Novell Home

CVE-2010-0421

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2010-0421 at MITRE

Description

Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 581764, 597947

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server for SAP 10 SP2
  • pango >= 1.10.2-23.8.3
  • pango-32bit >= 1.10.2-23.8.3
  • pango-devel >= 1.10.2-23.8.3
  • pango-doc >= 1.10.2-23.8.3
sled10-sp2.x86
sles10-sp2.ppc
sles10-sp2.ia64
sles10-sp2.x86-64
sles10-sp2.x86
sle10-sp2-sdk.ppc
sles10-sp2.s390x
sled10-sp2.x86-64
ZYPP Patch Nr: 6894
SUSE Linux Enterprise SDK 10 SP2
  • pango-devel-64bit >= 1.10.2-23.8.3
sled10-sp2.x86
sles10-sp2.ppc
sles10-sp2.ia64
sles10-sp2.x86-64
sles10-sp2.x86
sle10-sp2-sdk.ppc
sles10-sp2.s390x
sled10-sp2.x86-64
ZYPP Patch Nr: 6894
Open Enterprise Server
  • pango >= 1.2.5-174.9
  • pango-devel >= 1.2.5-174.9
  • pango-doc >= 1.2.5-174.9
sles9-nlpos.x86
core9.ia64
core9.x86
core9.ppc
core9.s390
core9.x86-64
core9.s390x
sles9-oes.x86
YOU Patch Nr: 12614
SUSE CORE 9 for AMD64 and Intel EM64T
  • pango >= 1.2.5-174.9
  • pango-devel >= 1.2.5-174.9
  • pango-doc >= 1.2.5-174.9
Builds
YOU Patch Nr: 12732
SUSE Linux Enterprise Desktop 10 SP3 for x86
SUSE Linux Enterprise Server 10 SP3
  • pango >= 1.10.2-23.9.1
  • pango-devel >= 1.10.2-23.9.1
  • pango-doc >= 1.10.2-23.9.1
sles10-sp3.x86
sles10-sp3.x86-64
sles10-sp3.ia64
sles10-sp3.s390x
sled10-sp3.x86-64
sles10-sp3.ppc
sled10-sp3.x86
sle10-sp3-sdk.ppc
ZYPP Patch Nr: 6895
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
SUSE Linux Enterprise SDK 10 SP3
SUSE Linux Enterprise Server 10 SP3
SUSE Linux Enterprise Server for SAP 10 SP3
  • pango >= 1.10.2-23.9.1
  • pango-32bit >= 1.10.2-23.9.1
  • pango-devel >= 1.10.2-23.9.1
  • pango-doc >= 1.10.2-23.9.1
sles10-sp3.x86
sles10-sp3.x86-64
sles10-sp3.ia64
sles10-sp3.s390x
sled10-sp3.x86-64
sles10-sp3.ppc
sled10-sp3.x86
sle10-sp3-sdk.ppc
ZYPP Patch Nr: 6895
SUSE Linux Enterprise SDK 10 SP3
  • pango-devel-64bit >= 1.10.2-23.9.1
sles10-sp3.x86
sles10-sp3.x86-64
sles10-sp3.ia64
sles10-sp3.s390x
sled10-sp3.x86-64
sles10-sp3.ppc
sled10-sp3.x86
sle10-sp3-sdk.ppc
ZYPP Patch Nr: 6895
SUSE Linux Enterprise Server 10 SP3
  • pango >= 1.10.2-23.9.1
  • pango-devel >= 1.10.2-23.9.1
  • pango-doc >= 1.10.2-23.9.1
  • pango-x86 >= 1.10.2-23.9.1
sles10-sp3.x86
sles10-sp3.x86-64
sles10-sp3.ia64
sles10-sp3.s390x
sled10-sp3.x86-64
sles10-sp3.ppc
sled10-sp3.x86
sle10-sp3-sdk.ppc
ZYPP Patch Nr: 6895
SUSE Linux Enterprise Server 10 SP3
  • pango >= 1.10.2-23.9.1
  • pango-64bit >= 1.10.2-23.9.1
  • pango-devel >= 1.10.2-23.9.1
  • pango-devel-64bit >= 1.10.2-23.9.1
  • pango-doc >= 1.10.2-23.9.1
sles10-sp3.x86
sles10-sp3.x86-64
sles10-sp3.ia64
sles10-sp3.s390x
sled10-sp3.x86-64
sles10-sp3.ppc
sled10-sp3.x86
sle10-sp3-sdk.ppc
ZYPP Patch Nr: 6895

© 2014 Novell