Säkerhetsbulletin från Debian

DSA-1798-1 pango1.0 -- heltalsspill

Rapporterat den:
2009-05-10
Berörda paket:
pango1.0
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Debians felrapporteringssystem: Fel 527474.
I Mitres CVE-förteckning: CVE-2009-1194.
Ytterligare information:

Will Drewry upptäckte att pango, ett system för layout och rendering ev internationaliserad text, är sårbart för ett heltalsspill via långa glyfsträngar. Detta kunde leda till exekvering av godtycklig kod vid visning av specialskriven data genom en applikation som använder pango-biblioteket.

För den gamla stabila utgåvan (Etch) har detta problem rättats i version 1.14.8-5+etch1.

För den stabila utgåvan (Lenny) har detta problem rättats i version 1.20.5-3+lenny1.

För uttestningsutgåvan (Squeeze) och den instabila utgåvan (Sid) har detta problem rättats i version 1.24-1.

Vi rekommenderar att ni uppgraderar era pango1.0-paket.

Rättat i:

Debian GNU/Linux 4.0 (etch)

Källkod:
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8.orig.tar.gz
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8-5+etch1.diff.gz
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8-5+etch1.dsc
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-doc_1.14.8-5+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-common_1.14.8-5+etch1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_alpha.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_alpha.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_alpha.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_amd64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_amd64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_amd64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_amd64.udeb
ARM:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_arm.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_arm.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_arm.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_hppa.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_hppa.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_hppa.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_hppa.udeb
Intel IA-32:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_i386.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_i386.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_i386.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_i386.udeb
Intel IA-64:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_ia64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_ia64.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_ia64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_mips.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_mips.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_mips.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_mipsel.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_powerpc.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_s390.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_s390.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_s390.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_sparc.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_sparc.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_sparc.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_sparc.deb

Debian GNU/Linux 5.0 (lenny)

Källkod:
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5.orig.tar.gz
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-3+lenny1.diff.gz
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-3+lenny1.dsc
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-common_1.20.5-3+lenny1_all.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-doc_1.20.5-3+lenny1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_alpha.udeb
AMD64:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_amd64.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_arm.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_arm.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_arm.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_armel.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_armel.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_armel.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_hppa.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_i386.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_i386.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_i386.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_ia64.udeb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_mips.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_mips.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_mips.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_mipsel.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_powerpc.udeb
IBM S/390:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_s390.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_s390.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_s390.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_s390.udeb
Sun Sparc:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_sparc.udeb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.