From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2019-1
[email protected] http://www.debian.org/security/ Giuseppe Iuculano
March 20, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : pango1.0
Vulnerability : missing input sanitization
Problem type : local
Debian-specific: no
CVE Id : CVE-2010-0421
Debian Bug : 574021
Marc Schoenefeld discovered an improper input sanitization in Pango, a library for layout and rendering of text, leading to array indexing error.
If a local user was tricked into loading a specially-crafted font file in an application, using the Pango font rendering library, it could lead to denial
of service (application crash).
For the stable distribution (lenny), this problem has been fixed in
version 1.20.5-5+lenny1.
For the testing distribution (squeeze), and the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your pango1.0 package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-5+lenny1.diff.gz
Size/MD5 checksum: 30609 59b83220ce8e5663d1576c9c62cda04f
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5.orig.tar.gz
Size/MD5 checksum: 2071747 e0fac4c2c99d903fdec3f8db60107f36
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-5+lenny1.dsc
Size/MD5 checksum: 1647 65108152472b632d5214ba3eed1191f9
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-doc_1.20.5-5+lenny1_all.deb
Size/MD5 checksum: 286750 df6f2e6739297305f301a9b21519d32c
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-common_1.20.5-5+lenny1_all.deb
Size/MD5 checksum: 64556 b50adb928602040044cc0469b210dc16
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_alpha.deb
Size/MD5 checksum: 745248 61d6362508bd71cd4b004a738e4c31ca
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_alpha.deb
Size/MD5 checksum: 330236 6be814261efaebc114e24c0d24c13961
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_alpha.deb
Size/MD5 checksum: 482252 250d036225f0491603ba626c616ca417
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_alpha.udeb
Size/MD5 checksum: 248888 d30040b2adc49c49d4b5fb717bd2d6e7
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_amd64.deb
Size/MD5 checksum: 313884 c5cd8547145346dd056bce5f92c81239
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_amd64.udeb
Size/MD5 checksum: 231696 b66e53a57fb589206d9f37639483598f
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_amd64.deb
Size/MD5 checksum: 773310 4dd3cabefa6f6b2e8b6e34cb045c4195
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_amd64.deb
Size/MD5 checksum: 391668 53fbb1fcaf8cb934b91721e4d667655c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_arm.deb
Size/MD5 checksum: 353604 6269283d3ac3b7ecce8b62fa613f9378
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_arm.udeb
Size/MD5 checksum: 201398 0b0d5213871ca9c32b29e16622d73f5b
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_arm.deb
Size/MD5 checksum: 729718 1d6768b00081c9ef41c11b8552829b66
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_arm.deb
Size/MD5 checksum: 275910 97b80dfc9c2f89e3e857fa9947c55c1c
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_armel.udeb
Size/MD5 checksum: 206934 d9859806eea30ada69030c58d50fac03
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_armel.deb
Size/MD5 checksum: 285434 d8d6084f4c48aed618e724d4d4ed4e2f
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_armel.deb
Size/MD5 checksum: 358140 d27e89870f2d1873f90bf7d554e1f66a
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_armel.deb
Size/MD5 checksum: 733654 8f21507434bda7f6d77b2c879be87851
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_hppa.udeb
Size/MD5 checksum: 237174 1b4117c68966b0335ad3dfa7b4cad6fb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_hppa.deb
Size/MD5 checksum: 322832 4699f185ec14679e626c4311a8f591ff
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_hppa.deb
Size/MD5 checksum: 741646 d78cb359694f7e8544e9fb6d41ed09f2
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_hppa.deb
Size/MD5 checksum: 415350 d2760ef481ab68c38a1e40a8e5c49dc8
i386 architecture (Intel ia32)
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)