Test ID:	1.3.6.1.4.1.25623.1.0.831342
Category:	Mandrake Local Security Checks
Title:	Mandriva Update for pango MDVSA-2011:040 (pango)
Summary:	The remote host is missing an update for the 'pango'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'pango' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been found and corrected in pango: It was discovered that pango did not check for memory reallocation failures in hb_buffer_ensure() function. This could trigger a NULL pointer dereference in hb_buffer_add_glyph(), where possibly untrusted input is used as an index used for accessing members of the incorrectly reallocated array, resulting in the use of NULL address as the base array address. This can result in application crash or, possibly, code execution (CVE-2011-1002). The updated packages have been patched to correct this issue. Affected Software/OS: pango on Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1002 43361 http://secunia.com/advisories/43361 43465 http://secunia.com/advisories/43465 43605 http://secunia.com/advisories/43605 43673 http://secunia.com/advisories/43673 44131 http://secunia.com/advisories/44131 46446 http://www.securityfocus.com/bid/46446 70948 http://osvdb.org/70948 ADV-2011-0448 http://www.vupen.com/english/advisories/2011/0448 ADV-2011-0499 http://www.vupen.com/english/advisories/2011/0499 ADV-2011-0511 http://www.vupen.com/english/advisories/2011/0511 ADV-2011-0565 http://www.vupen.com/english/advisories/2011/0565 ADV-2011-0601 http://www.vupen.com/english/advisories/2011/0601 ADV-2011-0670 http://www.vupen.com/english/advisories/2011/0670 ADV-2011-0969 http://www.vupen.com/english/advisories/2011/0969 DSA-2174 http://www.debian.org/security/2011/dsa-2174 FEDORA-2011-3033 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html MDVSA-2011:037 http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 MDVSA-2011:040 http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 RHSA-2011:0436 http://www.redhat.com/support/errata/RHSA-2011-0436.html RHSA-2011:0779 http://www.redhat.com/support/errata/RHSA-2011-0779.html SUSE-SR:2011:005 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html USN-1084-1 http://ubuntu.com/usn/usn-1084-1 [oss-security] 20110218 CVE request: avahi daemon remote denial of service by sending NULL UDP http://openwall.com/lists/oss-security/2011/02/18/1 [oss-security] 20110218 Re: CVE request: avahi daemon remote denial of service by sending NULL UDP http://openwall.com/lists/oss-security/2011/02/18/4 [oss-security] 20110222 Re: [oss-security] CVE request: avahi daemon remote denial of service by sending NULL UDP http://www.openwall.com/lists/oss-security/2011/02/22/9 avahi-udp-dos(65524) https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 avahi-udp-packet-dos(65525) https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 http://avahi.org/ticket/325 http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ https://bugzilla.redhat.com/show_bug.cgi?id=667187
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.