=========================================================== Ubuntu Security Notice USN-773-1 May 07, 2009 pango1.0 vulnerability CVE-2009-1194 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpango1.0-0 1.12.3-0ubuntu3.1 Ubuntu 8.04 LTS: libpango1.0-0 1.20.5-0ubuntu1.1 Ubuntu 8.10: libpango1.0-0 1.22.2-0ubuntu1.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Will Drewry discovered that Pango incorrectly handled rendering text with long glyphstrings. If a user were tricked into displaying specially crafted data with applications linked against Pango, such as Firefox, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.12.3-0ubuntu3.1.diff.gz Size/MD5: 4500 b522e8ff79f686ff3fdd493e8542349e http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.12.3-0ubuntu3.1.dsc Size/MD5: 1910 c8c30bddff7defeeee80a3610405df05 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.12.3.orig.tar.gz Size/MD5: 1707615 9abcbd996cdb1fcb6737100384a55be8 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-doc_1.12.3-0ubuntu3.1_all.deb Size/MD5: 205394 a80e88128fd7115254e3d5133987d4ee amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.12.3-0ubuntu3.1_amd64.deb Size/MD5: 677312 ecf591534d852001624f8435ede14209 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.12.3-0ubuntu3.1_amd64.deb Size/MD5: 315888 0073f3bd9ede36fdfa03dc1f607d03cb http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-common_1.12.3-0ubuntu3.1_amd64.deb Size/MD5: 35248 bb15526175751e55282920738df947e9 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.12.3-0ubuntu3.1_amd64.deb Size/MD5: 348382 001c8a9bfe194656728952d4a611e623 http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.12.3-0ubuntu3.1_amd64.udeb Size/MD5: 211678 37d27b670d2b6015ce58678356544370 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.12.3-0ubuntu3.1_i386.deb Size/MD5: 575498 85a732fe93794bde88a169cbe4fad19f http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.12.3-0ubuntu3.1_i386.deb Size/MD5: 281538 4bd301b06894d6cd4e1be81678b4be2c http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-common_1.12.3-0ubuntu3.1_i386.deb Size/MD5: 32432 7723b32675d6ad213e825e98287c7069 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.12.3-0ubuntu3.1_i386.deb Size/MD5: 300604 9ce8e8ef85c82cabaf4e8b7bfb801c05 http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.12.3-0ubuntu3.1_i386.udeb Size/MD5: 185128 15dfeed6702d8913ee23a9b89daaa27a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.12.3-0ubuntu3.1_powerpc.deb Size/MD5: 684284 3820ab5752792a0554d032237c6d049f http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.12.3-0ubuntu3.1_powerpc.deb Size/MD5: 296486 cf4c37e916fabb50bf1f9d6563cc3086 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-common_1.12.3-0ubuntu3.1_powerpc.deb Size/MD5: 36960 4711e9a7c92f656280145e09fabc54aa http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.12.3-0ubuntu3.1_powerpc.deb Size/MD5: 350058 c872e045849b8f4b34c90a44b7cbb08b http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.12.3-0ubuntu3.1_powerpc.udeb Size/MD5: 194288 9b65d99b129b9fc4189432fb3b686398 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.12.3-0ubuntu3.1_sparc.deb Size/MD5: 590364 bb12fd807bbe366bba5cb51a73ac2e86 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.12.3-0ubuntu3.1_sparc.deb Size/MD5: 285696 9e21a78eac3650c6382b56366e5c24da http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-common_1.12.3-0ubuntu3.1_sparc.deb Size/MD5: 32880 018271c1cffb4d64b6fb236f44dfba21 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.12.3-0ubuntu3.1_sparc.deb Size/MD5: 321630 ba578e44ca29ff4e09f091c0cbc4d710 http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.12.3-0ubuntu3.1_sparc.udeb Size/MD5: 184978 8e97c008133b2cf71c2db6734894bb5e Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.20.5-0ubuntu1.1.diff.gz Size/MD5: 28413 491d5425656032d156d4060f2708ac5b http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.20.5-0ubuntu1.1.dsc Size/MD5: 1327 8ad3e3939c92ab1511ac0f701438b23b http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.20.5.orig.tar.gz Size/MD5: 2071747 e0fac4c2c99d903fdec3f8db60107f36 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-common_1.20.5-0ubuntu1.1_all.deb Size/MD5: 63608 04b86269a4399c5cdf19db8c720e9a83 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-doc_1.20.5-0ubuntu1.1_all.deb Size/MD5: 277850 b35ee97b0108333b156c64b5a85f3bf0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-0ubuntu1.1_amd64.deb Size/MD5: 721712 5624508e825bbe5fd64de4716f6f3875 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.20.5-0ubuntu1.1_amd64.deb Size/MD5: 305670 2a54d8c485987a212e57f45252d5f27d http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.20.5-0ubuntu1.1_amd64.deb Size/MD5: 387426 601d99e237fb3b42f23703aebecd7c2e http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.20.5-0ubuntu1.1_amd64.udeb Size/MD5: 225982 24eab50f837e4df93c626e7c7704dbed i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-0ubuntu1.1_i386.deb Size/MD5: 683650 c81d2a42d181a27706d664c18930ba16 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.20.5-0ubuntu1.1_i386.deb Size/MD5: 283686 fc1ad92f46f1f2bf6da1b3c64ec1d96c http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.20.5-0ubuntu1.1_i386.deb Size/MD5: 348082 05b8b3b76d2765abc8bf57decd719f2b http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.20.5-0ubuntu1.1_i386.udeb Size/MD5: 209962 6054d5233f46eb1441a082e032b95f6b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-0ubuntu1.1_lpia.deb Size/MD5: 690498 b545625f176093f2319029b0150343f0 http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.20.5-0ubuntu1.1_lpia.deb Size/MD5: 281986 1689efa64b09f912c5dc7bd748c20198 http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.20.5-0ubuntu1.1_lpia.deb Size/MD5: 349140 0f04a29b457b62fc8a47a69cd7e7a17b http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.20.5-0ubuntu1.1_lpia.udeb Size/MD5: 209410 d07b5a41402030be7a48708052f44ae6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-0ubuntu1.1_powerpc.deb Size/MD5: 734052 afe9bf600732f91f80d53ab81e3b3bc2 http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.20.5-0ubuntu1.1_powerpc.deb Size/MD5: 299506 7705155e437bcc8b6a45e22ea1b6cf28 http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.20.5-0ubuntu1.1_powerpc.deb Size/MD5: 394560 62cab62f7bcc2b2b938f093a3208241c http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.20.5-0ubuntu1.1_powerpc.udeb Size/MD5: 221120 e913027b850970dce415b863cd46e37b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-0ubuntu1.1_sparc.deb Size/MD5: 656344 ce4cdf162e3d048722308ed068d67bbb http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.20.5-0ubuntu1.1_sparc.deb Size/MD5: 276904 b732040e5ee1ba793858b6f62613447d http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.20.5-0ubuntu1.1_sparc.deb Size/MD5: 361848 3b315e7cf8b0df498c022d3a9bc648d4 http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.20.5-0ubuntu1.1_sparc.udeb Size/MD5: 201780 714d774a93755adeb322ad4f5f241a6d Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.22.2-0ubuntu1.1.diff.gz Size/MD5: 29604 806703705b7572b9f8dca8d1acc5e290 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.22.2-0ubuntu1.1.dsc Size/MD5: 1821 a5c848d38d53c249bd7d234aaf3a2495 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.22.2.orig.tar.gz Size/MD5: 2129352 ac0187a02e34dd546f73647a7bc9d946 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-common_1.22.2-0ubuntu1.1_all.deb Size/MD5: 66420 80863edb6443bb20ce85e2669fa344db http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-doc_1.22.2-0ubuntu1.1_all.deb Size/MD5: 283724 7ebe97434d68260a1c60b8c336733578 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.22.2-0ubuntu1.1_amd64.deb Size/MD5: 784366 c32ef609c6f1f36ca64ed0a4fe7e52de http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.22.2-0ubuntu1.1_amd64.deb Size/MD5: 318300 a9ab95a8373d1a4ea5098c3ef617fee5 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.22.2-0ubuntu1.1_amd64.deb Size/MD5: 403124 39853f549a42966a5bdaa2eb990d681f http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.22.2-0ubuntu1.1_amd64.udeb Size/MD5: 237932 ae0fc762a8d1cdaad163d7ad03518bfe i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-dbg_1.22.2-0ubuntu1.1_i386.deb Size/MD5: 732012 d3edc099dadae3d1c4a73d43c1ce1ef2 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.22.2-0ubuntu1.1_i386.deb Size/MD5: 292710 0adfe076b366794ccc98b0937df79435 http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_1.22.2-0ubuntu1.1_i386.deb Size/MD5: 361702 a94869f26a32f8cf4ec0e70c66fc0421 http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-udeb_1.22.2-0ubuntu1.1_i386.udeb Size/MD5: 220458 92a7ba465b1339115ecbc7e5179aa586 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.22.2-0ubuntu1.1_lpia.deb Size/MD5: 739278 f7b7bf341c5356184876d8a2fc9bca88 http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.22.2-0ubuntu1.1_lpia.deb Size/MD5: 291002 3a21b8d4e5173b754c3c7d4e83dd3d8e http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.22.2-0ubuntu1.1_lpia.deb Size/MD5: 363694 d34b04083a45a6fec0d1ad03faf682c5 http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.22.2-0ubuntu1.1_lpia.udeb Size/MD5: 219562 3d4d190806c912cd36240ce0b3a5ff4d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.22.2-0ubuntu1.1_powerpc.deb Size/MD5: 785118 942bf391454fe269082057ddfba3f55d http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.22.2-0ubuntu1.1_powerpc.deb Size/MD5: 313364 74f49a139cfa99944281c39a92716f49 http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.22.2-0ubuntu1.1_powerpc.deb Size/MD5: 410838 286c7f55c0a2a134d716385b9ca766c9 http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.22.2-0ubuntu1.1_powerpc.udeb Size/MD5: 231958 4360108ddedf88938459fbd34975195c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.22.2-0ubuntu1.1_sparc.deb Size/MD5: 698562 5f196f28580241385bd77acd0cd72aad http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.22.2-0ubuntu1.1_sparc.deb Size/MD5: 289512 e7580d801de9a0532730a3ef1d315417 http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.22.2-0ubuntu1.1_sparc.deb Size/MD5: 376752 bcde95529c4e80a6f0aa140e40316fd3 http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.22.2-0ubuntu1.1_sparc.udeb Size/MD5: 212532 e18d12dbfb924f08d57869b5074310f0
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/