Mandriva Linux Security Advisory : pango (MDVSA-2010:121)

NASLDB: Mandriva Linux Security Advisory : pango (MDVSA-2010:121)

General

ID: 47115
Name: Mandriva Linux Security Advisory : pango (MDVSA-2010:121)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: –

Port: 0
Family: Mandriva Local Security Checks
Type: Local

Description

A vulnerability has been discovered and corrected in pango :

Array index error in the hb_ot_layout_build_glyph_classes function in
pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows
context-dependent attackers to cause a denial of service (application
crash) via a crafted font file, related to building a synthetic Glyph
Definition (aka GDEF) table by using this font’s charmap and the
Unicode property database (CVE-2010-0421).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4
90

The updated packages have been patched to correct this issue.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2010-0421
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2010/06/22
Plugin Release: 2010/06/23

Plugin

Version: 1.6
Filename: mandriva_MDVSA-2010-121.nasl
Filesize: 7068 bytes
MD5 Hash: 47a0c9454bc12b9883ad7e401325e84e

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG