Summary: | <x11-libs/pango-1.28.3-r1: missing memory reallocation failure checking in hb_buffer_ensure (CVE-2011-0064) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | fierevere, gnome |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=678563 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 352087 | ||
Bug Blocks: |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-03-02 07:55:28 UTC
https://bugzilla.redhat.com/show_bug.cgi?id=678563 has links to some patches. *** Bug 357781 has been marked as a duplicate of this bug. *** +*pango-1.28.3-r1 (12 Mar 2011) + + 12 Mar 2011; Pacho Ramos <pacho@gentoo.org> -files/pango-1.2.5-lib64.patch, + -pango-1.24.5-r1.ebuild, -files/pango-1.26.0-introspection-automagic.patch, + -pango-1.26.2.ebuild, +pango-1.28.3-r1.ebuild, + +files/pango-1.28.3-heap-corruption.patch, + +files/pango-1.28.3-malloc-failure.patch: + Fix security issues: CVE-2011-0020 and CVE-2011-0064. Remove old. + CVE-2011-0064 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0064): The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. This issue was resolved and addressed in GLSA 201405-13 at http://security.gentoo.org/glsa/glsa-201405-13.xml by GLSA coordinator Sean Amoss (ackle). |