Critical: pango security update
| Advisory: | RHSA-2011:0309-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Critical |
| Issued on: | 2011-03-01 |
| Last updated on: | 2011-03-01 |
| Affected Products: | Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server EUS (v. 6.0.z) Red Hat Enterprise Linux Workstation (v. 6) |
| CVEs (cve.mitre.org): |
CVE-2011-0064 |
Details
Updated pango packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Pango is a library used for the layout and rendering of internationalized
text.
It was discovered that Pango did not check for memory reallocation failures
in the hb_buffer_ensure() function. An attacker able to trigger a
reallocation failure by passing sufficiently large input to an application
using Pango could use this flaw to crash the application or, possibly,
execute arbitrary code with the privileges of the user running the
application. (CVE-2011-0064)
Red Hat would like to thank the Mozilla Security Team for reporting this
issue.
All pango users should upgrade to these updated packages, which contain a
backported patch to correct this issue. After installing this update, you
must restart your system or restart the X server for the update to take
effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Updated packages
| Red Hat Enterprise Linux Desktop (v. 6) | |
| SRPMS: | |
| pango-1.28.1-3.el6_0.5.src.rpm File outdated by: RHBA-2012:1498 |
MD5: 5c3c84a3d055cf59d05244fa2af6c90b SHA-256: dbb645b276e7a43a671f60ed04044e294ca32e4cc1ded786f00f4521a3d1a0c6 |
| IA-32: | |
| pango-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 34168f72af2441add27c1cda15d50453 SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd |
| pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 14f7c487e2899edef1882bad0ae2d43f SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d |
| pango-devel-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 9210311431e98531ebd606bc78123d00 SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d |
| x86_64: | |
| pango-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 34168f72af2441add27c1cda15d50453 SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd |
| pango-1.28.1-3.el6_0.5.x86_64.rpm File outdated by: RHBA-2012:1498 |
MD5: 1d72fb45d11989e339fdcb76f59f8c36 SHA-256: 451d8fab3b9901c4c0fdbb806e2df2c734c835a24f7a0eff3e2906227d42e22a |
| pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 14f7c487e2899edef1882bad0ae2d43f SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d |
| pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm File outdated by: RHBA-2012:1498 |
MD5: fc61a74742aa8dc37ff22cdaab442168 SHA-256: 151899551bc8573c1d3359f50200a0d853e2928406d5e5cc45518f407535070d |
| pango-devel-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 9210311431e98531ebd606bc78123d00 SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d |
| pango-devel-1.28.1-3.el6_0.5.x86_64.rpm File outdated by: RHBA-2012:1498 |
MD5: 675e9bf04495909cce6d1f281ecb0ea5 SHA-256: 62161dab774fd4f75066af4997607f2d91498b1e708d53c27c856d319e028a4f |
| Red Hat Enterprise Linux HPC Node (v. 6) | |
| SRPMS: | |
| pango-1.28.1-3.el6_0.5.src.rpm File outdated by: RHBA-2012:1498 |
MD5: 5c3c84a3d055cf59d05244fa2af6c90b SHA-256: dbb645b276e7a43a671f60ed04044e294ca32e4cc1ded786f00f4521a3d1a0c6 |
| x86_64: | |
| pango-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 34168f72af2441add27c1cda15d50453 SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd |
| pango-1.28.1-3.el6_0.5.x86_64.rpm File outdated by: RHBA-2012:1498 |
MD5: 1d72fb45d11989e339fdcb76f59f8c36 SHA-256: 451d8fab3b9901c4c0fdbb806e2df2c734c835a24f7a0eff3e2906227d42e22a |
| pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 14f7c487e2899edef1882bad0ae2d43f SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d |
| pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm File outdated by: RHBA-2012:1498 |
MD5: fc61a74742aa8dc37ff22cdaab442168 SHA-256: 151899551bc8573c1d3359f50200a0d853e2928406d5e5cc45518f407535070d |
| pango-devel-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 9210311431e98531ebd606bc78123d00 SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d |
| pango-devel-1.28.1-3.el6_0.5.x86_64.rpm File outdated by: RHBA-2012:1498 |
MD5: 675e9bf04495909cce6d1f281ecb0ea5 SHA-256: 62161dab774fd4f75066af4997607f2d91498b1e708d53c27c856d319e028a4f |
| Red Hat Enterprise Linux Server (v. 6) | |
| SRPMS: | |
| pango-1.28.1-3.el6_0.5.src.rpm File outdated by: RHBA-2012:1498 |
MD5: 5c3c84a3d055cf59d05244fa2af6c90b SHA-256: dbb645b276e7a43a671f60ed04044e294ca32e4cc1ded786f00f4521a3d1a0c6 |
| IA-32: | |
| pango-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 34168f72af2441add27c1cda15d50453 SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd |
| pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 14f7c487e2899edef1882bad0ae2d43f SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d |
| pango-devel-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 9210311431e98531ebd606bc78123d00 SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d |
| PPC: | |
| pango-1.28.1-3.el6_0.5.ppc.rpm File outdated by: RHBA-2012:1498 |
MD5: 5bd718430e25c7dc86a5784194df504c SHA-256: 1c70ab1e989732aba87edcaaa0454dd62e4d9c7599e4ebda72401ab611ba21d9 |
| pango-1.28.1-3.el6_0.5.ppc64.rpm File outdated by: RHBA-2012:1498 |
MD5: 15d127419627b92bc1a55d6779ec4987 SHA-256: 3fa42c5b2d17da5d6a45af1e031efffc5479dbefc8ef3ba80a5a4a0136ccda12 |
| pango-debuginfo-1.28.1-3.el6_0.5.ppc.rpm File outdated by: RHBA-2012:1498 |
MD5: 02297aa06369ded0874744e16a5889e0 SHA-256: 04f22a85387e095001997e9f6445a25dec48c2f10bcdb0495ce9d4fad21a8968 |
| pango-debuginfo-1.28.1-3.el6_0.5.ppc64.rpm File outdated by: RHBA-2012:1498 |
MD5: 379abad19bbb5ad326e1197f3c1ed1a4 SHA-256: 0027b46561070127fd484658925e7bbd08539787115784579e0672515811e92e |
| pango-devel-1.28.1-3.el6_0.5.ppc.rpm File outdated by: RHBA-2012:1498 |
MD5: d66913c16bd538287c53fdfc229fc619 SHA-256: 2c5928ffaece5c78819fa84506977dc1da26f690e1d929ac7e60d359bf6b1dd7 |
| pango-devel-1.28.1-3.el6_0.5.ppc64.rpm File outdated by: RHBA-2012:1498 |
MD5: 191dc4bc50bb7afac163105e779412dd SHA-256: 84dba3565c90d6861ddad8b7b33a40077e5b043f7b629039c33e16584f5dfbb4 |
| s390x: | |
| pango-1.28.1-3.el6_0.5.s390.rpm File outdated by: RHBA-2012:1498 |
MD5: 690f68f49824fc2823adb0f2ce0d9ae4 SHA-256: 8477e0554d6db16f279cad3dcb705a84be56ada2f75dd042cb10fe2c9e183995 |
| pango-1.28.1-3.el6_0.5.s390x.rpm File outdated by: RHBA-2012:1498 |
MD5: 12df697e2c454ae094b3b32259c3e6fd SHA-256: 9046344db2ad6d83386bf9bb86f1c9b05a93d7b26027288f9d128a9c17497292 |
| pango-debuginfo-1.28.1-3.el6_0.5.s390.rpm File outdated by: RHBA-2012:1498 |
MD5: 6a0de2822a398c20f5f15610fc36c4ed SHA-256: 6dd8ff723af3c4700842da9ee91305e7df70fa07bf79e4237d9e90065c75c87b |
| pango-debuginfo-1.28.1-3.el6_0.5.s390x.rpm File outdated by: RHBA-2012:1498 |
MD5: 16e13cd95a3c61b72a1e5371ca98ae55 SHA-256: 02a684028fb7f39c315bd108de1d34ed2887c0df196af512fe6a046f06af438a |
| pango-devel-1.28.1-3.el6_0.5.s390.rpm File outdated by: RHBA-2012:1498 |
MD5: 7347393e4d94ec44e1920e5853b92cd6 SHA-256: b318b055a5b52aa9cfe5e000bb3e7b9f50dfb4403cd1676a553ddca6d02c5b85 |
| pango-devel-1.28.1-3.el6_0.5.s390x.rpm File outdated by: RHBA-2012:1498 |
MD5: 2946470a29fb8a24de4e14054eb907cb SHA-256: 2bf72ddebf7db2496545e8620662ca546473a126facd0279347587d180a4c137 |
| x86_64: | |
| pango-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 34168f72af2441add27c1cda15d50453 SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd |
| pango-1.28.1-3.el6_0.5.x86_64.rpm File outdated by: RHBA-2012:1498 |
MD5: 1d72fb45d11989e339fdcb76f59f8c36 SHA-256: 451d8fab3b9901c4c0fdbb806e2df2c734c835a24f7a0eff3e2906227d42e22a |
| pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 14f7c487e2899edef1882bad0ae2d43f SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d |
| pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm File outdated by: RHBA-2012:1498 |
MD5: fc61a74742aa8dc37ff22cdaab442168 SHA-256: 151899551bc8573c1d3359f50200a0d853e2928406d5e5cc45518f407535070d |
| pango-devel-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 9210311431e98531ebd606bc78123d00 SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d |
| pango-devel-1.28.1-3.el6_0.5.x86_64.rpm File outdated by: RHBA-2012:1498 |
MD5: 675e9bf04495909cce6d1f281ecb0ea5 SHA-256: 62161dab774fd4f75066af4997607f2d91498b1e708d53c27c856d319e028a4f |
| Red Hat Enterprise Linux Server EUS (v. 6.0.z) | |
| SRPMS: | |
| pango-1.28.1-3.el6_0.5.src.rpm File outdated by: RHBA-2012:1498 |
MD5: 5c3c84a3d055cf59d05244fa2af6c90b SHA-256: dbb645b276e7a43a671f60ed04044e294ca32e4cc1ded786f00f4521a3d1a0c6 |
| IA-32: | |
| pango-1.28.1-3.el6_0.5.i686.rpm | MD5: 34168f72af2441add27c1cda15d50453 SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd |
| pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm | MD5: 14f7c487e2899edef1882bad0ae2d43f SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d |
| pango-devel-1.28.1-3.el6_0.5.i686.rpm | MD5: 9210311431e98531ebd606bc78123d00 SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d |
| PPC: | |
| pango-1.28.1-3.el6_0.5.ppc.rpm | MD5: 5bd718430e25c7dc86a5784194df504c SHA-256: 1c70ab1e989732aba87edcaaa0454dd62e4d9c7599e4ebda72401ab611ba21d9 |
| pango-1.28.1-3.el6_0.5.ppc64.rpm | MD5: 15d127419627b92bc1a55d6779ec4987 SHA-256: 3fa42c5b2d17da5d6a45af1e031efffc5479dbefc8ef3ba80a5a4a0136ccda12 |
| pango-debuginfo-1.28.1-3.el6_0.5.ppc.rpm | MD5: 02297aa06369ded0874744e16a5889e0 SHA-256: 04f22a85387e095001997e9f6445a25dec48c2f10bcdb0495ce9d4fad21a8968 |
| pango-debuginfo-1.28.1-3.el6_0.5.ppc64.rpm | MD5: 379abad19bbb5ad326e1197f3c1ed1a4 SHA-256: 0027b46561070127fd484658925e7bbd08539787115784579e0672515811e92e |
| pango-devel-1.28.1-3.el6_0.5.ppc.rpm | MD5: d66913c16bd538287c53fdfc229fc619 SHA-256: 2c5928ffaece5c78819fa84506977dc1da26f690e1d929ac7e60d359bf6b1dd7 |
| pango-devel-1.28.1-3.el6_0.5.ppc64.rpm | MD5: 191dc4bc50bb7afac163105e779412dd SHA-256: 84dba3565c90d6861ddad8b7b33a40077e5b043f7b629039c33e16584f5dfbb4 |
| s390x: | |
| pango-1.28.1-3.el6_0.5.s390.rpm | MD5: 690f68f49824fc2823adb0f2ce0d9ae4 SHA-256: 8477e0554d6db16f279cad3dcb705a84be56ada2f75dd042cb10fe2c9e183995 |
| pango-1.28.1-3.el6_0.5.s390x.rpm | MD5: 12df697e2c454ae094b3b32259c3e6fd SHA-256: 9046344db2ad6d83386bf9bb86f1c9b05a93d7b26027288f9d128a9c17497292 |
| pango-debuginfo-1.28.1-3.el6_0.5.s390.rpm | MD5: 6a0de2822a398c20f5f15610fc36c4ed SHA-256: 6dd8ff723af3c4700842da9ee91305e7df70fa07bf79e4237d9e90065c75c87b |
| pango-debuginfo-1.28.1-3.el6_0.5.s390x.rpm | MD5: 16e13cd95a3c61b72a1e5371ca98ae55 SHA-256: 02a684028fb7f39c315bd108de1d34ed2887c0df196af512fe6a046f06af438a |
| pango-devel-1.28.1-3.el6_0.5.s390.rpm | MD5: 7347393e4d94ec44e1920e5853b92cd6 SHA-256: b318b055a5b52aa9cfe5e000bb3e7b9f50dfb4403cd1676a553ddca6d02c5b85 |
| pango-devel-1.28.1-3.el6_0.5.s390x.rpm | MD5: 2946470a29fb8a24de4e14054eb907cb SHA-256: 2bf72ddebf7db2496545e8620662ca546473a126facd0279347587d180a4c137 |
| x86_64: | |
| pango-1.28.1-3.el6_0.5.i686.rpm | MD5: 34168f72af2441add27c1cda15d50453 SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd |
| pango-1.28.1-3.el6_0.5.x86_64.rpm | MD5: 1d72fb45d11989e339fdcb76f59f8c36 SHA-256: 451d8fab3b9901c4c0fdbb806e2df2c734c835a24f7a0eff3e2906227d42e22a |
| pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm | MD5: 14f7c487e2899edef1882bad0ae2d43f SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d |
| pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm | MD5: fc61a74742aa8dc37ff22cdaab442168 SHA-256: 151899551bc8573c1d3359f50200a0d853e2928406d5e5cc45518f407535070d |
| pango-devel-1.28.1-3.el6_0.5.i686.rpm | MD5: 9210311431e98531ebd606bc78123d00 SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d |
| pango-devel-1.28.1-3.el6_0.5.x86_64.rpm | MD5: 675e9bf04495909cce6d1f281ecb0ea5 SHA-256: 62161dab774fd4f75066af4997607f2d91498b1e708d53c27c856d319e028a4f |
| Red Hat Enterprise Linux Workstation (v. 6) | |
| SRPMS: | |
| pango-1.28.1-3.el6_0.5.src.rpm File outdated by: RHBA-2012:1498 |
MD5: 5c3c84a3d055cf59d05244fa2af6c90b SHA-256: dbb645b276e7a43a671f60ed04044e294ca32e4cc1ded786f00f4521a3d1a0c6 |
| IA-32: | |
| pango-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 34168f72af2441add27c1cda15d50453 SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd |
| pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 14f7c487e2899edef1882bad0ae2d43f SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d |
| pango-devel-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 9210311431e98531ebd606bc78123d00 SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d |
| x86_64: | |
| pango-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 34168f72af2441add27c1cda15d50453 SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd |
| pango-1.28.1-3.el6_0.5.x86_64.rpm File outdated by: RHBA-2012:1498 |
MD5: 1d72fb45d11989e339fdcb76f59f8c36 SHA-256: 451d8fab3b9901c4c0fdbb806e2df2c734c835a24f7a0eff3e2906227d42e22a |
| pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 14f7c487e2899edef1882bad0ae2d43f SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d |
| pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm File outdated by: RHBA-2012:1498 |
MD5: fc61a74742aa8dc37ff22cdaab442168 SHA-256: 151899551bc8573c1d3359f50200a0d853e2928406d5e5cc45518f407535070d |
| pango-devel-1.28.1-3.el6_0.5.i686.rpm File outdated by: RHBA-2012:1498 |
MD5: 9210311431e98531ebd606bc78123d00 SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d |
| pango-devel-1.28.1-3.el6_0.5.x86_64.rpm File outdated by: RHBA-2012:1498 |
MD5: 675e9bf04495909cce6d1f281ecb0ea5 SHA-256: 62161dab774fd4f75066af4997607f2d91498b1e708d53c27c856d319e028a4f |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
678563 - CVE-2011-0064 pango: missing memory reallocation failure checking in hb_buffer_ensure
References
https://www.redhat.com/security/data/cve/CVE-2011-0064.html
https://access.redhat.com/security/updates/classification/#critical
https://access.redhat.com/security/updates/classification/#critical
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
