pango-1.42.4-4.el7
エラータID: AXSA:2020-060:01
リリース日:
2020/05/12 Tuesday - 08:21
題名:
pango-1.42.4-4.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- pango の pango_log2vis_get_embedding_levels() には、
ヒープベースのバッファオーバーフローが存在するため、
pango_itemize() などの関数に不正な utf-8 文字列を渡すことを介して、
任意のコード実行を可能とする脆弱性が存在します。(CVE-2019-1010238)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
追加情報:
N/A
ダウンロード:
SRPMS
- pango-1.42.4-4.el7.src.rpm
MD5: cbad3efbba5d230b8b59ab5f871f59e7
SHA-256: eb8035318c70285452592acb1d1a4e9ee53063951ed44d8401415473329d35f8
Size: 852.36 kB
Asianux Server 7 for x86_64
- pango-1.42.4-4.el7.x86_64.rpm
MD5: 053badbb54a9f1edb6c96e50742b5741
SHA-256: 492267a396a5804724611f7a363f7144d8545b38e4f691d070c98d76fb729334
Size: 279.43 kB - pango-devel-1.42.4-4.el7.x86_64.rpm
MD5: 793ecb7d7e11c147a8ace1b7a142bbd4
SHA-256: bf826e691f0914e847836bbe2565594257b055bab0a3f710816c62442acebea2
Size: 318.95 kB - pango-1.42.4-4.el7.i686.rpm
MD5: 096d3590b0a069fdeeff6a936590c30d
SHA-256: fb7e4f94f4ebdd65ee7f88bb6e3795e70ca9324687c4f4cc24aa666ddc2dacb5
Size: 280.41 kB - pango-devel-1.42.4-4.el7.i686.rpm
MD5: 1d428de9742e84d4099ed71101d4e938
SHA-256: 309192f4c27918d39da19793850f7956b3d5a4ea96a8bb12a9d1d309e658d8a6
Size: 318.95 kB