Lucene search

DebianDEBIAN:DSA-4496-1:E464D

HistoryAug 11, 2019 - 3:18 p.m.

[SECURITY] [DSA 4496-1] pango1.0 security update

2019-08-1115:18:59

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

JSON

Debian Security Advisory DSA-4496-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
August 11, 2019 https://www.debian.org/security/faq

Package : pango1.0
CVE ID : CVE-2019-1010238
Debian Bug : 933860

Benno Fuenfstueck discovered that Pango, a library for layout and
rendering of text with an emphasis on internationalization, is prone to a
heap-based buffer overflow flaw in the pango_log2vis_get_embedding_levels
function. An attacker can take advantage of this flaw for denial of
service or potentially the execution of arbitrary code.

For the stable distribution (buster), this problem has been fixed in
version 1.42.4-7~deb10u1.

We recommend that you upgrade your pango1.0 packages.

For the detailed security status of pango1.0 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/pango1.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10armellibpango-1.0-0< 1.42.4-7~deb10u1libpango-1.0-0_1.42.4-7~deb10u1_armel.deb
Debian10mipsellibpangoft2-1.0-0< 1.42.4-7~deb10u1libpangoft2-1.0-0_1.42.4-7~deb10u1_mipsel.deb
Debian10ppc64ellibpangoxft-1.0-0-dbgsym< 1.42.4-7~deb10u1libpangoxft-1.0-0-dbgsym_1.42.4-7~deb10u1_ppc64el.deb
Debian10i386libpangoft2-1.0-0-dbgsym< 1.42.4-7~deb10u1libpangoft2-1.0-0-dbgsym_1.42.4-7~deb10u1_i386.deb
Debian10ppc64ellibpangocairo-1.0-0-dbgsym< 1.42.4-7~deb10u1libpangocairo-1.0-0-dbgsym_1.42.4-7~deb10u1_ppc64el.deb
Debian10mipselpango1.0-tests-dbgsym< 1.42.4-7~deb10u1pango1.0-tests-dbgsym_1.42.4-7~deb10u1_mipsel.deb
Debian10armhflibpango1.0-0< 1.42.4-7~deb10u1libpango1.0-0_1.42.4-7~deb10u1_armhf.deb
Debian10armellibpangoxft-1.0-0-dbgsym< 1.42.4-7~deb10u1libpangoxft-1.0-0-dbgsym_1.42.4-7~deb10u1_armel.deb
Debian10amd64pango1.0-tests-dbgsym< 1.42.4-7~deb10u1pango1.0-tests-dbgsym_1.42.4-7~deb10u1_amd64.deb
Debian10amd64libpangoxft-1.0-0-dbgsym< 1.42.4-7~deb10u1libpangoxft-1.0-0-dbgsym_1.42.4-7~deb10u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	armel	libpango-1.0-0	< 1.42.4-7~deb10u1	libpango-1.0-0_1.42.4-7~deb10u1_armel.deb
Debian	10	mipsel	libpangoft2-1.0-0	< 1.42.4-7~deb10u1	libpangoft2-1.0-0_1.42.4-7~deb10u1_mipsel.deb
Debian	10	ppc64el	libpangoxft-1.0-0-dbgsym	< 1.42.4-7~deb10u1	libpangoxft-1.0-0-dbgsym_1.42.4-7~deb10u1_ppc64el.deb
Debian	10	i386	libpangoft2-1.0-0-dbgsym	< 1.42.4-7~deb10u1	libpangoft2-1.0-0-dbgsym_1.42.4-7~deb10u1_i386.deb
Debian	10	ppc64el	libpangocairo-1.0-0-dbgsym	< 1.42.4-7~deb10u1	libpangocairo-1.0-0-dbgsym_1.42.4-7~deb10u1_ppc64el.deb
Debian	10	mipsel	pango1.0-tests-dbgsym	< 1.42.4-7~deb10u1	pango1.0-tests-dbgsym_1.42.4-7~deb10u1_mipsel.deb
Debian	10	armhf	libpango1.0-0	< 1.42.4-7~deb10u1	libpango1.0-0_1.42.4-7~deb10u1_armhf.deb
Debian	10	armel	libpangoxft-1.0-0-dbgsym	< 1.42.4-7~deb10u1	libpangoxft-1.0-0-dbgsym_1.42.4-7~deb10u1_armel.deb
Debian	10	amd64	pango1.0-tests-dbgsym	< 1.42.4-7~deb10u1	pango1.0-tests-dbgsym_1.42.4-7~deb10u1_amd64.deb
Debian	10	amd64	libpangoxft-1.0-0-dbgsym	< 1.42.4-7~deb10u1	libpangoxft-1.0-0-dbgsym_1.42.4-7~deb10u1_amd64.deb