Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1082-1
Solution
Please Install the Updated Packages.
Insight
Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph Definition (GDEF) tables. If a user were tricked into displaying text with a specially-crafted font, an attacker could cause Pango to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10.
(CVE-2010-0421)
Dan Rosenberg discovered that Pango incorrectly handled certain FT_Bitmap objects. If a user were tricked into displaying text with a specially- crafted font, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2011-0020)
It was discovered that Pango incorrectly handled certain memory reallocation failures. If a user were tricked into displaying text in a way that would cause a reallocation failure, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10.
(CVE-2011-0064)
Affected
pango1.0 vulnerabilities on Ubuntu 8.04 LTS ,
Ubuntu 9.10 ,
Ubuntu 10.04 LTS ,
Ubuntu 10.10
Severity
Classification
-
CVE CVE-2010-0421, CVE-2011-0020, CVE-2011-0064 -
CVSS Base Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C
Related Vulnerabilities