Skip to navigation

Security Advisory Moderate: evolution28-pango security update

Advisory: RHSA-2011:1325-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-09-21
Last updated on: 2011-09-21
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2011-3193

Details

Updated evolution28-pango packages that fix one security issue are now
available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Pango is a library used for the layout and rendering of internationalized
text.

A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping
engine used in Pango. If a user loaded a specially-crafted font file with
an application that uses Pango, it could cause the application to crash or,
possibly, execute arbitrary code with the privileges of the user running
the application. (CVE-2011-3193)

Users of evolution28-pango are advised to upgrade to these updated
packages, which contain a backported patch to resolve this issue. After
installing this update, you must restart your system or restart the X
server for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
evolution28-pango-1.14.9-13.el4_11.src.rpm     MD5: 350e4fe14ce70e159fa7086b9feeeb24
SHA-256: 6946ee61d578ff829cf29f5d280970737c6d809338307a37f9f1c3d0adaf9a9b
 
IA-32:
evolution28-pango-1.14.9-13.el4_11.i386.rpm     MD5: bc4e8d51314b51c3cb16d3fe774d5b79
SHA-256: ebfd6cab0ca2391690d3f4800e4bbac3ceee2ad85313268569817532836ed89d
evolution28-pango-devel-1.14.9-13.el4_11.i386.rpm     MD5: 67f53821a9b85d64f36b9f7e112cee36
SHA-256: 137d49ea216f706c1c279c91a947af5807770fa6b2ea13dbabb03e21d39df3a3
 
x86_64:
evolution28-pango-1.14.9-13.el4_11.x86_64.rpm     MD5: c6a8c9e9b84c1284abe2ffc6ac038949
SHA-256: cbc21ffa3e6828b7bbcfe649285e9e7aeb7e2a02447f87c56907b48a1deeb041
evolution28-pango-devel-1.14.9-13.el4_11.x86_64.rpm     MD5: 69e2c607e7cd2bfd578986036f109941
SHA-256: 8e6a23828ad5c53928d2ff44b00507c68bb97fd71da41d9d209c73f6b4d6b7d3
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
evolution28-pango-1.14.9-13.el4_11.src.rpm     MD5: 350e4fe14ce70e159fa7086b9feeeb24
SHA-256: 6946ee61d578ff829cf29f5d280970737c6d809338307a37f9f1c3d0adaf9a9b
 
IA-32:
evolution28-pango-1.14.9-13.el4_11.i386.rpm     MD5: bc4e8d51314b51c3cb16d3fe774d5b79
SHA-256: ebfd6cab0ca2391690d3f4800e4bbac3ceee2ad85313268569817532836ed89d
evolution28-pango-devel-1.14.9-13.el4_11.i386.rpm     MD5: 67f53821a9b85d64f36b9f7e112cee36
SHA-256: 137d49ea216f706c1c279c91a947af5807770fa6b2ea13dbabb03e21d39df3a3
 
IA-64:
evolution28-pango-1.14.9-13.el4_11.ia64.rpm     MD5: b3c77e50787712cbcea6bceaedba27d7
SHA-256: cbf479362c2cfdf19ff195092f31177e0f14d2d01e86bfb6a83aba67c5c21f50
evolution28-pango-devel-1.14.9-13.el4_11.ia64.rpm     MD5: 166763c758ab0b71f6cc349f2dfd1d7f
SHA-256: e35642452691b4266a9c57191bed1b8195a83327995cf1b1b93c105d64cf7479
 
PPC:
evolution28-pango-1.14.9-13.el4_11.ppc.rpm     MD5: b9ccddf0772427a05eca15b4a997a438
SHA-256: d6d9ceb1c9665d13836ba84ac1870d052fed6d9dd2e83f71f1f506cfb50c09e1
evolution28-pango-devel-1.14.9-13.el4_11.ppc.rpm     MD5: f865eef6357a6395bb706bd6bd0da104
SHA-256: c898be75b31f5b455cf8790a8cf30d524989634af6ae3e488d637a6a8bc45cc7
 
s390:
evolution28-pango-1.14.9-13.el4_11.s390.rpm     MD5: e689c3fb46f31055fa2617d9e9807c66
SHA-256: dd15795d396661b14ddc2d33387d646f2a58d59a40d5b839d8598beb1b7c15ac
evolution28-pango-devel-1.14.9-13.el4_11.s390.rpm     MD5: 342ee4a2a4ce4f9c626adf701b0b5938
SHA-256: 8e4bd685dd1391452f82aa75f36d8a029489471adec53350bd847712d62172b7
 
s390x:
evolution28-pango-1.14.9-13.el4_11.s390x.rpm     MD5: 8a92cc168bb83f3fdb169fee341801be
SHA-256: 4e530c20b7dfc49175d3a21451a73d89367b11058f207f2334be4b5af39899ef
evolution28-pango-devel-1.14.9-13.el4_11.s390x.rpm     MD5: 8a65babab8a78ed1e860db99fdec3f69
SHA-256: b7dcc78618b93f2e8987a8f02692a368835e9673aeedc43597c38bf5c38fd782
 
x86_64:
evolution28-pango-1.14.9-13.el4_11.x86_64.rpm     MD5: c6a8c9e9b84c1284abe2ffc6ac038949
SHA-256: cbc21ffa3e6828b7bbcfe649285e9e7aeb7e2a02447f87c56907b48a1deeb041
evolution28-pango-devel-1.14.9-13.el4_11.x86_64.rpm     MD5: 69e2c607e7cd2bfd578986036f109941
SHA-256: 8e6a23828ad5c53928d2ff44b00507c68bb97fd71da41d9d209c73f6b4d6b7d3
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
evolution28-pango-1.14.9-13.el4_11.src.rpm     MD5: 350e4fe14ce70e159fa7086b9feeeb24
SHA-256: 6946ee61d578ff829cf29f5d280970737c6d809338307a37f9f1c3d0adaf9a9b
 
IA-32:
evolution28-pango-1.14.9-13.el4_11.i386.rpm     MD5: bc4e8d51314b51c3cb16d3fe774d5b79
SHA-256: ebfd6cab0ca2391690d3f4800e4bbac3ceee2ad85313268569817532836ed89d
evolution28-pango-devel-1.14.9-13.el4_11.i386.rpm     MD5: 67f53821a9b85d64f36b9f7e112cee36
SHA-256: 137d49ea216f706c1c279c91a947af5807770fa6b2ea13dbabb03e21d39df3a3
 
IA-64:
evolution28-pango-1.14.9-13.el4_11.ia64.rpm     MD5: b3c77e50787712cbcea6bceaedba27d7
SHA-256: cbf479362c2cfdf19ff195092f31177e0f14d2d01e86bfb6a83aba67c5c21f50
evolution28-pango-devel-1.14.9-13.el4_11.ia64.rpm     MD5: 166763c758ab0b71f6cc349f2dfd1d7f
SHA-256: e35642452691b4266a9c57191bed1b8195a83327995cf1b1b93c105d64cf7479
 
x86_64:
evolution28-pango-1.14.9-13.el4_11.x86_64.rpm     MD5: c6a8c9e9b84c1284abe2ffc6ac038949
SHA-256: cbc21ffa3e6828b7bbcfe649285e9e7aeb7e2a02447f87c56907b48a1deeb041
evolution28-pango-devel-1.14.9-13.el4_11.x86_64.rpm     MD5: 69e2c607e7cd2bfd578986036f109941
SHA-256: 8e6a23828ad5c53928d2ff44b00507c68bb97fd71da41d9d209c73f6b4d6b7d3
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
evolution28-pango-1.14.9-13.el4_11.src.rpm     MD5: 350e4fe14ce70e159fa7086b9feeeb24
SHA-256: 6946ee61d578ff829cf29f5d280970737c6d809338307a37f9f1c3d0adaf9a9b
 
IA-32:
evolution28-pango-1.14.9-13.el4_11.i386.rpm     MD5: bc4e8d51314b51c3cb16d3fe774d5b79
SHA-256: ebfd6cab0ca2391690d3f4800e4bbac3ceee2ad85313268569817532836ed89d
evolution28-pango-devel-1.14.9-13.el4_11.i386.rpm     MD5: 67f53821a9b85d64f36b9f7e112cee36
SHA-256: 137d49ea216f706c1c279c91a947af5807770fa6b2ea13dbabb03e21d39df3a3
 
IA-64:
evolution28-pango-1.14.9-13.el4_11.ia64.rpm     MD5: b3c77e50787712cbcea6bceaedba27d7
SHA-256: cbf479362c2cfdf19ff195092f31177e0f14d2d01e86bfb6a83aba67c5c21f50
evolution28-pango-devel-1.14.9-13.el4_11.ia64.rpm     MD5: 166763c758ab0b71f6cc349f2dfd1d7f
SHA-256: e35642452691b4266a9c57191bed1b8195a83327995cf1b1b93c105d64cf7479
 
x86_64:
evolution28-pango-1.14.9-13.el4_11.x86_64.rpm     MD5: c6a8c9e9b84c1284abe2ffc6ac038949
SHA-256: cbc21ffa3e6828b7bbcfe649285e9e7aeb7e2a02447f87c56907b48a1deeb041
evolution28-pango-devel-1.14.9-13.el4_11.x86_64.rpm     MD5: 69e2c607e7cd2bfd578986036f109941
SHA-256: 8e6a23828ad5c53928d2ff44b00507c68bb97fd71da41d9d209c73f6b4d6b7d3
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

733118 - CVE-2011-3193 qt/harfbuzz buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/