Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (c) 2010 Greenbone Networks GmbHOPENVAS:831092
HistoryJun 25, 2010 - 12:00 a.m.

Mandriva Update for pango MDVSA-2010:121 (pango)

2010-06-2500:00:00
Copyright (c) 2010 Greenbone Networks GmbH
plugins.openvas.org
12

EPSS

0.003

Percentile

65.1%

JSON

Check for the Version of pango

###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for pango MDVSA-2010:121 (pango)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "A vulnerability has been discovered and corrected in pango:

  Array index error in the hb_ot_layout_build_glyph_classes function
  in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows
  context-dependent attackers to cause a denial of service (application
  crash) via a crafted font file, related to building a synthetic
  Glyph Definition (aka GDEF) table by using this font's charmap and
  the Unicode property database (CVE-2010-0421).
  
  Packages for 2008.0 and 2009.0 are provided as of the Extended
  Maintenance Program. Please visit this link to learn more:
  http://store.mandriva.com/product_info.php?cPath=149&products_id=490
  
  The updated packages have been patched to correct this issue.";
tag_solution = "Please Install the Updated Packages.";

tag_affected = "pango on Mandriva Linux 2008.0,
  Mandriva Linux 2008.0/X86_64,
  Mandriva Linux 2009.0,
  Mandriva Linux 2009.0/X86_64,
  Mandriva Linux 2009.1,
  Mandriva Linux 2009.1/X86_64,
  Mandriva Linux 2010.0,
  Mandriva Linux 2010.0/X86_64,
  Mandriva Enterprise Server 5,
  Mandriva Enterprise Server 5/X86_64";


if(description)
{
  script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2010-06/msg00024.php");
  script_id(831092);
  script_version("$Revision: 8226 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $");
  script_tag(name:"creation_date", value:"2010-06-25 12:25:26 +0200 (Fri, 25 Jun 2010)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_xref(name: "MDVSA", value: "2010:121");
  script_cve_id("CVE-2010-0421");
  script_name("Mandriva Update for pango MDVSA-2010:121 (pango)");

  script_tag(name: "summary" , value: "Check for the Version of pango");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
  script_family("Mandrake Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "MNDK_2008.0")
{

  if ((res = isrpmvuln(pkg:"libpango1.0_0", rpm:"libpango1.0_0~1.18.2~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libpango1.0_0-modules", rpm:"libpango1.0_0-modules~1.18.2~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libpango1.0-devel", rpm:"libpango1.0-devel~1.18.2~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"pango", rpm:"pango~1.18.2~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"pango-doc", rpm:"pango-doc~1.18.2~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0_0", rpm:"lib64pango1.0_0~1.18.2~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0_0-modules", rpm:"lib64pango1.0_0-modules~1.18.2~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0-devel", rpm:"lib64pango1.0-devel~1.18.2~1.2mdv2008.0", rls:"MNDK_2008.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "MNDK_mes5")
{

  if ((res = isrpmvuln(pkg:"libpango1.0_0", rpm:"libpango1.0_0~1.22.0~1.2mdvmes5.1", rls:"MNDK_mes5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libpango1.0_0-modules", rpm:"libpango1.0_0-modules~1.22.0~1.2mdvmes5.1", rls:"MNDK_mes5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libpango1.0-devel", rpm:"libpango1.0-devel~1.22.0~1.2mdvmes5.1", rls:"MNDK_mes5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"pango", rpm:"pango~1.22.0~1.2mdvmes5.1", rls:"MNDK_mes5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"pango-doc", rpm:"pango-doc~1.22.0~1.2mdvmes5.1", rls:"MNDK_mes5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0_0", rpm:"lib64pango1.0_0~1.22.0~1.2mdvmes5.1", rls:"MNDK_mes5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0_0-modules", rpm:"lib64pango1.0_0-modules~1.22.0~1.2mdvmes5.1", rls:"MNDK_mes5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0-devel", rpm:"lib64pango1.0-devel~1.22.0~1.2mdvmes5.1", rls:"MNDK_mes5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "MNDK_2010.0")
{

  if ((res = isrpmvuln(pkg:"libpango1.0_0", rpm:"libpango1.0_0~1.26.1~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libpango1.0_0-modules", rpm:"libpango1.0_0-modules~1.26.1~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libpango1.0-devel", rpm:"libpango1.0-devel~1.26.1~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"pango", rpm:"pango~1.26.1~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"pango-doc", rpm:"pango-doc~1.26.1~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0_0", rpm:"lib64pango1.0_0~1.26.1~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0_0-modules", rpm:"lib64pango1.0_0-modules~1.26.1~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0-devel", rpm:"lib64pango1.0-devel~1.26.1~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "MNDK_2009.1")
{

  if ((res = isrpmvuln(pkg:"libpango1.0_0", rpm:"libpango1.0_0~1.24.1~1.1mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libpango1.0_0-modules", rpm:"libpango1.0_0-modules~1.24.1~1.1mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libpango1.0-devel", rpm:"libpango1.0-devel~1.24.1~1.1mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"pango", rpm:"pango~1.24.1~1.1mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"pango-doc", rpm:"pango-doc~1.24.1~1.1mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0_0", rpm:"lib64pango1.0_0~1.24.1~1.1mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0_0-modules", rpm:"lib64pango1.0_0-modules~1.24.1~1.1mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0-devel", rpm:"lib64pango1.0-devel~1.24.1~1.1mdv2009.1", rls:"MNDK_2009.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "MNDK_2009.0")
{

  if ((res = isrpmvuln(pkg:"libpango1.0_0", rpm:"libpango1.0_0~1.22.0~1.2mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libpango1.0_0-modules", rpm:"libpango1.0_0-modules~1.22.0~1.2mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libpango1.0-devel", rpm:"libpango1.0-devel~1.22.0~1.2mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"pango", rpm:"pango~1.22.0~1.2mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"pango-doc", rpm:"pango-doc~1.22.0~1.2mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0_0", rpm:"lib64pango1.0_0~1.22.0~1.2mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0_0-modules", rpm:"lib64pango1.0_0-modules~1.22.0~1.2mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64pango1.0-devel", rpm:"lib64pango1.0-devel~1.22.0~1.2mdv2009.0", rls:"MNDK_2009.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Related

nessus 10
openvas 13
veracode 1
cve 1
cvelist 1
debiancve 1
prion 1
debian 2
ubuntucve 1
oraclelinux 1
osv 1
centos 1
securityvulns 2
redhat 1
nvd 1
ubuntu 1
nessus
nessus
SuSE 10 Security Update : pango (ZYPP Patch Number 6895)
2010-10-11 00:00:00
Mandriva Linux Security Advisory : pango (MDVSA-2010:121)
2010-06-23 00:00:00
RHEL 3 / 4 / 5 : pango (RHSA-2010:0140)
2010-05-11 00:00:00
openvas
openvas
Mandriva Update for pango MDVSA-2010:121 (pango)
2010-06-25 00:00:00
CentOS Update for pango CESA-2010:0140 centos3 i386
2010-03-22 00:00:00
CentOS Update for pango CESA-2010:0140 centos5 i386
2011-08-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:40:49
cve
cve
CVE-2010-0421
2010-03-18 17:30:00
cvelist
cvelist
CVE-2010-0421
2010-03-18 17:12:00
debiancve
debiancve
CVE-2010-0421
2010-03-18 17:30:00
prion
prion
Design/Logic Flaw
2010-03-18 17:30:00
debian
debian
[SECURITY] [DSA-2019-1] New pango1.0 packages fix denial of service
2010-03-20 09:41:28
[SECURITY] [DSA-2019-1] New pango1.0 packages fix denial of service
2010-03-20 09:41:28
ubuntucve
ubuntucve
CVE-2010-0421
2010-03-18 00:00:00
oraclelinux
oraclelinux
pango security update
2010-03-15 00:00:00
osv
osv
pango1.0 - denial of service
2010-03-20 00:00:00
centos
centos
evolution28, pango security update
2010-03-16 13:01:20
securityvulns
securityvulns
Pango library array index overflow
2010-03-23 00:00:00
[SECURITY] [DSA-2019-1] New pango1.0 packages fix denial of service
2010-03-23 00:00:00
redhat
redhat
(RHSA-2010:0140) Moderate: pango security update
2010-03-15 00:00:00
nvd
nvd
CVE-2010-0421
2010-03-18 17:30:00
ubuntu
ubuntu
Pango vulnerabilities
2011-03-02 00:00:00

EPSS

0.003

Percentile

65.1%

JSON
Related for OPENVAS:831092
nessus10openvas13veracode1cve1cvelist1debiancve1prion1debian2ubuntucve1oraclelinux1osv1centos1securityvulns2redhat1nvd1ubuntu1