From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1798-1
[email protected] http://www.debian.org/security/ Steffen Joeris
May 10, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : pango1.0
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2009-1194
Debian Bugs : 527474
Will Drewry discovered that pango, a system for layout and rendering of internationalized text, is prone to an integer overflow via long
glyphstrings. This could cause the execution of arbitrary code when
displaying crafted data through an application using the pango library.
For the stable distribution (lenny), this problem has been fixed in
version 1.20.5-3+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 1.14.8-5+etch1.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.24-1.
We recommend that you upgrade your pango1.0 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8.orig.tar.gz
Size/MD5 checksum: 1903985 18c64e6cd7b91d04c40ef621a3d8fa4a
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8-5+etch1.diff.gz
Size/MD5 checksum: 26479 ed32cd0fab563f3d0446fd9ec43b2f7c
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8-5+etch1.dsc
Size/MD5 checksum: 1755 dc9d2d9010dc5dcc17fdf589db1a2e5e
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-doc_1.14.8-5+etch1_all.deb
Size/MD5 checksum: 253836 dbc3410b16ec27ddfed6dc8c1fb23daf
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-common_1.14.8-5+etch1_all.deb
Size/MD5 checksum: 6668 f10d91ab42b3eba15ef083bfb7540de5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_alpha.udeb
Size/MD5 checksum: 248652 708bd8f608c2447f8e0a82febf1e587a
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_alpha.deb
Size/MD5 checksum: 362654 22a3cea2b5598180f52caf057dba3ecd
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_alpha.deb
Size/MD5 checksum: 496650 9b68bc2d3e14db69c128b0845eaa4a85
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_alpha.deb
Size/MD5 checksum: 695224 d72beaf860b54f76008af828e71eacd0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_amd64.deb
Size/MD5 checksum: 704936 0535ac16c732c783b55bbd0a877d8a78
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_amd64.deb
Size/MD5 checksum: 335362 3181dcff1339b37ebc22d4a65751dc99
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_amd64.deb
Size/MD5 checksum: 384990 88a73bdbf1ade11b93416eeaa47fed05
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_amd64.udeb
Size/MD5 checksum: 224702 eed5fa5149bae7cb5425af34f1ec3edc
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_arm.deb
Size/MD5 checksum: 662692 853a22e95710cdbc2d6466d8a57d4869
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_arm.deb
Size/MD5 checksum: 349496 dffb98f863c7d1965ceee910db8e02c7
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_arm.udeb
Size/MD5 checksum: 202936 b4574bd7f773fd4de522caf2cf9947bd
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_arm.deb
Size/MD5 checksum: 307638 31237ca7f49f47c18b8f648cd2886856
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_hppa.deb
Size/MD5 checksum: 357600 f73a658e1f9e70a50ee3a84d5c5b970b
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_hppa.deb
Size/MD5 checksum: 673998 e3a17f9b99670c80d11beac2c4593aa8
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_hppa.deb
Size/MD5 checksum: 417448 c666abe6774a4207c8d0f4f6b6210c8e
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_hppa.udeb
Size/MD5 checksum: 242820 9e3c948ace44963cbc99ef43c59d8987
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_i386.deb
Size/MD5 checksum: 648360 44005bd92a8dbf3b89c8903e05690f23
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_i386.deb
Size/MD5 checksum: 344914 d41eb5702362976a8e080d5e80270343
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_i386.deb
Size/MD5 checksum: 312862 598616609baee45e6a72d8ca449737da
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_i386.udeb
Size/MD5 checksum: 209232 ed7fcd356d9a6106a6fccd11dd2e88cc
ia64 architecture (Intel ia64)
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)