| Description: | Description:
The remote host is missing an update to pango1.0
announced via advisory USN-1082-1.
Details follow:
Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph
Definition (GDEF) tables. If a user were tricked into displaying text with
a specially-crafted font, an attacker could cause Pango to crash, resulting
in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10.
(CVE-2010-0421)
Dan Rosenberg discovered that Pango incorrectly handled certain FT_Bitmap
objects. If a user were tricked into displaying text with a specially-
crafted font, an attacker could cause a denial of service or execute
arbitrary code with privileges of the user invoking the program. The
default compiler options for affected releases should reduce the
vulnerability to a denial of service. (CVE-2011-0020)
It was discovered that Pango incorrectly handled certain memory
reallocation failures. If a user were tricked into displaying text in a way
that would cause a reallocation failure, an attacker could cause a denial
of service or execute arbitrary code with privileges of the user invoking
the program. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10.
(CVE-2011-0064)
Solution:
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libpango1.0-0 1.20.5-0ubuntu1.2
Ubuntu 9.10:
libpango1.0-0 1.26.0-1ubuntu0.1
Ubuntu 10.04 LTS:
gir1.0-pango-1.0 1.28.0-0ubuntu2.2
Ubuntu 10.10:
gir1.0-pango-1.0 1.28.2-0ubuntu1.1
After a standard system update you need to restart your session to make
all the necessary changes.
http://www.securityspace.com/smysecure/catid.html?in=USN-1082-1
Risk factor : High
CVSS Score:
7.6
|
