|
|
[ Message Precedent sur la mailing][ Message Suivant sur la mailing][ Precedent dans le fil][ Prochain dans le fil][ Index par Date][ Index par fil]
[Full-disclosure] [SECURITY] [DSA 1798-1] New pango1.0 packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1798-1 security@xxxxxxxxxx
link://[click] Steffen Joeris
May 10, 2009 link://[click]
- ------------------------------------------------------------------------
Package : pango1.0
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2009-1194
Debian Bugs : 527474
Will Drewry discovered that pango, a system for layout and rendering of
internationalized text, is prone to an integer overflow via long
glyphstrings. This could cause the execution of arbitrary code when
displaying crafted data through an application using the pango library.
For the stable distribution (lenny), this problem has been fixed in
version 1.20.5-3+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 1.14.8-5+etch1.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.24-1.
We recommend that you upgrade your pango1.0 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
link://[click]
Size/MD5 checksum: 1903985 18c64e6cd7b91d04c40ef621a3d8fa4a
link://[click]
Size/MD5 checksum: 26479 ed32cd0fab563f3d0446fd9ec43b2f7c
link://[click]
Size/MD5 checksum: 1755 dc9d2d9010dc5dcc17fdf589db1a2e5e
Architecture independent packages:
link://[click]
Size/MD5 checksum: 253836 dbc3410b16ec27ddfed6dc8c1fb23daf
link://[click]
Size/MD5 checksum: 6668 f10d91ab42b3eba15ef083bfb7540de5
alpha architecture (DEC Alpha)
link://[click]
Size/MD5 checksum: 248652 708bd8f608c2447f8e0a82febf1e587a
link://[click]
Size/MD5 checksum: 362654 22a3cea2b5598180f52caf057dba3ecd
link://[click]
Size/MD5 checksum: 496650 9b68bc2d3e14db69c128b0845eaa4a85
link://[click]
Size/MD5 checksum: 695224 d72beaf860b54f76008af828e71eacd0
amd64 architecture (AMD x86_64 (AMD64))
link://[click]
Size/MD5 checksum: 704936 0535ac16c732c783b55bbd0a877d8a78
link://[click]
Size/MD5 checksum: 335362 3181dcff1339b37ebc22d4a65751dc99
link://[click]
Size/MD5 checksum: 384990 88a73bdbf1ade11b93416eeaa47fed05
link://[click]
Size/MD5 checksum: 224702 eed5fa5149bae7cb5425af34f1ec3edc
arm architecture (ARM)
link://[click]
Size/MD5 checksum: 662692 853a22e95710cdbc2d6466d8a57d4869
link://[click]
Size/MD5 checksum: 349496 dffb98f863c7d1965ceee910db8e02c7
link://[click]
Size/MD5 checksum: 202936 b4574bd7f773fd4de522caf2cf9947bd
link://[click]
Size/MD5 checksum: 307638 31237ca7f49f47c18b8f648cd2886856
hppa architecture (HP PA RISC)
link://[click]
Size/MD5 checksum: 357600 f73a658e1f9e70a50ee3a84d5c5b970b
link://[click]
Size/MD5 checksum: 673998 e3a17f9b99670c80d11beac2c4593aa8
link://[click]
Size/MD5 checksum: 417448 c666abe6774a4207c8d0f4f6b6210c8e
link://[click]
Size/MD5 checksum: 242820 9e3c948ace44963cbc99ef43c59d8987
i386 architecture (Intel ia32)
link://[click]
Size/MD5 checksum: 648360 44005bd92a8dbf3b89c8903e05690f23
link://[click]
Size/MD5 checksum: 344914 d41eb5702362976a8e080d5e80270343
link://[click]
Size/MD5 checksum: 312862 598616609baee45e6a72d8ca449737da
link://[click]
Size/MD5 checksum: 209232 ed7fcd356d9a6106a6fccd11dd2e88cc
ia64 architecture (Intel ia64)
link://[click]
Size/MD5 checksum: 449774 9afae76eabee3f1f573fac369eac0654
link://[click]
Size/MD5 checksum: 321620 0065a16f4d0eb3654f195f5d535865b9
link://[click]
Size/MD5 checksum: 678836 cf5e135e208e93263c7df7193c93eeb5
link://[click]
Size/MD5 checksum: 536936 5267c4a96811174acd4771d85a7fb116
mips architecture (MIPS (Big Endian))
link://[click]
Size/MD5 checksum: 318318 98e84a89c8a49071ed6479ffeb6214c7
link://[click]
Size/MD5 checksum: 214408 7422157343a02049b550cb4145c2cd00
link://[click]
Size/MD5 checksum: 420128 bd9e0436d3870a50126075b710cdbba1
link://[click]
Size/MD5 checksum: 711374 58a7ffd0326362a1437ead0ee154139a
mipsel architecture (MIPS (Little Endian))
link://[click]
Size/MD5 checksum: 213738 437814c1f15aa29d6fe2ec966ae2aff2
link://[click]
Size/MD5 checksum: 317716 60fc462800646d713dcaa8bc73b280bd
link://[click]
Size/MD5 checksum: 696792 74e617a9ea1709d954f8fdda87eb71c0
link://[click]
Size/MD5 checksum: 418734 7eb2d6028f6d0be7c3fac22b5fd76ec0
powerpc architecture (PowerPC)
link://[click]
Size/MD5 checksum: 211976 95b74b4286659bfe620f6114a6a2af32
link://[click]
Size/MD5 checksum: 320364 0d64d5625b1afdfc39dff105015fc660
link://[click]
Size/MD5 checksum: 389174 275ad345fc0887eed75a88ec501945ef
link://[click]
Size/MD5 checksum: 722428 cc25bd3a8ea812c48a96a02bbb6f7a12
s390 architecture (IBM S/390)
link://[click]
Size/MD5 checksum: 233354 226d31c71f2bc649de586306f4b4eb98
link://[click]
Size/MD5 checksum: 344094 7ccb96c0123737bc8e949f14b3e6d354
link://[click]
Size/MD5 checksum: 377674 8d7981c3d136952adac213a1af120bfc
link://[click]
Size/MD5 checksum: 675636 81dd74af7faf467348982fb9af23f44a
sparc architecture (Sun SPARC/UltraSPARC)
link://[click]
Size/MD5 checksum: 358592 ac3ecb9a58f721cc2491bdcf8ad5870b
link://[click]
Size/MD5 checksum: 638452 8d4d33b640e64a1fd2e015ba4c51b4df
link://[click]
Size/MD5 checksum: 203774 66d6c9576973369b38fb7eea068a52fb
link://[click]
Size/MD5 checksum: 310068 2a9e670cf8cb32e1d033f41c05c00f6e
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
link://[click]
Size/MD5 checksum: 2071747 e0fac4c2c99d903fdec3f8db60107f36
link://[click]
Size/MD5 checksum: 30003 56d02137714566e424047fb31657988b
link://[click]
Size/MD5 checksum: 1646 9be59b5b10f5726ad17c5e7bc18c8967
Architecture independent packages:
link://[click]
Size/MD5 checksum: 63850 54876cdcc098531aaf9ad7f97aa2de91
link://[click]
Size/MD5 checksum: 284480 6cd0b32cfd60851b3893229e5fe6a373
alpha architecture (DEC Alpha)
link://[click]
Size/MD5 checksum: 331030 a4d58569c599bde2e30fc2a7482428ec
link://[click]
Size/MD5 checksum: 744150 736e7468067ba3d1e256be02698c5403
link://[click]
Size/MD5 checksum: 480620 ef0ff84eab89c27c2ab93747a4a406b9
link://[click]
Size/MD5 checksum: 249196 af6a3a08ec7cb5eb71e33d084b943da7
amd64 architecture (AMD x86_64 (AMD64))
link://[click]
Size/MD5 checksum: 768228 3914e2d54e064cab630410d4a1fbf119
link://[click]
Size/MD5 checksum: 312762 fe888a58e2e9782977f7a1ea940f436c
link://[click]
Size/MD5 checksum: 231004 095fffcbe38078a3f60fe265a4bdcc77
link://[click]
Size/MD5 checksum: 391038 be74eea47d97df6dec315ccc10bfa1a4
arm architecture (ARM)
link://[click]
Size/MD5 checksum: 201452 f20bcc47be666a8ab409c4a597107362
link://[click]
Size/MD5 checksum: 274918 cbeff689d12f39eb7a098900bb7affef
link://[click]
Size/MD5 checksum: 728140 ff9d48449034d9fa9a7b069fe426eb60
link://[click]
Size/MD5 checksum: 354160 c7a8fccc422853bf91d5362fe1c0d376
armel architecture (ARM EABI)
link://[click]
Size/MD5 checksum: 206886 43b24dcd892b74f54c51c3c8dda751e7
link://[click]
Size/MD5 checksum: 733386 16433105817fd2c12444417365e62568
link://[click]
Size/MD5 checksum: 285388 ddb03ffea587e4a562e2aee7458933c8
link://[click]
Size/MD5 checksum: 358080 ffd351bbc11bf504e073045ba09cb8fe
hppa architecture (HP PA RISC)
link://[click]
Size/MD5 checksum: 415344 ff958c446705b7127ca91db003f4283c
link://[click]
Size/MD5 checksum: 741448 4c75ffba9f6d5feb57b62ad30f6ba716
link://[click]
Size/MD5 checksum: 237188 4331e189d89b308453ae6de33cbb20e1
link://[click]
Size/MD5 checksum: 322854 a92a3ba766ff8f1a4eb080ed80e35b42
i386 architecture (Intel ia32)
link://[click]
Size/MD5 checksum: 349380 71a9538aadd9beae278e89c4d21d0129
link://[click]
Size/MD5 checksum: 715402 2bd15da124e608fa0f0e72f6591cb673
link://[click]
Size/MD5 checksum: 213754 ec7309bca467dd390ffc09097224d247
link://[click]
Size/MD5 checksum: 288284 1f4a82e4837cd653a6e38f6f5f15a0ec
ia64 architecture (Intel ia64)
link://[click]
Size/MD5 checksum: 539472 72ba1dc99225f911115edacbd42072b4
link://[click]
Size/MD5 checksum: 423598 c3e2ad86d402cd19954e2c1876c70f5a
link://[click]
Size/MD5 checksum: 723274 dfbde260b9d60147d412e1089ef4853f
link://[click]
Size/MD5 checksum: 323228 f973337405e5c0f0adc1330e88827c63
mips architecture (MIPS (Big Endian))
link://[click]
Size/MD5 checksum: 290472 40239c39424c7706f622e1504ff17fc3
link://[click]
Size/MD5 checksum: 768846 a2fc1ca46e2830568a7917e3528006e7
link://[click]
Size/MD5 checksum: 216132 49d43c28e824754685def75b2e6b3467
link://[click]
Size/MD5 checksum: 415524 35c644367bf1507be9d5e9294e3da797
mipsel architecture (MIPS (Little Endian))
link://[click]
Size/MD5 checksum: 412848 88bdf71acb4ab37c5e08d50a7508a2c3
link://[click]
Size/MD5 checksum: 756686 b3b81326d4d3a58f2531ed94a1764ed5
link://[click]
Size/MD5 checksum: 214958 7769a23b0b01c1a2e6c9d5c1ddfcbf2d
link://[click]
Size/MD5 checksum: 289920 f5fe5109626ea15d4ac1bce9c0b71770
powerpc architecture (PowerPC)
link://[click]
Size/MD5 checksum: 773220 457169c33176b45884ee9067371d637f
link://[click]
Size/MD5 checksum: 398320 53b0dc4efef029e45c56329e00ade91d
link://[click]
Size/MD5 checksum: 306970 578c803e2a1171ddc8aa97ceffa15960
link://[click]
Size/MD5 checksum: 226166 5c3e4d633920eb234350d11427c11f58
s390 architecture (IBM S/390)
link://[click]
Size/MD5 checksum: 318020 3e5e9ff014e947fe98340a930ad8d48e
link://[click]
Size/MD5 checksum: 384816 88e6d9ae4dd82993392728147957d953
link://[click]
Size/MD5 checksum: 761086 2120bb434453f0cb5e27e729c2471c89
link://[click]
Size/MD5 checksum: 238092 5c965942930aa36edbe3c4d84783dec9
sparc architecture (Sun SPARC/UltraSPARC)
link://[click]
Size/MD5 checksum: 205580 01217a572cdb3eaa3d2b6fba10b5c279
link://[click]
Size/MD5 checksum: 364812 606fc9bfd6a8f2da87060019d7078a7a
link://[click]
Size/MD5 checksum: 677108 a6e8d91832c3cfc07a5f4a2d4ed5173e
link://[click]
Size/MD5 checksum: 281650 8925fa5807479331385e32c53c7fc87f
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb link://[click] stable/updates main
For dpkg-ftp: link://[click] dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and link://[click]<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoGnYgACgkQ62zWxYk/rQfdEQCfa0z/TMG9gcXl2V1WoBFZBbOz
/LwAnjWZdEt/EQQMhLA/SfBHYU+uSZgF
=IlbY
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Charter: link://[click]
Hosted and sponsored by Secunia - link://[click]
Archives de la liste de diffusion Secunia
Archives de la liste de diffusion Full Disclosure
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
