Test Kennung:	1.3.6.1.4.1.25623.1.0.63949
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2009:0476
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2009:0476. Pango is a library used for the layout and rendering of internationalized text. Will Drewry discovered an integer overflow flaw in Pango's pango_glyph_string_set_size() function. If an attacker is able to pass an arbitrarily long string to Pango, it may be possible to execute arbitrary code with the permissions of the application calling Pango. (CVE-2009-1194) pango and evolution28-pango users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect. Note: Restarting the X server closes all open applications and logs you out of your session. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2009-0476.html http://www.redhat.com/security/updates/classification/#important CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1194 BugTraq ID: 34870 http://www.securityfocus.com/bid/34870 BugTraq ID: 35758 http://www.securityfocus.com/bid/35758 Bugtraq: 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations (Google Search) http://www.securityfocus.com/archive/1/503349/100/0/threaded Debian Security Information: DSA-1798 (Google Search) http://www.debian.org/security/2009/dsa-1798 http://www.ocert.org/advisories/ocert-2009-001.html http://www.openwall.com/lists/oss-security/2009/05/07/1 http://osvdb.org/54279 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137 http://www.redhat.com/support/errata/RHSA-2009-0476.html http://www.securitytracker.com/id?1022196 http://secunia.com/advisories/35018 http://secunia.com/advisories/35021 http://secunia.com/advisories/35027 http://secunia.com/advisories/35038 http://secunia.com/advisories/35685 http://secunia.com/advisories/35914 http://secunia.com/advisories/36005 http://secunia.com/advisories/36145 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 SuSE Security Announcement: SUSE-SA:2009:039 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html SuSE Security Announcement: SUSE-SA:2009:042 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html SuSE Security Announcement: SUSE-SR:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://www.ubuntu.com/usn/USN-773-1 http://www.vupen.com/english/advisories/2009/1269 http://www.vupen.com/english/advisories/2009/1972 XForce ISS Database: pango-pangoglyphstringsetsize-bo(50397) https://exchange.xforce.ibmcloud.com/vulnerabilities/50397
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.