MiracleLinux 3 : pango-1.14.9-8.AXS3.2 (AXSA:2011-15:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-15:01 advisory. Pango is a system for layout and rendering of internationalized text. Security issues fixed with this release: CVE-2011-0020 Heap-based buffer overflow in the...

Oracle: Security Advisory (ELSA-2011-0180)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201405-13

Gentoo Linux Local Security Checks GLSA 201405-13 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

openSUSE Security Update : libpango-1_0-0 (openSUSE-SU-2011:0221-1)

Specially crafted font files could cause a heap corruption in applications linked against pango CVE-2011-0064, CVE-2011-0020. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libpango-10-0-4076...

Oracle Linux 5 / 6 : pango (ELSA-2011-0180)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0180 advisory. - Prevent heap corruption with malformed fonts. CVE-2011-0020 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Scientific Linux Security Update : pango on SL4.x, SL5.x i386/x86_64

An input sanitization flaw, leading to a heap-based buffer overflow, was found in the way Pango displayed font files when using the FreeType font engine back end. If a user loaded a malformed font file with an application that uses Pango, it could cause the application to crash or, possibly,...

CentOS Update for evolution28-pango CESA-2011:0180 centos4 x86_64

Check for the Version of evolution28-pango OpenVAS Vulnerability Test CentOS Update for evolution28-pango CESA-2011:0180 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute ...

CentOS Update for evolution28-pango CESA-2011:0180 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

SuSE 10 Security Update : firefox3-pango (ZYPP Patch Number 7459)

The following bug has been fixed : - Specially crafted font files could cause a heap corruption in applications linked against pango. CVE-2011-0020 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

SuSE 10 Security Update : firefox3-pango (ZYPP Patch Number 7460)

The following bug has been fixed : - Specially crafted font files could cause a heap corruption in applications linked against pango. CVE-2011-0020 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

openSUSE Security Update : libpango-1_0-0 (openSUSE-SU-2011:0221-1)

Specially crafted font files could cause a heap corruption in applications linked against pango CVE-2011-0064, CVE-2011-0020. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libpango-10-0-4076...

SuSE 11.1 Security Update : pango (SAT Patch Number 4065)

Specially crafted font files could cause a heap corruption in applications linked against pango. CVE-2011-0064 / CVE-2011-0020 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itsel...

Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : pango1.0 vulnerabilities (USN-1082-1)

Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph Definition GDEF tables. If a user were tricked into displaying text with a specially crafted font, an attacker could cause Pango to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10...

CentOS Update for evolution28-pango CESA-2011:0180 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS 4 : pango (CESA-2011:0180)

Updated pango and evolution28-pango packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

RedHat Update for pango RHSA-2011:0180-01

Check for the Version of pango OpenVAS Vulnerability Test RedHat Update for pango RHSA-2011:0180-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

pango security update

1.28.1-3.el60.3 - Fix a division by zero found in testing 1.28.1-3.el60.2 - Use -fno-strict-aliasing for C++, too - Escape macros in %changelog 1.28.1-3.el60.1 - Prevent heap corruption with malformed fonts. CVE-2011-0020 - Resolves: 671529...

CVE-2011-0020

Heap-based buffer overflow in the pangoft2fontrenderboxglyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service application crash or possibly execute arbitrary code...

CVE-2011-0020

CVE-2011-0020: Heap-based buffer overflow in Pango’s FreeType2 path (pango_ft2_font_render_box_glyph in libpango, older than or equal to 1.28.3) can crash the target application or allow arbitrary code execution via a crafted font. Affected products include libpango packages built with the FreeTy...