Debian Security Advisory DSA 2178-1 (pango1.0) Network Vulnerability

Summary

The remote host is missing an update to pango1.0 announced via advisory DSA 2178-1.

Solution

The oldstable distribution (lenny) is not affected by this problem. For the stable distribution (squeeze), this problem has been fixed in version 1.28.3-1+squeeze2. For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your pango1.0 packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202178-1

Insight

It was discovered that pango did not check for memory allocation failures, causing a NULL pointer dereference with an adjustable offset. This can lead to application crashes and potentially arbitrary code execution.

Severity

Classification

CVE CVE-2011-0064

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1061-1 (popfile)
Debian Security Advisory DSA 1141-1 (gnupg2)
Debian Security Advisory DSA 1111-1 (kernel-source-2.6.8 et. al.)
Debian Security Advisory DSA 050-1 (sendfile)
Debian Security Advisory DSA 055-1 (gftp)

Take action and discover your vulnerabilities