pango-1.42.4-4.el7

エラータID: AXSA:2020-060:01

Release date: 
Tuesday, May 12, 2020 - 08:21
Subject: 
pango-1.42.4-4.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Pango is a library for laying out and rendering of text, with an emphasis
on internationalization. Pango can be used anywhere that text layout is needed,
though most of the work on Pango so far has been done in the context of the
GTK+ widget toolkit. Pango forms the core of text and font handling for GTK+.
Pango is designed to be modular; the core Pango layout engine can be used
with different font backends.
The integration of Pango with Cairo provides a complete solution with high
quality text handling and graphics rendering.

Security Fix(es):

* pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow
(CVE-2019-1010238)

CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The
heap based buffer overflow can be used to get code execution. The component is:
function name: pango_log2vis_get_embedding_levels, assignment of nchars and the
loop condition. The attack vector is: Bug can be used when application pass
invalid utf-8 strings to functions like pango_itemize.

Solution: 

Update packages.

CVEs: 
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
Additional Info: 

N/A

Download: 

SRPMS
  1. pango-1.42.4-4.el7.src.rpm
    MD5: cbad3efbba5d230b8b59ab5f871f59e7
    SHA-256: eb8035318c70285452592acb1d1a4e9ee53063951ed44d8401415473329d35f8
    Size: 852.36 kB

Asianux Server 7 for x86_64
  1. pango-1.42.4-4.el7.x86_64.rpm
    MD5: 053badbb54a9f1edb6c96e50742b5741
    SHA-256: 492267a396a5804724611f7a363f7144d8545b38e4f691d070c98d76fb729334
    Size: 279.43 kB
  2. pango-devel-1.42.4-4.el7.x86_64.rpm
    MD5: 793ecb7d7e11c147a8ace1b7a142bbd4
    SHA-256: bf826e691f0914e847836bbe2565594257b055bab0a3f710816c62442acebea2
    Size: 318.95 kB
  3. pango-1.42.4-4.el7.i686.rpm
    MD5: 096d3590b0a069fdeeff6a936590c30d
    SHA-256: fb7e4f94f4ebdd65ee7f88bb6e3795e70ca9324687c4f4cc24aa666ddc2dacb5
    Size: 280.41 kB
  4. pango-devel-1.42.4-4.el7.i686.rpm
    MD5: 1d428de9742e84d4099ed71101d4e938
    SHA-256: 309192f4c27918d39da19793850f7956b3d5a4ea96a8bb12a9d1d309e658d8a6
    Size: 318.95 kB