A new Pango vulnerability update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-773-1 May 07, 2009
pango1.0 vulnerability
CVE-2009-1194
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libpango1.0-0 1.12.3-0ubuntu3.1
Ubuntu 8.04 LTS:
libpango1.0-0 1.20.5-0ubuntu1.1
Ubuntu 8.10:
libpango1.0-0 1.22.2-0ubuntu1.1
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
Will Drewry discovered that Pango incorrectly handled rendering text with
long glyphstrings. If a user were tricked into displaying specially crafted
data with applications linked against Pango, such as Firefox, an attacker
could cause a denial of service or execute arbitrary code with privileges
of the user invoking the program.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.12.3-=
0ubuntu3.1.diff.gz
Size/MD5: 4500 b522e8ff79f686ff3fdd493e8542349e
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.12.3-=
0ubuntu3.1.dsc
Size/MD5: 1910 c8c30bddff7defeeee80a3610405df05
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.12.3.=
orig.tar.gz
Size/MD5: 1707615 9abcbd996cdb1fcb6737100384a55be8
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-doc_=
1.12.3-0ubuntu3.1_all.deb
Size/MD5: 205394 a80e88128fd7115254e3d5133987d4ee
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-db=
g_1.12.3-0ubuntu3.1_amd64.deb
Size/MD5: 677312 ecf591534d852001624f8435ede14209
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.=
12.3-0ubuntu3.1_amd64.deb
Size/MD5: 315888 0073f3bd9ede36fdfa03dc1f607d03cb
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-comm=
on_1.12.3-0ubuntu3.1_amd64.deb
Size/MD5: 35248 bb15526175751e55282920738df947e9
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_=
1.12.3-0ubuntu3.1_amd64.deb
Size/MD5: 348382 001c8a9bfe194656728952d4a611e623
http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-=
udeb_1.12.3-0ubuntu3.1_amd64.udeb
Size/MD5: 211678 37d27b670d2b6015ce58678356544370
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-db=
g_1.12.3-0ubuntu3.1_i386.deb
Size/MD5: 575498 85a732fe93794bde88a169cbe4fad19f
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.=
12.3-0ubuntu3.1_i386.deb
Size/MD5: 281538 4bd301b06894d6cd4e1be81678b4be2c
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-comm=
on_1.12.3-0ubuntu3.1_i386.deb
Size/MD5: 32432 7723b32675d6ad213e825e98287c7069
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_=
1.12.3-0ubuntu3.1_i386.deb
Size/MD5: 300604 9ce8e8ef85c82cabaf4e8b7bfb801c05
http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-=
udeb_1.12.3-0ubuntu3.1_i386.udeb
Size/MD5: 185128 15dfeed6702d8913ee23a9b89daaa27a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-db=
g_1.12.3-0ubuntu3.1_powerpc.deb
Size/MD5: 684284 3820ab5752792a0554d032237c6d049f
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.=
12.3-0ubuntu3.1_powerpc.deb
Size/MD5: 296486 cf4c37e916fabb50bf1f9d6563cc3086
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-comm=
on_1.12.3-0ubuntu3.1_powerpc.deb
Size/MD5: 36960 4711e9a7c92f656280145e09fabc54aa
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_=
1.12.3-0ubuntu3.1_powerpc.deb
Size/MD5: 350058 c872e045849b8f4b34c90a44b7cbb08b
http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-=
udeb_1.12.3-0ubuntu3.1_powerpc.udeb
Size/MD5: 194288 9b65d99b129b9fc4189432fb3b686398
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-db=
g_1.12.3-0ubuntu3.1_sparc.deb
Size/MD5: 590364 bb12fd807bbe366bba5cb51a73ac2e86
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.=
12.3-0ubuntu3.1_sparc.deb
Size/MD5: 285696 9e21a78eac3650c6382b56366e5c24da
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-comm=
on_1.12.3-0ubuntu3.1_sparc.deb
Size/MD5: 32880 018271c1cffb4d64b6fb236f44dfba21
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_=
1.12.3-0ubuntu3.1_sparc.deb
Size/MD5: 321630 ba578e44ca29ff4e09f091c0cbc4d710
http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-=
udeb_1.12.3-0ubuntu3.1_sparc.udeb
Size/MD5: 184978 8e97c008133b2cf71c2db6734894bb5e
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.20.5-=
0ubuntu1.1.diff.gz
Size/MD5: 28413 491d5425656032d156d4060f2708ac5b
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.20.5-=
0ubuntu1.1.dsc
Size/MD5: 1327 8ad3e3939c92ab1511ac0f701438b23b
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.20.5.=
orig.tar.gz
Size/MD5: 2071747 e0fac4c2c99d903fdec3f8db60107f36
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-comm=
on_1.20.5-0ubuntu1.1_all.deb
Size/MD5: 63608 04b86269a4399c5cdf19db8c720e9a83
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-doc_=
1.20.5-0ubuntu1.1_all.deb
Size/MD5: 277850 b35ee97b0108333b156c64b5a85f3bf0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-db=
g_1.20.5-0ubuntu1.1_amd64.deb
Size/MD5: 721712 5624508e825bbe5fd64de4716f6f3875
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.=
20.5-0ubuntu1.1_amd64.deb
Size/MD5: 305670 2a54d8c485987a212e57f45252d5f27d
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_=
1.20.5-0ubuntu1.1_amd64.deb
Size/MD5: 387426 601d99e237fb3b42f23703aebecd7c2e
http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-=
udeb_1.20.5-0ubuntu1.1_amd64.udeb
Size/MD5: 225982 24eab50f837e4df93c626e7c7704dbed
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-db=
g_1.20.5-0ubuntu1.1_i386.deb
Size/MD5: 683650 c81d2a42d181a27706d664c18930ba16
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.=
20.5-0ubuntu1.1_i386.deb
Size/MD5: 283686 fc1ad92f46f1f2bf6da1b3c64ec1d96c
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_=
1.20.5-0ubuntu1.1_i386.deb
Size/MD5: 348082 05b8b3b76d2765abc8bf57decd719f2b
http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-=
udeb_1.20.5-0ubuntu1.1_i386.udeb
Size/MD5: 209962 6054d5233f46eb1441a082e032b95f6b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-0=
ubuntu1.1_lpia.deb
Size/MD5: 690498 b545625f176093f2319029b0150343f0
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.20.5-0ubun=
tu1.1_lpia.deb
Size/MD5: 281986 1689efa64b09f912c5dc7bd748c20198
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.20.5-0ub=
untu1.1_lpia.deb
Size/MD5: 349140 0f04a29b457b62fc8a47a69cd7e7a17b
http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.20.=
5-0ubuntu1.1_lpia.udeb
Size/MD5: 209410 d07b5a41402030be7a48708052f44ae6
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-0=
ubuntu1.1_powerpc.deb
Size/MD5: 734052 afe9bf600732f91f80d53ab81e3b3bc2
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.20.5-0ubun=
tu1.1_powerpc.deb
Size/MD5: 299506 7705155e437bcc8b6a45e22ea1b6cf28
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.20.5-0ub=
untu1.1_powerpc.deb
Size/MD5: 394560 62cab62f7bcc2b2b938f093a3208241c
http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.20.=
5-0ubuntu1.1_powerpc.udeb
Size/MD5: 221120 e913027b850970dce415b863cd46e37b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-0=
ubuntu1.1_sparc.deb
Size/MD5: 656344 ce4cdf162e3d048722308ed068d67bbb
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.20.5-0ubun=
tu1.1_sparc.deb
Size/MD5: 276904 b732040e5ee1ba793858b6f62613447d
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.20.5-0ub=
untu1.1_sparc.deb
Size/MD5: 361848 3b315e7cf8b0df498c022d3a9bc648d4
http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.20.=
5-0ubuntu1.1_sparc.udeb
Size/MD5: 201780 714d774a93755adeb322ad4f5f241a6d
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.22.2-=
0ubuntu1.1.diff.gz
Size/MD5: 29604 806703705b7572b9f8dca8d1acc5e290
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.22.2-=
0ubuntu1.1.dsc
Size/MD5: 1821 a5c848d38d53c249bd7d234aaf3a2495
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/pango1.0_1.22.2.=
orig.tar.gz
Size/MD5: 2129352 ac0187a02e34dd546f73647a7bc9d946
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-comm=
on_1.22.2-0ubuntu1.1_all.deb
Size/MD5: 66420 80863edb6443bb20ce85e2669fa344db
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-doc_=
1.22.2-0ubuntu1.1_all.deb
Size/MD5: 283724 7ebe97434d68260a1c60b8c336733578
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-db=
g_1.22.2-0ubuntu1.1_amd64.deb
Size/MD5: 784366 c32ef609c6f1f36ca64ed0a4fe7e52de
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.=
22.2-0ubuntu1.1_amd64.deb
Size/MD5: 318300 a9ab95a8373d1a4ea5098c3ef617fee5
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_=
1.22.2-0ubuntu1.1_amd64.deb
Size/MD5: 403124 39853f549a42966a5bdaa2eb990d681f
http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-=
udeb_1.22.2-0ubuntu1.1_amd64.udeb
Size/MD5: 237932 ae0fc762a8d1cdaad163d7ad03518bfe
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0-db=
g_1.22.2-0ubuntu1.1_i386.deb
Size/MD5: 732012 d3edc099dadae3d1c4a73d43c1ce1ef2
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-0_1.=
22.2-0ubuntu1.1_i386.deb
Size/MD5: 292710 0adfe076b366794ccc98b0937df79435
http://security.ubuntu.com/ubuntu/pool/main/p/pango1.0/libpango1.0-dev_=
1.22.2-0ubuntu1.1_i386.deb
Size/MD5: 361702 a94869f26a32f8cf4ec0e70c66fc0421
http://security.ubuntu.com/ubuntu/pool/universe/p/pango1.0/libpango1.0-=
udeb_1.22.2-0ubuntu1.1_i386.udeb
Size/MD5: 220458 92a7ba465b1339115ecbc7e5179aa586
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.22.2-0=
ubuntu1.1_lpia.deb
Size/MD5: 739278 f7b7bf341c5356184876d8a2fc9bca88
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.22.2-0ubun=
tu1.1_lpia.deb
Size/MD5: 291002 3a21b8d4e5173b754c3c7d4e83dd3d8e
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.22.2-0ub=
untu1.1_lpia.deb
Size/MD5: 363694 d34b04083a45a6fec0d1ad03faf682c5
http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.22.=
2-0ubuntu1.1_lpia.udeb
Size/MD5: 219562 3d4d190806c912cd36240ce0b3a5ff4d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.22.2-0=
ubuntu1.1_powerpc.deb
Size/MD5: 785118 942bf391454fe269082057ddfba3f55d
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.22.2-0ubun=
tu1.1_powerpc.deb
Size/MD5: 313364 74f49a139cfa99944281c39a92716f49
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.22.2-0ub=
untu1.1_powerpc.deb
Size/MD5: 410838 286c7f55c0a2a134d716385b9ca766c9
http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.22.=
2-0ubuntu1.1_powerpc.udeb
Size/MD5: 231958 4360108ddedf88938459fbd34975195c
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0-dbg_1.22.2-0=
ubuntu1.1_sparc.deb
Size/MD5: 698562 5f196f28580241385bd77acd0cd72aad
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-0_1.22.2-0ubun=
tu1.1_sparc.deb
Size/MD5: 289512 e7580d801de9a0532730a3ef1d315417
http://ports.ubuntu.com/pool/main/p/pango1.0/libpango1.0-dev_1.22.2-0ub=
untu1.1_sparc.deb
Size/MD5: 376752 bcde95529c4e80a6f0aa140e40316fd3
http://ports.ubuntu.com/pool/universe/p/pango1.0/libpango1.0-udeb_1.22.=
2-0ubuntu1.1_sparc.udeb
Size/MD5: 212532 e18d12dbfb924f08d57869b5074310f0
--=-eqB3LrjNlabjO3oZ/PrM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkoDKCQACgkQLMAs/0C4zNoe/QCaA+6eajnInBQ+QybZcbyr3eWK
p90An2MX9900yZddSUpjbFsRbtUuaJuz
=MIBS
-----END PGP SIGNATURE-----