What Are You Looking For?

Sign Up
Date:         Tue, 16 Mar 2010 11:29:24 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: pango on SL3.x, SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: pango security update
Issue date:	2010-03-15
CVE Names:	CVE-2010-0421

CVE-2010-0421 libpangoft2 segfaults on forged font files

An input sanitization flaw, leading to an array index error, was found 
in the way the Pango font rendering library synthesized the Glyph 
Definition (GDEF) table from a font's character map and the Unicode 
property database. If an attacker created a specially-crafted font file 
and tricked a local, unsuspecting user into loading the font file in an 
application that uses the Pango font rendering library, it could cause 
that application to crash. (CVE-2010-0421)

After installing this update, you must restart your system or restart 
your X session for this update to take effect.

SL 3.0.x

       SRPMS:
pango-1.2.5-10.src.rpm
       i386:
pango-1.2.5-10.i386.rpm
pango-devel-1.2.5-10.i386.rpm
       x86_64:
pango-1.2.5-10.i386.rpm
pango-1.2.5-10.x86_64.rpm
pango-devel-1.2.5-10.x86_64.rpm

SL 4.x

       SRPMS:
evolution28-pango-1.14.9-13.el4_8.src.rpm
pango-1.6.0-16.el4_8.src.rpm
       i386:
evolution28-pango-1.14.9-13.el4_8.i386.rpm
evolution28-pango-devel-1.14.9-13.el4_8.i386.rpm
pango-1.6.0-16.el4_8.i386.rpm
pango-devel-1.6.0-16.el4_8.i386.rpm
       x86_64:
evolution28-pango-1.14.9-13.el4_8.x86_64.rpm
evolution28-pango-devel-1.14.9-13.el4_8.x86_64.rpm
pango-1.6.0-16.el4_8.i386.rpm
pango-1.6.0-16.el4_8.x86_64.rpm
pango-devel-1.6.0-16.el4_8.x86_64.rpm

SL 5.x

       SRPMS:
pango-1.14.9-8.el5.src.rpm
       i386:
pango-1.14.9-8.el5.i386.rpm
pango-devel-1.14.9-8.el5.i386.rpm
       x86_64:
pango-1.14.9-8.el5.i386.rpm
pango-1.14.9-8.el5.x86_64.rpm
pango-devel-1.14.9-8.el5.i386.rpm
pango-devel-1.14.9-8.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2010-0421 Moderate: pango SL3.x, SL4.x, SL5.x i386/x86_64

Moderate: pango security update

Summary

An input sanitization flaw, leading to an array index error, was foundin the way the Pango font rendering library synthesized the GlyphDefinition (GDEF) table from a font's character map and the Unicodeproperty database. If an attacker created a specially-crafted font fileand tricked a local, unsuspecting user into loading the font file in anapplication that uses the Pango font rendering library, it could causethat application to crash. (CVE-2010-0421)After installing this update, you must restart your system or restartyour X session for this update to take effect.SL 3.0.xSRPMS:pango-1.2.5-10.src.rpmi386:pango-1.2.5-10.i386.rpmpango-devel-1.2.5-10.i386.rpmx86_64:pango-1.2.5-10.i386.rpmpango-1.2.5-10.x86_64.rpmpango-devel-1.2.5-10.x86_64.rpm



Security Fixes

Severity
Issued Date: : 2010-03-15
CVE Names: CVE-2010-0421
CVE-2010-0421 libpangoft2 segfaults on forged font files

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Kali vs. ParrotOS: 2 Versatile Linux Distros for Security Pros

Dec 9, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo