Lucene search
RedHatRHSA-2009:0476HistoryMay 08, 2009 - 12:00 a.m.
(RHSA-2009:0476) Important: pango security update
2009-05-0800:00:00
access.redhat.com
11
0.004 Low
EPSS
Percentile
72.6%
Pango is a library used for the layout and rendering of internationalized
text.
Will Drewry discovered an integer overflow flaw in Pango’s
pango_glyph_string_set_size() function. If an attacker is able to pass an
arbitrarily long string to Pango, it may be possible to execute arbitrary
code with the permissions of the application calling Pango. (CVE-2009-1194)
pango and evolution28-pango users are advised to upgrade to these updated
packages, which contain a backported patch to resolve this issue. After
installing this update, you must restart your system or restart the X
server for the update to take effect. Note: Restarting the X server closes
all open applications and logs you out of your session.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 4 | ia64 | evolution28-pango-devel | < 1.14.9-11.el4_7 | evolution28-pango-devel-1.14.9-11.el4_7.ia64.rpm |
| RedHat | any | ia64 | pango-devel | < 1.6.0-14.4_7 | pango-devel-1.6.0-14.4_7.ia64.rpm |
| RedHat | 4 | x86_64 | evolution28-pango | < 1.14.9-11.el4_7 | evolution28-pango-1.14.9-11.el4_7.x86_64.rpm |
| RedHat | 4 | src | evolution28-pango | < 1.14.9-11.el4_7 | evolution28-pango-1.14.9-11.el4_7.src.rpm |
| RedHat | 5 | s390x | pango-devel | < 1.14.9-5.el5_3 | pango-devel-1.14.9-5.el5_3.s390x.rpm |
| RedHat | 4 | s390x | evolution28-pango-devel | < 1.14.9-11.el4_7 | evolution28-pango-devel-1.14.9-11.el4_7.s390x.rpm |
| RedHat | 4 | ppc | evolution28-pango | < 1.14.9-11.el4_7 | evolution28-pango-1.14.9-11.el4_7.ppc.rpm |
| RedHat | 5 | s390 | pango | < 1.14.9-5.el5_3 | pango-1.14.9-5.el5_3.s390.rpm |
| RedHat | any | s390 | pango-devel | < 1.6.0-14.4_7 | pango-devel-1.6.0-14.4_7.s390.rpm |
| RedHat | any | i386 | pango | < 1.6.0-14.4_7 | pango-1.6.0-14.4_7.i386.rpm |
Related
nessus
nessus
RHEL 3 / 4 / 5 : pango (RHSA-2009:0476)
2009-05-11 00:00:00
openSUSE Security Update : pango (pango-1829)
2010-02-15 00:00:00
SuSE 10 Security Update : firefox3-pango (ZYPP Patch Number 7097)
2010-10-21 00:00:00
openvas
openvas
FreeBSD Ports: pango, linux-pango, linux-f8-pango
2009-05-20 00:00:00
Mandriva Security Advisory MDVSA-2009:158-1 (pango)
2009-11-17 00:00:00
CentOS Security Advisory CESA-2009:0476 (pango)
2009-05-11 00:00:00
ubuntu
ubuntu
Pango vulnerability
2009-05-07 00:00:00
oraclelinux
oraclelinux
pango security update
2009-05-08 00:00:00
centos
centos
evolution28, pango security update
2009-05-08 21:06:55
ubuntucve
ubuntucve
CVE-2009-1194
2009-05-11 00:00:00
debiancve
debiancve
CVE-2009-1194
2009-05-11 15:30:00
prion
prion
Integer overflow
2009-05-11 15:30:00
Integer overflow
2009-07-22 18:30:00
securityvulns
securityvulns
[oCERT-2009-001] Pango integer overflow in heap allocation size calculations
2009-05-07 00:00:00
Pango library integer overflow
2009-05-07 00:00:00
Mozilla Foundation Security Advisory 2009-36
2009-07-22 00:00:00
cve
cve
CVE-2009-1194
2009-05-11 15:30:00
CVE-2009-2468
2009-07-22 18:30:00
freebsd
freebsd
pango -- integer overflow
2009-02-22 00:00:00
nvd
nvd
CVE-2009-1194
2009-05-11 15:30:00
CVE-2009-2468
2009-07-22 18:30:00
debian
debian
[SECURITY] [DSA 1798-1] New pango1.0 packages fix arbitrary code execution
2009-05-10 09:29:15
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:34:28
cvelist
cvelist
CVE-2009-1194
2009-05-11 15:19:00
CVE-2009-2468
2009-07-22 18:00:00
mozilla
mozilla
Heap/integer overflows in font glyph rendering libraries — Mozilla
2009-07-21 00:00:00
gentoo
gentoo
Pango: Multiple vulnerabilities
2014-05-17 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-07-27 13:06:57
remote code execution in MozillaFirefox
2009-08-06 11:30:16
seebug
seebug
Mozilla Firefox MFSA存在多个安全漏洞
2009-07-24 00:00:00