Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:020 (pango)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68860

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:020 (pango)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to pango
announced via advisory MDVSA-2011:020.

A vulnerability has been found and corrected in pango:

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph
function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and
earlier, when the FreeType2 backend is enabled, allows user-assisted
remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via a crafted font file, related
to the glyph box for an FT_Bitmap object (CVE-2011-0020).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:020

Risk factor : High

CVSS Score:
7.6

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0020
1024994
http://www.securitytracker.com/id?1024994
42934
http://secunia.com/advisories/42934
43100
http://secunia.com/advisories/43100
45842
http://www.securityfocus.com/bid/45842
70596
http://osvdb.org/70596
ADV-2011-0186
http://www.vupen.com/english/advisories/2011/0186
ADV-2011-0238
http://www.vupen.com/english/advisories/2011/0238
RHSA-2011:0180
http://www.redhat.com/support/errata/RHSA-2011-0180.html
SUSE-SR:2011:005
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
[oss-security] 20110118 CVE request: heap corruption in libpango
http://openwall.com/lists/oss-security/2011/01/18/6
[oss-security] 20110120 Re: CVE request: heap corruption in libpango
http://openwall.com/lists/oss-security/2011/01/20/2
https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616
https://bugzilla.gnome.org/show_bug.cgi?id=639882
https://bugzilla.redhat.com/show_bug.cgi?id=671122
pango-pango-bo(64832)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64832

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68860
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:020 (pango)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to pango announced via advisory MDVSA-2011:020. A vulnerability has been found and corrected in pango: Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object (CVE-2011-0020). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:020 Risk factor : High CVSS Score: 7.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0020 1024994 http://www.securitytracker.com/id?1024994 42934 http://secunia.com/advisories/42934 43100 http://secunia.com/advisories/43100 45842 http://www.securityfocus.com/bid/45842 70596 http://osvdb.org/70596 ADV-2011-0186 http://www.vupen.com/english/advisories/2011/0186 ADV-2011-0238 http://www.vupen.com/english/advisories/2011/0238 RHSA-2011:0180 http://www.redhat.com/support/errata/RHSA-2011-0180.html SUSE-SR:2011:005 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html [oss-security] 20110118 CVE request: heap corruption in libpango http://openwall.com/lists/oss-security/2011/01/18/6 [oss-security] 20110120 Re: CVE request: heap corruption in libpango http://openwall.com/lists/oss-security/2011/01/20/2 https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616 https://bugzilla.gnome.org/show_bug.cgi?id=639882 https://bugzilla.redhat.com/show_bug.cgi?id=671122 pango-pango-bo(64832) https://exchange.xforce.ibmcloud.com/vulnerabilities/64832
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com