[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [Full-disclosure] [USN-773-1] Pango vulnerability

===========================================================
Ubuntu Security Notice USN-773-1               May 07, 2009
pango1.0 vulnerability
CVE-2009-1194
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.



The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libpango1.0-0                   1.12.3-0ubuntu3.1

Ubuntu 8.04 LTS:
  libpango1.0-0                   1.20.5-0ubuntu1.1

Ubuntu 8.10:
  libpango1.0-0                   1.22.2-0ubuntu1.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.



Details follow:

Will Drewry discovered that Pango incorrectly handled rendering text with
long glyphstrings. If a user were tricked into displaying specially crafted
data with applications linked against Pango, such as Firefox, an attacker
could cause a denial of service or execute arbitrary code with privileges
of the user invoking the program.




Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    link://[click]
      Size/MD5:     4500 b522e8ff79f686ff3fdd493e8542349e
    link://[click]
      Size/MD5:     1910 c8c30bddff7defeeee80a3610405df05
    link://[click]
      Size/MD5:  1707615 9abcbd996cdb1fcb6737100384a55be8

  Architecture independent packages:

    link://[click]
      Size/MD5:   205394 a80e88128fd7115254e3d5133987d4ee

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    link://[click]
      Size/MD5:   677312 ecf591534d852001624f8435ede14209
    link://[click]
      Size/MD5:   315888 0073f3bd9ede36fdfa03dc1f607d03cb
    link://[click]
      Size/MD5:    35248 bb15526175751e55282920738df947e9
    link://[click]
      Size/MD5:   348382 001c8a9bfe194656728952d4a611e623
    link://[click]
      Size/MD5:   211678 37d27b670d2b6015ce58678356544370

  i386 architecture (x86 compatible Intel/AMD):

    link://[click]
      Size/MD5:   575498 85a732fe93794bde88a169cbe4fad19f
    link://[click]
      Size/MD5:   281538 4bd301b06894d6cd4e1be81678b4be2c
    link://[click]
      Size/MD5:    32432 7723b32675d6ad213e825e98287c7069
    link://[click]
      Size/MD5:   300604 9ce8e8ef85c82cabaf4e8b7bfb801c05
    link://[click]
      Size/MD5:   185128 15dfeed6702d8913ee23a9b89daaa27a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    link://[click]
      Size/MD5:   684284 3820ab5752792a0554d032237c6d049f
    link://[click]
      Size/MD5:   296486 cf4c37e916fabb50bf1f9d6563cc3086
    link://[click]
      Size/MD5:    36960 4711e9a7c92f656280145e09fabc54aa
    link://[click]
      Size/MD5:   350058 c872e045849b8f4b34c90a44b7cbb08b
    link://[click]
      Size/MD5:   194288 9b65d99b129b9fc4189432fb3b686398

  sparc architecture (Sun SPARC/UltraSPARC):

    link://[click]
      Size/MD5:   590364 bb12fd807bbe366bba5cb51a73ac2e86
    link://[click]
      Size/MD5:   285696 9e21a78eac3650c6382b56366e5c24da
    link://[click]
      Size/MD5:    32880 018271c1cffb4d64b6fb236f44dfba21
    link://[click]
      Size/MD5:   321630 ba578e44ca29ff4e09f091c0cbc4d710
    link://[click]
      Size/MD5:   184978 8e97c008133b2cf71c2db6734894bb5e

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    link://[click]
      Size/MD5:    28413 491d5425656032d156d4060f2708ac5b
    link://[click]
      Size/MD5:     1327 8ad3e3939c92ab1511ac0f701438b23b
    link://[click]
      Size/MD5:  2071747 e0fac4c2c99d903fdec3f8db60107f36

  Architecture independent packages:

    link://[click]
      Size/MD5:    63608 04b86269a4399c5cdf19db8c720e9a83
    link://[click]
      Size/MD5:   277850 b35ee97b0108333b156c64b5a85f3bf0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    link://[click]
      Size/MD5:   721712 5624508e825bbe5fd64de4716f6f3875
    link://[click]
      Size/MD5:   305670 2a54d8c485987a212e57f45252d5f27d
    link://[click]
      Size/MD5:   387426 601d99e237fb3b42f23703aebecd7c2e
    link://[click]
      Size/MD5:   225982 24eab50f837e4df93c626e7c7704dbed

  i386 architecture (x86 compatible Intel/AMD):

    link://[click]
      Size/MD5:   683650 c81d2a42d181a27706d664c18930ba16
    link://[click]
      Size/MD5:   283686 fc1ad92f46f1f2bf6da1b3c64ec1d96c
    link://[click]
      Size/MD5:   348082 05b8b3b76d2765abc8bf57decd719f2b
    link://[click]
      Size/MD5:   209962 6054d5233f46eb1441a082e032b95f6b

  lpia architecture (Low Power Intel Architecture):

    link://[click]
      Size/MD5:   690498 b545625f176093f2319029b0150343f0
    link://[click]
      Size/MD5:   281986 1689efa64b09f912c5dc7bd748c20198
    link://[click]
      Size/MD5:   349140 0f04a29b457b62fc8a47a69cd7e7a17b
    link://[click]
      Size/MD5:   209410 d07b5a41402030be7a48708052f44ae6

  powerpc architecture (Apple Macintosh G3/G4/G5):

    link://[click]
      Size/MD5:   734052 afe9bf600732f91f80d53ab81e3b3bc2
    link://[click]
      Size/MD5:   299506 7705155e437bcc8b6a45e22ea1b6cf28
    link://[click]
      Size/MD5:   394560 62cab62f7bcc2b2b938f093a3208241c
    link://[click]
      Size/MD5:   221120 e913027b850970dce415b863cd46e37b

  sparc architecture (Sun SPARC/UltraSPARC):

    link://[click]
      Size/MD5:   656344 ce4cdf162e3d048722308ed068d67bbb
    link://[click]
      Size/MD5:   276904 b732040e5ee1ba793858b6f62613447d
    link://[click]
      Size/MD5:   361848 3b315e7cf8b0df498c022d3a9bc648d4
    link://[click]
      Size/MD5:   201780 714d774a93755adeb322ad4f5f241a6d

Updated packages for Ubuntu 8.10:

  Source archives:

    link://[click]
      Size/MD5:    29604 806703705b7572b9f8dca8d1acc5e290
    link://[click]
      Size/MD5:     1821 a5c848d38d53c249bd7d234aaf3a2495
    link://[click]
      Size/MD5:  2129352 ac0187a02e34dd546f73647a7bc9d946

  Architecture independent packages:

    link://[click]
      Size/MD5:    66420 80863edb6443bb20ce85e2669fa344db
    link://[click]
      Size/MD5:   283724 7ebe97434d68260a1c60b8c336733578

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    link://[click]
      Size/MD5:   784366 c32ef609c6f1f36ca64ed0a4fe7e52de
    link://[click]
      Size/MD5:   318300 a9ab95a8373d1a4ea5098c3ef617fee5
    link://[click]
      Size/MD5:   403124 39853f549a42966a5bdaa2eb990d681f
    link://[click]
      Size/MD5:   237932 ae0fc762a8d1cdaad163d7ad03518bfe

  i386 architecture (x86 compatible Intel/AMD):

    link://[click]
      Size/MD5:   732012 d3edc099dadae3d1c4a73d43c1ce1ef2
    link://[click]
      Size/MD5:   292710 0adfe076b366794ccc98b0937df79435
    link://[click]
      Size/MD5:   361702 a94869f26a32f8cf4ec0e70c66fc0421
    link://[click]
      Size/MD5:   220458 92a7ba465b1339115ecbc7e5179aa586

  lpia architecture (Low Power Intel Architecture):

    link://[click]
      Size/MD5:   739278 f7b7bf341c5356184876d8a2fc9bca88
    link://[click]
      Size/MD5:   291002 3a21b8d4e5173b754c3c7d4e83dd3d8e
    link://[click]
      Size/MD5:   363694 d34b04083a45a6fec0d1ad03faf682c5
    link://[click]
      Size/MD5:   219562 3d4d190806c912cd36240ce0b3a5ff4d

  powerpc architecture (Apple Macintosh G3/G4/G5):

    link://[click]
      Size/MD5:   785118 942bf391454fe269082057ddfba3f55d
    link://[click]
      Size/MD5:   313364 74f49a139cfa99944281c39a92716f49
    link://[click]
      Size/MD5:   410838 286c7f55c0a2a134d716385b9ca766c9
    link://[click]
      Size/MD5:   231958 4360108ddedf88938459fbd34975195c

  sparc architecture (Sun SPARC/UltraSPARC):

    link://[click]
      Size/MD5:   698562 5f196f28580241385bd77acd0cd72aad
    link://[click]
      Size/MD5:   289512 e7580d801de9a0532730a3ef1d315417
    link://[click]
      Size/MD5:   376752 bcde95529c4e80a6f0aa140e40316fd3
    link://[click]
      Size/MD5:   212532 e18d12dbfb924f08d57869b5074310f0

Attachment: signature.asc
Description: This is a digitally signed message part

Full-Disclosure - We believe in it.


Charter: link://[click]
Hosted and sponsored by Secunia - link://[click]

Precedent par Date: [Full-disclosure] [USN-772-1] MPFR vulnerability
Suivant par Date: Re: [Full-disclosure] Howto Simulate a BotNet ?
Precedent par fil : [Full-disclosure] [USN-772-1] MPFR vulnerability
Suivant par fil : [Full-disclosure] [TOOL] moth - vulnerable web application vmware
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion Full Disclosure

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre + de mots clés avec l'annuaire des articles publiés sur SecuObs

Mini-Tagwall de l'annuaire video :

curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack + de mots clés avec l'annuaire de la revue Twitter