Synopsis
Moderate: pango security update
Type/Severity
Security Advisory: Moderate
Topic
Updated pango and evolution28-pango packages that fix one security issue
are now available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Description
Pango is a library used for the layout and rendering of internationalized
text.
An input sanitization flaw, leading to an array index error, was found in
the way the Pango font rendering library synthesized the Glyph Definition
(GDEF) table from a font's character map and the Unicode property database.
If an attacker created a specially-crafted font file and tricked a local,
unsuspecting user into loading the font file in an application that uses
the Pango font rendering library, it could cause that application to crash.
(CVE-2010-0421)
Users of pango and evolution28-pango are advised to upgrade to these
updated packages, which contain a backported patch to resolve this issue.
After installing this update, you must restart your system or restart your
X session for this update to take effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
-
Red Hat Enterprise Linux Server 5 x86_64
-
Red Hat Enterprise Linux Server 5 ia64
-
Red Hat Enterprise Linux Server 5 i386
-
Red Hat Enterprise Linux Server 4 x86_64
-
Red Hat Enterprise Linux Server 4 ia64
-
Red Hat Enterprise Linux Server 4 i386
-
Red Hat Enterprise Linux Server 3 x86_64
-
Red Hat Enterprise Linux Server 3 ia64
-
Red Hat Enterprise Linux Server 3 i386
-
Red Hat Enterprise Linux Server - Extended Update Support 5.4 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 5.4 ia64
-
Red Hat Enterprise Linux Server - Extended Update Support 5.4 i386
-
Red Hat Enterprise Linux Server - Extended Update Support 4.8 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 4.8 ia64
-
Red Hat Enterprise Linux Server - Extended Update Support 4.8 i386
-
Red Hat Enterprise Linux Workstation 5 x86_64
-
Red Hat Enterprise Linux Workstation 5 i386
-
Red Hat Enterprise Linux Workstation 4 x86_64
-
Red Hat Enterprise Linux Workstation 4 ia64
-
Red Hat Enterprise Linux Workstation 4 i386
-
Red Hat Enterprise Linux Workstation 3 x86_64
-
Red Hat Enterprise Linux Workstation 3 ia64
-
Red Hat Enterprise Linux Workstation 3 i386
-
Red Hat Enterprise Linux Desktop 5 x86_64
-
Red Hat Enterprise Linux Desktop 5 i386
-
Red Hat Enterprise Linux Desktop 4 x86_64
-
Red Hat Enterprise Linux Desktop 4 i386
-
Red Hat Enterprise Linux Desktop 3 x86_64
-
Red Hat Enterprise Linux Desktop 3 i386
-
Red Hat Enterprise Linux for IBM z Systems 5 s390x
-
Red Hat Enterprise Linux for IBM z Systems 4 s390x
-
Red Hat Enterprise Linux for IBM z Systems 4 s390
-
Red Hat Enterprise Linux for IBM z Systems 3 s390x
-
Red Hat Enterprise Linux for IBM z Systems 3 s390
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
-
Red Hat Enterprise Linux for Power, big endian 5 ppc
-
Red Hat Enterprise Linux for Power, big endian 4 ppc
-
Red Hat Enterprise Linux for Power, big endian 3 ppc
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4 ppc
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc
-
Red Hat Enterprise Linux Server from RHUI 5 x86_64
-
Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 555831 - CVE-2010-0421 libpangoft2 segfaults on forged font files
CVEs
References
Vulmon