[Pardus-security] [PLSA 2010-40] Pango: Denial of Service
Eren Turkay
eren at pardus.org.tr
Mon Mar 29 22:10:45 EEST 2010
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-40 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-03-29
Severity: 3
Type: Local
------------------------------------------------------------------------
Summary
=======
A vulnerability was fixed in Pango, which can allow remote or local user
to cause denial of service conditions
Description
===========
CVE-2010-0421:
Array index error in the hb_ot_layout_build_glyph_classes function in
pango/opentype/hb-ot-layout.cc in Pango allows context-dependent
attackers to cause a denial of service (application crash) via a crafted
font file, related to building a synthetic Glyph Definition (aka GDEF)
table by using this font's charmap and the Unicode property database.
Affected packages:
pango-1.26.2-34-10, all before 2009
pango-1.21.3-28-8, all before 2008
Resolution
==========
There are update(s) for pango-1.26.2-34-10, pango-1.21.3-28-8. You can
update them via Package Manager or with a single command from console:
pisi up pango-1.26.2-34-10 pango-1.21.3-28-8
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12381
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0421
------------------------------------------------------------------------
More information about the Pardus-security
mailing list