Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.831342
Category:Mandrake Local Security Checks
Title:Mandriva Update for pango MDVSA-2011:040 (pango)
Summary:The remote host is missing an update for the 'pango'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'pango'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability has been found and corrected in pango:

It was discovered that pango did not check for memory reallocation
failures in hb_buffer_ensure() function. This could trigger a NULL
pointer dereference in hb_buffer_add_glyph(), where possibly untrusted
input is used as an index used for accessing members of the incorrectly
reallocated array, resulting in the use of NULL address as the base
array address. This can result in application crash or, possibly,
code execution (CVE-2011-1002).

The updated packages have been patched to correct this issue.

Affected Software/OS:
pango on Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1002
BugTraq ID: 46446
http://www.securityfocus.com/bid/46446
Debian Security Information: DSA-2174 (Google Search)
http://www.debian.org/security/2011/dsa-2174
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:037
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/
http://openwall.com/lists/oss-security/2011/02/18/1
http://openwall.com/lists/oss-security/2011/02/18/4
http://www.openwall.com/lists/oss-security/2011/02/22/9
http://osvdb.org/70948
http://www.redhat.com/support/errata/RHSA-2011-0436.html
http://www.redhat.com/support/errata/RHSA-2011-0779.html
http://secunia.com/advisories/43361
http://secunia.com/advisories/43465
http://secunia.com/advisories/43605
http://secunia.com/advisories/43673
http://secunia.com/advisories/44131
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://ubuntu.com/usn/usn-1084-1
http://www.vupen.com/english/advisories/2011/0448
http://www.vupen.com/english/advisories/2011/0499
http://www.vupen.com/english/advisories/2011/0511
http://www.vupen.com/english/advisories/2011/0565
http://www.vupen.com/english/advisories/2011/0601
http://www.vupen.com/english/advisories/2011/0670
http://www.vupen.com/english/advisories/2011/0969
XForce ISS Database: avahi-udp-dos(65524)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65524
XForce ISS Database: avahi-udp-packet-dos(65525)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65525
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.