Skip to navigation

Security Advisory Critical: pango security update

Advisory: RHSA-2011:0309-1
Type: Security Advisory
Severity: Critical
Issued on: 2011-03-01
Last updated on: 2011-03-01
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.0.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-0064

Details

Updated pango packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Pango is a library used for the layout and rendering of internationalized
text.

It was discovered that Pango did not check for memory reallocation failures
in the hb_buffer_ensure() function. An attacker able to trigger a
reallocation failure by passing sufficiently large input to an application
using Pango could use this flaw to crash the application or, possibly,
execute arbitrary code with the privileges of the user running the
application. (CVE-2011-0064)

Red Hat would like to thank the Mozilla Security Team for reporting this
issue.

All pango users should upgrade to these updated packages, which contain a
backported patch to correct this issue. After installing this update, you
must restart your system or restart the X server for the update to take
effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
pango-1.28.1-3.el6_0.5.src.rpm
File outdated by:  RHBA-2012:1498
    MD5: 5c3c84a3d055cf59d05244fa2af6c90b
SHA-256: dbb645b276e7a43a671f60ed04044e294ca32e4cc1ded786f00f4521a3d1a0c6
 
IA-32:
pango-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 34168f72af2441add27c1cda15d50453
SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd
pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 14f7c487e2899edef1882bad0ae2d43f
SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d
pango-devel-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 9210311431e98531ebd606bc78123d00
SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d
 
x86_64:
pango-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 34168f72af2441add27c1cda15d50453
SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd
pango-1.28.1-3.el6_0.5.x86_64.rpm
File outdated by:  RHBA-2012:1498
    MD5: 1d72fb45d11989e339fdcb76f59f8c36
SHA-256: 451d8fab3b9901c4c0fdbb806e2df2c734c835a24f7a0eff3e2906227d42e22a
pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 14f7c487e2899edef1882bad0ae2d43f
SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d
pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm
File outdated by:  RHBA-2012:1498
    MD5: fc61a74742aa8dc37ff22cdaab442168
SHA-256: 151899551bc8573c1d3359f50200a0d853e2928406d5e5cc45518f407535070d
pango-devel-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 9210311431e98531ebd606bc78123d00
SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d
pango-devel-1.28.1-3.el6_0.5.x86_64.rpm
File outdated by:  RHBA-2012:1498
    MD5: 675e9bf04495909cce6d1f281ecb0ea5
SHA-256: 62161dab774fd4f75066af4997607f2d91498b1e708d53c27c856d319e028a4f
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
pango-1.28.1-3.el6_0.5.src.rpm
File outdated by:  RHBA-2012:1498
    MD5: 5c3c84a3d055cf59d05244fa2af6c90b
SHA-256: dbb645b276e7a43a671f60ed04044e294ca32e4cc1ded786f00f4521a3d1a0c6
 
x86_64:
pango-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 34168f72af2441add27c1cda15d50453
SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd
pango-1.28.1-3.el6_0.5.x86_64.rpm
File outdated by:  RHBA-2012:1498
    MD5: 1d72fb45d11989e339fdcb76f59f8c36
SHA-256: 451d8fab3b9901c4c0fdbb806e2df2c734c835a24f7a0eff3e2906227d42e22a
pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 14f7c487e2899edef1882bad0ae2d43f
SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d
pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm
File outdated by:  RHBA-2012:1498
    MD5: fc61a74742aa8dc37ff22cdaab442168
SHA-256: 151899551bc8573c1d3359f50200a0d853e2928406d5e5cc45518f407535070d
pango-devel-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 9210311431e98531ebd606bc78123d00
SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d
pango-devel-1.28.1-3.el6_0.5.x86_64.rpm
File outdated by:  RHBA-2012:1498
    MD5: 675e9bf04495909cce6d1f281ecb0ea5
SHA-256: 62161dab774fd4f75066af4997607f2d91498b1e708d53c27c856d319e028a4f
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
pango-1.28.1-3.el6_0.5.src.rpm
File outdated by:  RHBA-2012:1498
    MD5: 5c3c84a3d055cf59d05244fa2af6c90b
SHA-256: dbb645b276e7a43a671f60ed04044e294ca32e4cc1ded786f00f4521a3d1a0c6
 
IA-32:
pango-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 34168f72af2441add27c1cda15d50453
SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd
pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 14f7c487e2899edef1882bad0ae2d43f
SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d
pango-devel-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 9210311431e98531ebd606bc78123d00
SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d
 
PPC:
pango-1.28.1-3.el6_0.5.ppc.rpm
File outdated by:  RHBA-2012:1498
    MD5: 5bd718430e25c7dc86a5784194df504c
SHA-256: 1c70ab1e989732aba87edcaaa0454dd62e4d9c7599e4ebda72401ab611ba21d9
pango-1.28.1-3.el6_0.5.ppc64.rpm
File outdated by:  RHBA-2012:1498
    MD5: 15d127419627b92bc1a55d6779ec4987
SHA-256: 3fa42c5b2d17da5d6a45af1e031efffc5479dbefc8ef3ba80a5a4a0136ccda12
pango-debuginfo-1.28.1-3.el6_0.5.ppc.rpm
File outdated by:  RHBA-2012:1498
    MD5: 02297aa06369ded0874744e16a5889e0
SHA-256: 04f22a85387e095001997e9f6445a25dec48c2f10bcdb0495ce9d4fad21a8968
pango-debuginfo-1.28.1-3.el6_0.5.ppc64.rpm
File outdated by:  RHBA-2012:1498
    MD5: 379abad19bbb5ad326e1197f3c1ed1a4
SHA-256: 0027b46561070127fd484658925e7bbd08539787115784579e0672515811e92e
pango-devel-1.28.1-3.el6_0.5.ppc.rpm
File outdated by:  RHBA-2012:1498
    MD5: d66913c16bd538287c53fdfc229fc619
SHA-256: 2c5928ffaece5c78819fa84506977dc1da26f690e1d929ac7e60d359bf6b1dd7
pango-devel-1.28.1-3.el6_0.5.ppc64.rpm
File outdated by:  RHBA-2012:1498
    MD5: 191dc4bc50bb7afac163105e779412dd
SHA-256: 84dba3565c90d6861ddad8b7b33a40077e5b043f7b629039c33e16584f5dfbb4
 
s390x:
pango-1.28.1-3.el6_0.5.s390.rpm
File outdated by:  RHBA-2012:1498
    MD5: 690f68f49824fc2823adb0f2ce0d9ae4
SHA-256: 8477e0554d6db16f279cad3dcb705a84be56ada2f75dd042cb10fe2c9e183995
pango-1.28.1-3.el6_0.5.s390x.rpm
File outdated by:  RHBA-2012:1498
    MD5: 12df697e2c454ae094b3b32259c3e6fd
SHA-256: 9046344db2ad6d83386bf9bb86f1c9b05a93d7b26027288f9d128a9c17497292
pango-debuginfo-1.28.1-3.el6_0.5.s390.rpm
File outdated by:  RHBA-2012:1498
    MD5: 6a0de2822a398c20f5f15610fc36c4ed
SHA-256: 6dd8ff723af3c4700842da9ee91305e7df70fa07bf79e4237d9e90065c75c87b
pango-debuginfo-1.28.1-3.el6_0.5.s390x.rpm
File outdated by:  RHBA-2012:1498
    MD5: 16e13cd95a3c61b72a1e5371ca98ae55
SHA-256: 02a684028fb7f39c315bd108de1d34ed2887c0df196af512fe6a046f06af438a
pango-devel-1.28.1-3.el6_0.5.s390.rpm
File outdated by:  RHBA-2012:1498
    MD5: 7347393e4d94ec44e1920e5853b92cd6
SHA-256: b318b055a5b52aa9cfe5e000bb3e7b9f50dfb4403cd1676a553ddca6d02c5b85
pango-devel-1.28.1-3.el6_0.5.s390x.rpm
File outdated by:  RHBA-2012:1498
    MD5: 2946470a29fb8a24de4e14054eb907cb
SHA-256: 2bf72ddebf7db2496545e8620662ca546473a126facd0279347587d180a4c137
 
x86_64:
pango-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 34168f72af2441add27c1cda15d50453
SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd
pango-1.28.1-3.el6_0.5.x86_64.rpm
File outdated by:  RHBA-2012:1498
    MD5: 1d72fb45d11989e339fdcb76f59f8c36
SHA-256: 451d8fab3b9901c4c0fdbb806e2df2c734c835a24f7a0eff3e2906227d42e22a
pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 14f7c487e2899edef1882bad0ae2d43f
SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d
pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm
File outdated by:  RHBA-2012:1498
    MD5: fc61a74742aa8dc37ff22cdaab442168
SHA-256: 151899551bc8573c1d3359f50200a0d853e2928406d5e5cc45518f407535070d
pango-devel-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 9210311431e98531ebd606bc78123d00
SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d
pango-devel-1.28.1-3.el6_0.5.x86_64.rpm
File outdated by:  RHBA-2012:1498
    MD5: 675e9bf04495909cce6d1f281ecb0ea5
SHA-256: 62161dab774fd4f75066af4997607f2d91498b1e708d53c27c856d319e028a4f
 
Red Hat Enterprise Linux Server EUS (v. 6.0.z)

SRPMS:
pango-1.28.1-3.el6_0.5.src.rpm
File outdated by:  RHBA-2012:1498
    MD5: 5c3c84a3d055cf59d05244fa2af6c90b
SHA-256: dbb645b276e7a43a671f60ed04044e294ca32e4cc1ded786f00f4521a3d1a0c6
 
IA-32:
pango-1.28.1-3.el6_0.5.i686.rpm     MD5: 34168f72af2441add27c1cda15d50453
SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd
pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm     MD5: 14f7c487e2899edef1882bad0ae2d43f
SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d
pango-devel-1.28.1-3.el6_0.5.i686.rpm     MD5: 9210311431e98531ebd606bc78123d00
SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d
 
PPC:
pango-1.28.1-3.el6_0.5.ppc.rpm     MD5: 5bd718430e25c7dc86a5784194df504c
SHA-256: 1c70ab1e989732aba87edcaaa0454dd62e4d9c7599e4ebda72401ab611ba21d9
pango-1.28.1-3.el6_0.5.ppc64.rpm     MD5: 15d127419627b92bc1a55d6779ec4987
SHA-256: 3fa42c5b2d17da5d6a45af1e031efffc5479dbefc8ef3ba80a5a4a0136ccda12
pango-debuginfo-1.28.1-3.el6_0.5.ppc.rpm     MD5: 02297aa06369ded0874744e16a5889e0
SHA-256: 04f22a85387e095001997e9f6445a25dec48c2f10bcdb0495ce9d4fad21a8968
pango-debuginfo-1.28.1-3.el6_0.5.ppc64.rpm     MD5: 379abad19bbb5ad326e1197f3c1ed1a4
SHA-256: 0027b46561070127fd484658925e7bbd08539787115784579e0672515811e92e
pango-devel-1.28.1-3.el6_0.5.ppc.rpm     MD5: d66913c16bd538287c53fdfc229fc619
SHA-256: 2c5928ffaece5c78819fa84506977dc1da26f690e1d929ac7e60d359bf6b1dd7
pango-devel-1.28.1-3.el6_0.5.ppc64.rpm     MD5: 191dc4bc50bb7afac163105e779412dd
SHA-256: 84dba3565c90d6861ddad8b7b33a40077e5b043f7b629039c33e16584f5dfbb4
 
s390x:
pango-1.28.1-3.el6_0.5.s390.rpm     MD5: 690f68f49824fc2823adb0f2ce0d9ae4
SHA-256: 8477e0554d6db16f279cad3dcb705a84be56ada2f75dd042cb10fe2c9e183995
pango-1.28.1-3.el6_0.5.s390x.rpm     MD5: 12df697e2c454ae094b3b32259c3e6fd
SHA-256: 9046344db2ad6d83386bf9bb86f1c9b05a93d7b26027288f9d128a9c17497292
pango-debuginfo-1.28.1-3.el6_0.5.s390.rpm     MD5: 6a0de2822a398c20f5f15610fc36c4ed
SHA-256: 6dd8ff723af3c4700842da9ee91305e7df70fa07bf79e4237d9e90065c75c87b
pango-debuginfo-1.28.1-3.el6_0.5.s390x.rpm     MD5: 16e13cd95a3c61b72a1e5371ca98ae55
SHA-256: 02a684028fb7f39c315bd108de1d34ed2887c0df196af512fe6a046f06af438a
pango-devel-1.28.1-3.el6_0.5.s390.rpm     MD5: 7347393e4d94ec44e1920e5853b92cd6
SHA-256: b318b055a5b52aa9cfe5e000bb3e7b9f50dfb4403cd1676a553ddca6d02c5b85
pango-devel-1.28.1-3.el6_0.5.s390x.rpm     MD5: 2946470a29fb8a24de4e14054eb907cb
SHA-256: 2bf72ddebf7db2496545e8620662ca546473a126facd0279347587d180a4c137
 
x86_64:
pango-1.28.1-3.el6_0.5.i686.rpm     MD5: 34168f72af2441add27c1cda15d50453
SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd
pango-1.28.1-3.el6_0.5.x86_64.rpm     MD5: 1d72fb45d11989e339fdcb76f59f8c36
SHA-256: 451d8fab3b9901c4c0fdbb806e2df2c734c835a24f7a0eff3e2906227d42e22a
pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm     MD5: 14f7c487e2899edef1882bad0ae2d43f
SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d
pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm     MD5: fc61a74742aa8dc37ff22cdaab442168
SHA-256: 151899551bc8573c1d3359f50200a0d853e2928406d5e5cc45518f407535070d
pango-devel-1.28.1-3.el6_0.5.i686.rpm     MD5: 9210311431e98531ebd606bc78123d00
SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d
pango-devel-1.28.1-3.el6_0.5.x86_64.rpm     MD5: 675e9bf04495909cce6d1f281ecb0ea5
SHA-256: 62161dab774fd4f75066af4997607f2d91498b1e708d53c27c856d319e028a4f
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
pango-1.28.1-3.el6_0.5.src.rpm
File outdated by:  RHBA-2012:1498
    MD5: 5c3c84a3d055cf59d05244fa2af6c90b
SHA-256: dbb645b276e7a43a671f60ed04044e294ca32e4cc1ded786f00f4521a3d1a0c6
 
IA-32:
pango-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 34168f72af2441add27c1cda15d50453
SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd
pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 14f7c487e2899edef1882bad0ae2d43f
SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d
pango-devel-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 9210311431e98531ebd606bc78123d00
SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d
 
x86_64:
pango-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 34168f72af2441add27c1cda15d50453
SHA-256: ad3ede6683de719826ef91fc5d529b0ca84cff9039f84bdf5396f3d8494076bd
pango-1.28.1-3.el6_0.5.x86_64.rpm
File outdated by:  RHBA-2012:1498
    MD5: 1d72fb45d11989e339fdcb76f59f8c36
SHA-256: 451d8fab3b9901c4c0fdbb806e2df2c734c835a24f7a0eff3e2906227d42e22a
pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 14f7c487e2899edef1882bad0ae2d43f
SHA-256: 4ce61888c8896285556aada90afad1e29ef99903bf1bbf8e98e4b8767b9a990d
pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm
File outdated by:  RHBA-2012:1498
    MD5: fc61a74742aa8dc37ff22cdaab442168
SHA-256: 151899551bc8573c1d3359f50200a0d853e2928406d5e5cc45518f407535070d
pango-devel-1.28.1-3.el6_0.5.i686.rpm
File outdated by:  RHBA-2012:1498
    MD5: 9210311431e98531ebd606bc78123d00
SHA-256: 6bd6aa59ba2a569d1a629dadaedaee2b9090b2600d7fb02ffb0d036b7f66c69d
pango-devel-1.28.1-3.el6_0.5.x86_64.rpm
File outdated by:  RHBA-2012:1498
    MD5: 675e9bf04495909cce6d1f281ecb0ea5
SHA-256: 62161dab774fd4f75066af4997607f2d91498b1e708d53c27c856d319e028a4f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

678563 - CVE-2011-0064 pango: missing memory reallocation failure checking in hb_buffer_ensure


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/