Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:0476

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63949

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2009:0476

Resumen: The remote host is missing updates announced in;advisory RHSA-2009:0476.;;Pango is a library used for the layout and rendering of internationalized;text.;;Will Drewry discovered an integer overflow flaw in Pango's;pango_glyph_string_set_size() function. If an attacker is able to pass an;arbitrarily long string to Pango, it may be possible to execute arbitrary;code with the permissions of the application calling Pango. (CVE-2009-1194);;pango and evolution28-pango users are advised to upgrade to these updated;packages, which contain a backported patch to resolve this issue. After;installing this update, you must restart your system or restart the X;server for the update to take effect. Note: Restarting the X server closes;all open applications and logs you out of your session.

Descripción: Summary:
The remote host is missing updates announced in
advisory RHSA-2009:0476.

Pango is a library used for the layout and rendering of internationalized
text.

Will Drewry discovered an integer overflow flaw in Pango's
pango_glyph_string_set_size() function. If an attacker is able to pass an
arbitrarily long string to Pango, it may be possible to execute arbitrary
code with the permissions of the application calling Pango. (CVE-2009-1194)

pango and evolution28-pango users are advised to upgrade to these updated
packages, which contain a backported patch to resolve this issue. After
installing this update, you must restart your system or restart the X
server for the update to take effect. Note: Restarting the X server closes
all open applications and logs you out of your session.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1194
1022196
http://www.securitytracker.com/id?1022196
20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations
http://www.securityfocus.com/archive/1/503349/100/0/threaded
264308
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
34870
http://www.securityfocus.com/bid/34870
35018
http://secunia.com/advisories/35018
35021
http://secunia.com/advisories/35021
35027
http://secunia.com/advisories/35027
35038
http://secunia.com/advisories/35038
35685
http://secunia.com/advisories/35685
35758
http://www.securityfocus.com/bid/35758
35914
http://secunia.com/advisories/35914
36005
http://secunia.com/advisories/36005
36145
http://secunia.com/advisories/36145
54279
http://osvdb.org/54279
ADV-2009-1269
http://www.vupen.com/english/advisories/2009/1269
ADV-2009-1972
http://www.vupen.com/english/advisories/2009/1972
DSA-1798
http://www.debian.org/security/2009/dsa-1798
RHSA-2009:0476
http://www.redhat.com/support/errata/RHSA-2009-0476.html
SUSE-SA:2009:039
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html
SUSE-SA:2009:042
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html
SUSE-SR:2009:012
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
USN-773-1
http://www.ubuntu.com/usn/USN-773-1
[oss-security] 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations
http://www.openwall.com/lists/oss-security/2009/05/07/1
http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e
http://www.mozilla.org/security/announce/2009/mfsa2009-36.html
http://www.ocert.org/advisories/ocert-2009-001.html
https://bugzilla.mozilla.org/show_bug.cgi?id=480134
https://bugzilla.redhat.com/show_bug.cgi?id=496887
https://launchpad.net/bugs/cve/2009-1194
oval:org.mitre.oval:def:10137
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137
pango-pangoglyphstringsetsize-bo(50397)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50397

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63949
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:0476
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:0476.;;Pango is a library used for the layout and rendering of internationalized;text.;;Will Drewry discovered an integer overflow flaw in Pango's;pango_glyph_string_set_size() function. If an attacker is able to pass an;arbitrarily long string to Pango, it may be possible to execute arbitrary;code with the permissions of the application calling Pango. (CVE-2009-1194);;pango and evolution28-pango users are advised to upgrade to these updated;packages, which contain a backported patch to resolve this issue. After;installing this update, you must restart your system or restart the X;server for the update to take effect. Note: Restarting the X server closes;all open applications and logs you out of your session.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0476. Pango is a library used for the layout and rendering of internationalized text. Will Drewry discovered an integer overflow flaw in Pango's pango_glyph_string_set_size() function. If an attacker is able to pass an arbitrarily long string to Pango, it may be possible to execute arbitrary code with the permissions of the application calling Pango. (CVE-2009-1194) pango and evolution28-pango users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect. Note: Restarting the X server closes all open applications and logs you out of your session. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1194 1022196 http://www.securitytracker.com/id?1022196 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations http://www.securityfocus.com/archive/1/503349/100/0/threaded 264308 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 34870 http://www.securityfocus.com/bid/34870 35018 http://secunia.com/advisories/35018 35021 http://secunia.com/advisories/35021 35027 http://secunia.com/advisories/35027 35038 http://secunia.com/advisories/35038 35685 http://secunia.com/advisories/35685 35758 http://www.securityfocus.com/bid/35758 35914 http://secunia.com/advisories/35914 36005 http://secunia.com/advisories/36005 36145 http://secunia.com/advisories/36145 54279 http://osvdb.org/54279 ADV-2009-1269 http://www.vupen.com/english/advisories/2009/1269 ADV-2009-1972 http://www.vupen.com/english/advisories/2009/1972 DSA-1798 http://www.debian.org/security/2009/dsa-1798 RHSA-2009:0476 http://www.redhat.com/support/errata/RHSA-2009-0476.html SUSE-SA:2009:039 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html SUSE-SA:2009:042 http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html SUSE-SR:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html USN-773-1 http://www.ubuntu.com/usn/USN-773-1 [oss-security] 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations http://www.openwall.com/lists/oss-security/2009/05/07/1 http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e http://www.mozilla.org/security/announce/2009/mfsa2009-36.html http://www.ocert.org/advisories/ocert-2009-001.html https://bugzilla.mozilla.org/show_bug.cgi?id=480134 https://bugzilla.redhat.com/show_bug.cgi?id=496887 https://launchpad.net/bugs/cve/2009-1194 oval:org.mitre.oval:def:10137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137 pango-pangoglyphstringsetsize-bo(50397) https://exchange.xforce.ibmcloud.com/vulnerabilities/50397
Copyright	Copyright (C) 2009 E-Soft Inc.