Moderate: pango security update
| Advisory: | RHSA-2011:1326-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Moderate |
| Issued on: | 2011-09-21 |
| Last updated on: | 2011-09-21 |
| Affected Products: | RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) |
| CVEs (cve.mitre.org): |
CVE-2011-3193 |
Details
Updated pango packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Pango is a library used for the layout and rendering of internationalized
text.
A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping
engine used in Pango. If a user loaded a specially-crafted font file with
an application that uses Pango, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2011-3193)
Users of pango are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, you must restart your system or restart the X server for the update
to take effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Updated packages
| RHEL Desktop Workstation (v. 5 client) | |
| SRPMS: | |
| pango-1.14.9-8.el5_7.3.src.rpm | MD5: fd7d497b426e5f11740f005a4489942d SHA-256: ead28ad4ff05a90230af23a561783565b373bcdab2f8b3789fbf0ec98ed06252 |
| IA-32: | |
| pango-devel-1.14.9-8.el5_7.3.i386.rpm | MD5: ca3a7e8d64c136eb60faa5daa14dfa24 SHA-256: 7ed357c09639b5197f070c2ae7935b0fb86deef4680102faf4c67db0abc99c65 |
| x86_64: | |
| pango-devel-1.14.9-8.el5_7.3.i386.rpm | MD5: ca3a7e8d64c136eb60faa5daa14dfa24 SHA-256: 7ed357c09639b5197f070c2ae7935b0fb86deef4680102faf4c67db0abc99c65 |
| pango-devel-1.14.9-8.el5_7.3.x86_64.rpm | MD5: bc2b23ab8829f2e4216b9d464943b3bf SHA-256: c9cc5dc25130165e0da31f55723985ca50c1d092641d56baa2229d29f55dd44d |
| Red Hat Enterprise Linux (v. 5 server) | |
| SRPMS: | |
| pango-1.14.9-8.el5_7.3.src.rpm | MD5: fd7d497b426e5f11740f005a4489942d SHA-256: ead28ad4ff05a90230af23a561783565b373bcdab2f8b3789fbf0ec98ed06252 |
| IA-32: | |
| pango-1.14.9-8.el5_7.3.i386.rpm | MD5: e1f39fdd82b5a90bf62378f9d616f94a SHA-256: 164c64fd88b4e8e16c90aafefa3bf3bdb7b8b934269a863eefc8b33c032df4e9 |
| pango-devel-1.14.9-8.el5_7.3.i386.rpm | MD5: ca3a7e8d64c136eb60faa5daa14dfa24 SHA-256: 7ed357c09639b5197f070c2ae7935b0fb86deef4680102faf4c67db0abc99c65 |
| IA-64: | |
| pango-1.14.9-8.el5_7.3.i386.rpm | MD5: e1f39fdd82b5a90bf62378f9d616f94a SHA-256: 164c64fd88b4e8e16c90aafefa3bf3bdb7b8b934269a863eefc8b33c032df4e9 |
| pango-1.14.9-8.el5_7.3.ia64.rpm | MD5: bea77996454e7e00988b7e941bbe1376 SHA-256: 6cb539ae2c00d87381eb13999f60ea69876a8f1bf884377d0d24916dbff0aa99 |
| pango-devel-1.14.9-8.el5_7.3.ia64.rpm | MD5: 4da218c687c18724b5a04eccb85fa4c5 SHA-256: a6e878d18b519ff43601ab883fc3b92f1d54e9243e074b154f72719acb3147f0 |
| PPC: | |
| pango-1.14.9-8.el5_7.3.ppc.rpm | MD5: 7a1c8e222da772b84cbe1d2f2fb4eeff SHA-256: 9198b7dc5b0da3fbb8160e0a7c06a33a5d86c1c041302ea5d0503667a76dc4a0 |
| pango-1.14.9-8.el5_7.3.ppc64.rpm | MD5: 9a010be06e2b0041808cd4a7533c0533 SHA-256: 6051d64a0c2e491da02b4d412c38de2b0a08cd4c43197d3990bc1990ab2c76f3 |
| pango-devel-1.14.9-8.el5_7.3.ppc.rpm | MD5: 164a31051feccd0619a350ed559791e7 SHA-256: 67d877e583b891eb8d1d89f1e7843f5b021a1bec4f33329ab921cc2db08d7fb7 |
| pango-devel-1.14.9-8.el5_7.3.ppc64.rpm | MD5: 381f760d5c64b318310847d33ee784b9 SHA-256: 50fa711170b7e4afc629390a004f8430583780191a0a5cb5333dadf1d3a5e4df |
| s390x: | |
| pango-1.14.9-8.el5_7.3.s390.rpm | MD5: c060a55000992142781d4238a9383d6c SHA-256: 02ab1bd9284b793794684b355bba3cd818bef04ff353e46232b8e59e22535df0 |
| pango-1.14.9-8.el5_7.3.s390x.rpm | MD5: ab4c5b73a9a742647523e4e2d66e4b6a SHA-256: 266b8942d85e754562793ab10372e5a1470387ff0d67dc353a956dffa6d294b0 |
| pango-devel-1.14.9-8.el5_7.3.s390.rpm | MD5: d7215df94f5c9d7015b05ddd4178fe6c SHA-256: d8f85567ab3015752ec8f1d716818bdf25ca814bc88d954b520ca7afa2e77fc7 |
| pango-devel-1.14.9-8.el5_7.3.s390x.rpm | MD5: 0dae6877767b4a3b563f96a524e2048f SHA-256: efb0381be4a1871ba937bc893989da102ad659ea082ab59a1d4b628deea037a1 |
| x86_64: | |
| pango-1.14.9-8.el5_7.3.i386.rpm | MD5: e1f39fdd82b5a90bf62378f9d616f94a SHA-256: 164c64fd88b4e8e16c90aafefa3bf3bdb7b8b934269a863eefc8b33c032df4e9 |
| pango-1.14.9-8.el5_7.3.x86_64.rpm | MD5: cf212cae87a16ad3d2796d78c8215b99 SHA-256: 45cc656e0cba9325e0faaebbd1454b59f1bbba97c8037c6b8b1654b65a021196 |
| pango-devel-1.14.9-8.el5_7.3.i386.rpm | MD5: ca3a7e8d64c136eb60faa5daa14dfa24 SHA-256: 7ed357c09639b5197f070c2ae7935b0fb86deef4680102faf4c67db0abc99c65 |
| pango-devel-1.14.9-8.el5_7.3.x86_64.rpm | MD5: bc2b23ab8829f2e4216b9d464943b3bf SHA-256: c9cc5dc25130165e0da31f55723985ca50c1d092641d56baa2229d29f55dd44d |
| Red Hat Enterprise Linux Desktop (v. 5 client) | |
| SRPMS: | |
| pango-1.14.9-8.el5_7.3.src.rpm | MD5: fd7d497b426e5f11740f005a4489942d SHA-256: ead28ad4ff05a90230af23a561783565b373bcdab2f8b3789fbf0ec98ed06252 |
| IA-32: | |
| pango-1.14.9-8.el5_7.3.i386.rpm | MD5: e1f39fdd82b5a90bf62378f9d616f94a SHA-256: 164c64fd88b4e8e16c90aafefa3bf3bdb7b8b934269a863eefc8b33c032df4e9 |
| x86_64: | |
| pango-1.14.9-8.el5_7.3.i386.rpm | MD5: e1f39fdd82b5a90bf62378f9d616f94a SHA-256: 164c64fd88b4e8e16c90aafefa3bf3bdb7b8b934269a863eefc8b33c032df4e9 |
| pango-1.14.9-8.el5_7.3.x86_64.rpm | MD5: cf212cae87a16ad3d2796d78c8215b99 SHA-256: 45cc656e0cba9325e0faaebbd1454b59f1bbba97c8037c6b8b1654b65a021196 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
733118 - CVE-2011-3193 qt/harfbuzz buffer overflow
References
https://www.redhat.com/security/data/cve/CVE-2011-3193.html
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/updates/classification/#moderate
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
