Test ID:	1.3.6.1.4.1.25623.1.0.63963
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1798-1)
Summary:	The remote host is missing an update for the Debian 'pango1.0' package(s) announced via the DSA-1798-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'pango1.0' package(s) announced via the DSA-1798-1 advisory. Vulnerability Insight: Will Drewry discovered that pango, a system for layout and rendering of internationalized text, is prone to an integer overflow via long glyphstrings. This could cause the execution of arbitrary code when displaying crafted data through an application using the pango library. For the oldstable distribution (etch), this problem has been fixed in version 1.14.8-5+etch1. For the stable distribution (lenny), this problem has been fixed in version 1.20.5-3+lenny1. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 1.24-1. We recommend that you upgrade your pango1.0 packages. Affected Software/OS: 'pango1.0' package(s) on Debian 4, Debian 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1194 1022196 http://www.securitytracker.com/id?1022196 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations http://www.securityfocus.com/archive/1/503349/100/0/threaded 264308 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 34870 http://www.securityfocus.com/bid/34870 35018 http://secunia.com/advisories/35018 35021 http://secunia.com/advisories/35021 35027 http://secunia.com/advisories/35027 35038 http://secunia.com/advisories/35038 35685 http://secunia.com/advisories/35685 35758 http://www.securityfocus.com/bid/35758 35914 http://secunia.com/advisories/35914 36005 http://secunia.com/advisories/36005 36145 http://secunia.com/advisories/36145 54279 http://osvdb.org/54279 ADV-2009-1269 http://www.vupen.com/english/advisories/2009/1269 ADV-2009-1972 http://www.vupen.com/english/advisories/2009/1972 DSA-1798 http://www.debian.org/security/2009/dsa-1798 RHSA-2009:0476 http://www.redhat.com/support/errata/RHSA-2009-0476.html SUSE-SA:2009:039 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html SUSE-SA:2009:042 http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html SUSE-SR:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html USN-773-1 http://www.ubuntu.com/usn/USN-773-1 [oss-security] 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations http://www.openwall.com/lists/oss-security/2009/05/07/1 http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e http://www.mozilla.org/security/announce/2009/mfsa2009-36.html http://www.ocert.org/advisories/ocert-2009-001.html https://bugzilla.mozilla.org/show_bug.cgi?id=480134 https://bugzilla.redhat.com/show_bug.cgi?id=496887 https://launchpad.net/bugs/cve/2009-1194 oval:org.mitre.oval:def:10137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137 pango-pangoglyphstringsetsize-bo(50397) https://exchange.xforce.ibmcloud.com/vulnerabilities/50397
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.