpm
pango-devel-1.14.9-8.el5.i386.rpm
pango-devel-1.14.9-8.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson