Secunia Security Advisory - Debian has issued an update for pango1.0. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
451cd59ae7aead040438db5f44defa3a187fe6726f29e22a6ac0b7ead0b13c5c
----------------------------------------------------------------------
Use WSUS to deploy 3rd party patches
Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/
----------------------------------------------------------------------
TITLE:
Debian update for pango1.0
SECUNIA ADVISORY ID:
SA39041
VERIFY ADVISORY:
http://secunia.com/advisories/39041/
DESCRIPTION:
Debian has issued an update for pango1.0. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
The vulnerability is caused due to an array indexing error within
Pango font rendering library when processing certain specially
crafted Glyph Definition (GDEF) tables. This can be exploited to
crash an application using the library by e.g. tricking a user into
opening a specially crafted font file.
SOLUTION:
Apply updated packages.
-- Debian GNU/Linux 5.0 --
Source:
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-5+lenny1.diff.gz
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5.orig.tar.gz
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-5+lenny1.dsc
Architecture-independent component:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-doc_1.20.5-5+lenny1_all.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-common_1.20.5-5+lenny1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_alpha.udeb
AMD64:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_amd64.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_arm.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_arm.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_arm.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_armel.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_armel.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_armel.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_hppa.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_i386.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_i386.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_ia64.udeb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_mipsel.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_powerpc.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_s390.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_s390.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_s390.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_sparc.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_sparc.deb
PROVIDED AND/OR DISCOVERED BY:
Marc Schoenefeld, Red Hat
ORIGINAL ADVISORY:
DSA-2019-1:
http://www.debian.org/security/2010/dsa-2019
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------